- Adds lnd to netns-isolation.services
- Specifies listen option (defaults to localhost) as target of
hiddenService.
- Amends hardcoded lnd ip to lnd-cert
WARNING: Breaking changes for lnd cert. lnd-key and lnd-cert will have
to be deleted and redeployed.
currently, nodeinfo has presets/secure-node.nix as a strict
dependency as it requires onion-chef and the 'operatorName' option.
and nix-bitcoin-webindex.nix has nodeinfo as a dependecy.
so don't add nodeinfo and webindex to modules.nix because they will fail on standalone use.
Download shesek's github spark-npm.tgz, verify signature, unpack
spark-npm.tgz, patch package.json to include qrcode-terminal in
dependencies, run node2nix with tmpdir as local source, replace tmpdir
spark-wallet source with shesek's github spark-npm.tgz in
node-packages.nix.
spark-wallet: erikarvstedt fixups
move script to pkg dir, add hint to script in pkg def
remove unneeded script deps
add extended bash error checking
rename DIR -> TMPDIR
remove TMPDIR on exit
strip whitespace, simplify comments
gpg2 -> gpg
latesttagelectrs -> latest
tmpdir: don't use XDG_RUNTIME_DIR
XDG_RUNTIME_DIR is often in RAM and shouldn't be used for larger
workloads like repo downlaods
verify fingerprint of the imported key
remove trailing '-' in output
simplify output
Hide --fetch-key output
Output is not relevant to user, looks better without it
More accurately describe ./get-sha256 function
User might think that ./get-sha256 automatically updates sha256 in default.nix
Fetch key from sks keyservers instead of keybase.io
Using --recv-key simplifies getting the right key, and only the
right key, greatly. I try to refrain from using sks keyservers,
but the certificate spamming attack shouldn't be an issue in this
case because we create a temporary keychain just for the
verificaiton.
remove unneeded cargoDepsHook
Make clang nativeBuildInput instead of buildInput
e95f5981aa Remove KN countrycode (nixbitcoin)
742aef1e0f Only set dataDirReadableByGroup if cfg.high-memory is enabled (nixbitcoin)
Pull request description:
ACKs for top commit:
jonasnick:
ACK e95f5981aa
Tree-SHA512: e8253b934211e6fc6be11917f8acb05a05e390caafdf86f90670f9299d9c0d98596758ff021c65aae199c9a5a3f86f87854e1b8f50a53bab8ad28d9a7003d98e
It appears the pinned attrset is a bit adhoc. This generalizes
pinned.nix so that you can do:
$ nix build -f . pinned.stable.hwi
$ nix build -f . pinned.unstable.hwi
etc
Signed-off-by: William Casarin <jb55@jb55.com>
Disabling upnp via compilation brings no substantial security benefits.
There's no way to inadvertently enable upnp, it must be set explicitly
via bitcoind.extraConfig.
But it's a huge hassle for new users who have to recompile bitcoind
before being able to use nix-bitcoin.
Also, elementsd is currently built with upnp support by default.
Use buildRustPackage instead of buildRustCrate (via crate2nix).
buildRustPackage builds the whole executable and its libraries in a
single `cargo build` process.
With the create2nix approach each library is built in a separate derivation,
directly using rustc instead of the cargo wrapper.
Benefits of buildRustPackage:
- Much simpler to maintain
- Package derivation evaluates much faster
Benefits of crate2nix:
- Build can be distributed over multiple build hosts
- Better sharing of common dependencies between different builds
- More fine-grained rebuilding on build failures
In nixpkgs buildRustPackage is used for almost all Rust pkgs, it's
also a better fit for our use case.
Each secret file to be deployed is now backed by one local file.
This simplifies 'setup-secrets' and the secret definitions.
Also, with the old format it was not possible to add new secrets
to secrets.nix in a simple way.
Old secrets are automatically converted to the new format when running
nix-shell.
Using the new option 'nix-bitcoin.secrets', secrets are now directly
defined by the services that use them.
An executable is more robust to use than shell aliases.
This is also a preparation for commit 'add module test' because the
NixOS testing framework makes interactive aliases hard to use: It
unsets 'PS1' which is used by programs/bash/bash.nix to detect
interactive shells.
We're now directly using Greg's unmodified banlist which
simplifies the update process.
The banlist package with its dependency on the bitcoin datadir path is only
relevant for internal use within nix-bitcoin, so we can safely remove
it.
We're now using the bitcoin-cli from `services.bitcoind.package`.
Fixes#129
Without this, starting the virtualbox guest service fails during machine activation.
This is due to an incompatible NixOS machine base image.
Fix this by using an updated version of nixops.