Commit Graph

490 Commits

Author SHA1 Message Date
Erik Arvstedt
4e5c1d7551
disable redundant logfile 2020-04-12 22:32:37 +02:00
Erik Arvstedt
a05551fd1c
improve config file formatting 2020-04-12 22:32:37 +02:00
Erik Arvstedt
5e81d60d63
improve formatting 2020-04-12 22:32:37 +02:00
Erik Arvstedt
d60a5aa4db
define rpc.users submodule inline
Improves readability.
2020-04-12 22:32:37 +02:00
Erik Arvstedt
1a2271fb14
remove unused variable 'hexStr' 2020-04-12 22:32:36 +02:00
Erik Arvstedt
4e92b1c818
remove redundant hardening options
These are already defined in nix-bitcoin-services.defaultHardening.
2020-04-12 22:32:36 +02:00
Erik Arvstedt
47fd6cd0f3
simplify ExecStart 2020-04-12 22:32:36 +02:00
Erik Arvstedt
64fc63cc40
remove pidFile
- service type "simple" is the default
- pidFile is not needed for service type "simple"
2020-04-12 22:32:36 +02:00
Jonas Nick
1131c795dc
Merge #152: Rename nix-bitcoin.nix to presets/secure-node.nix
bceaa361ca operator: allow reading systemd journal (Erik Arvstedt)
145961c2de fix operator authorized keys setup (Erik Arvstedt)
37b2faf63c move systemPackages definitions to services (Erik Arvstedt)
6c22e13b7f copy-root-authorized-keys: use inline script definition (Erik Arvstedt)
63c6fe3213 fixup! use '' for multi-line string (Erik Arvstedt)
ab617946a9 extract variable 'cfg' (Erik Arvstedt)
36c84d8360 add option clightning.onionport (Erik Arvstedt)
681dbaf328 move electrs.onionport option (Erik Arvstedt)
74fbfa3a5d use lib.optionals (Erik Arvstedt)
ec6d33fbb6 rearrange code sections (Erik Arvstedt)
e16ddc9c77 extract 'mkHiddenService' (Erik Arvstedt)
89d3d58850 use mkIf (Erik Arvstedt)
85e52a06cb improve grouping of suboptions (Erik Arvstedt)
1a63f0ca6a remove option 'services.nix-bitcoin.enable' (Erik Arvstedt)
0f8b2e91fd add nix-bitcoin.nix for backwards compatibility (Erik Arvstedt)
28792f79dc rename nix-bitcoin.nix -> presets/secure-node.nix (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK bceaa361ca

Tree-SHA512: d9c691d862c73f47399c97a50d9fa70ca934f82e8d9664bedacd5cc013fea040ec0431981aba78ade7f607d30809a5bab68effd627904e2cfa990e9d2612bf11
2020-04-12 14:49:04 +00:00
Erik Arvstedt
bceaa361ca
operator: allow reading systemd journal 2020-04-09 11:02:06 +02:00
Erik Arvstedt
145961c2de
fix operator authorized keys setup
This fixes these flaws in `copy-root-authorized-keys`:
- When `.vbox-nixops-client-key` is missing, operator's authorized_keys
  file is always appended to, growing the file indefinitely.
- Service is always added and not restricted to nixops-vbox deployments.
2020-04-09 11:02:06 +02:00
Jonas Nick
d7d7070e8c
Merge #155: nixops: build with pinned nixpkgs
041ec55794 nixops: build with pinned nixpkgs (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 041ec55794

Tree-SHA512: dfe01993b2f8d6f135069dc59dc03e5902f5a36a7f9f63f3299453314cb2cec5da3be9ef66f0186f03c132d0828d30b53d2760aaf91b77f3e2b95555304c4269
2020-04-08 18:48:06 +00:00
Erik Arvstedt
37b2faf63c
move systemPackages definitions to services
These are generally useful and shouldn't be limited to secure-node.nix.

Also, only add the hardware-wallets group when hardware wallets are enabled.
2020-04-08 17:35:14 +02:00
Erik Arvstedt
6c22e13b7f
copy-root-authorized-keys: use inline script definition 2020-04-08 17:35:14 +02:00
Erik Arvstedt
63c6fe3213
fixup! use '' for multi-line string 2020-04-08 17:35:14 +02:00
Erik Arvstedt
ab617946a9
extract variable 'cfg' 2020-04-08 17:35:13 +02:00
Erik Arvstedt
36c84d8360
add option clightning.onionport
Analogous to electrs.onionport
2020-04-08 17:35:13 +02:00
Erik Arvstedt
681dbaf328
move electrs.onionport option
Only used in secure-node.nix
2020-04-08 17:35:13 +02:00
Erik Arvstedt
74fbfa3a5d
use lib.optionals 2020-04-08 17:35:13 +02:00
Erik Arvstedt
ec6d33fbb6
rearrange code sections
Move services to the top, operator account setup to the bottom.
2020-04-08 17:35:13 +02:00
Erik Arvstedt
e16ddc9c77
extract 'mkHiddenService'
toPort equals port by default.
2020-04-08 17:35:13 +02:00
Erik Arvstedt
89d3d58850
use mkIf 2020-04-08 17:35:13 +02:00
Erik Arvstedt
85e52a06cb
improve grouping of suboptions 2020-04-08 17:35:12 +02:00
Erik Arvstedt
1a63f0ca6a
remove option 'services.nix-bitcoin.enable'
Users can enable the node config just by importing secure-node.nix
2020-04-08 17:35:12 +02:00
Erik Arvstedt
0f8b2e91fd
add nix-bitcoin.nix for backwards compatibility 2020-04-08 17:35:12 +02:00
Erik Arvstedt
28792f79dc
rename nix-bitcoin.nix -> presets/secure-node.nix 2020-04-08 17:35:12 +02:00
Erik Arvstedt
041ec55794
nixops: build with pinned nixpkgs 2020-04-08 17:29:50 +02:00
Jonas Nick
0c4ba43ee8
Merge #149: docs: update nix installation instructions
0ac7b1660b docs: update nix installation instructions (Jonas Nick)

Pull request description:

Top commit has no ACKs.

Tree-SHA512: 34c4ef923d3893d1fb1245f6140bca844e44c1733edd781e88e848542360993658c70ae24519c9a49f7ffb64765c5353da5056f59d9d25a2b8d13fd02f9fe97a
2020-04-08 15:11:45 +00:00
Jonas Nick
0ac7b1660b
docs: update nix installation instructions 2020-04-08 15:10:34 +00:00
Jonas Nick
9239268ab6
Merge #136: Change the nix-bitcoin deployment from forking this repo to importing the module
b2e15c17b8 docs: Update to new deployment method (import instead of fork) (Jonas Nick)
5ed0284db9 Add fetch-release script (Jonas Nick)
c303cd47e4 Add push-release.sh helper (Jonas Nick)
705d187a35 examples/shell.nix: don't run shellHook on subsequent nix-shells (Erik Arvstedt)
65039be656 docs: Remove duplicate instructions (Jonas Nick)
455c5664c9 docs: Replace tabs with spaces (Jonas Nick)
8aa4714979 docs: Update NixOS version (Jonas Nick)
9df22a2764 add deploy-qemu-vm.sh example (Erik Arvstedt)
548ced1994 README: Add Example section (Jonas Nick)
44ccbb91d0 Clean up development shell.nix (Jonas Nick)
abcee651d3 add deploy-container.sh (Erik Arvstedt)
5dadea310c add deploy-nixops.sh (Erik Arvstedt)
0c74c365de mention performance loss with hardened kernel profile (Erik Arvstedt)
f3121892ef move main module import to configuration.nix (Erik Arvstedt)
0c0978c007 extract module 'deployment/nixops.nix', add option 'deployment.secretsDir' (Erik Arvstedt)
87d0286498 Change the nix-bitcoin deployment from forking this repo to importing the module (Jonas Nick)

Pull request description:

Top commit has no ACKs.

Tree-SHA512: 18e8b71f42715c5e82e2dafde9dcc965594d76aacc6be7ee2ec746a9510065749cc65331687a57d7140f45779c3b7867f6260ec224d361fb5a477062a27d6e4c
2020-04-08 15:03:08 +00:00
Jonas Nick
b2e15c17b8
docs: Update to new deployment method (import instead of fork)
Now you clone nix-bitcoin and start out from the examples.
2020-04-08 07:01:39 +00:00
Jonas Nick
5ed0284db9
Add fetch-release script
This allows getting the hash of the latest (or some other) release
using github releases and gpg verification.
2020-04-08 07:01:35 +00:00
Jonas Nick
b9fbb144ca
Merge #151: readme: add travis badge
334e30a291 readme: add travis badge (William Casarin)

Pull request description:

ACKs for top commit:
  jonasnick:
    Neat, thanks. ACK 334e30a291

Tree-SHA512: 1cad880c4a147f9f2c68c377a872e48fc5ce01db8cfd3d3d78e23ee3e6336fdb69f0cff9f9e1fe9d4efb079675ead7a05a975ebf5d963403c78be3e6f9e5ed76
2020-04-06 20:03:12 +00:00
William Casarin
334e30a291 readme: add travis badge
Signed-off-by: William Casarin <jb55@jb55.com>
2020-04-04 15:00:11 -07:00
Jonas Nick
6ec8b1d2a3
Merge #148: Misc. fixes
e398674964 run-tests.sh: fix leaking tmp files outside TMPDIR (Erik Arvstedt)
b07c77f4a4 secrets.nix: remove obsolete comment (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK e398674964

Tree-SHA512: 08b61e40fc80d5d1af1d736dd5f27ff3785b07e481f179e525fec4d78d89795c6d572a3a4b9b5ad9afd47656530cbfb8cdc1da9204571eff41767cad7ae1276e
2020-03-30 20:33:12 +00:00
Jonas Nick
83e2437399
Merge #147: remove custom no-upnp bitcoind builds
3a606608fb remove custom no-upnp bitcoind builds (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 3a606608fb

Tree-SHA512: 4a3c1baadd6a8c6e31c0b7bf492548e4af4de753dc677d61f27f7bc35de53fd7013ae0c041a4b32ed015b9b91ece5664491356251e8792ab804724e9ca71bd81
2020-03-30 20:28:46 +00:00
Jonas Nick
c303cd47e4
Add push-release.sh helper
Prepares, signs and pushes a release to github.
2020-03-30 11:01:31 +02:00
Erik Arvstedt
705d187a35
examples/shell.nix: don't run shellHook on subsequent nix-shells
This avoids an extra delay and the unexpected creation of secrets when
run in another dir.

Needed for the 'fetch-release' script introduced in a later commit.
2020-03-30 11:00:31 +02:00
Jonas Nick
65039be656
docs: Remove duplicate instructions 2020-03-30 10:57:01 +02:00
Jonas Nick
455c5664c9
docs: Replace tabs with spaces 2020-03-30 10:57:01 +02:00
Jonas Nick
8aa4714979
docs: Update NixOS version 2020-03-30 10:57:00 +02:00
Erik Arvstedt
9df22a2764
add deploy-qemu-vm.sh example 2020-03-30 10:56:57 +02:00
Jonas Nick
548ced1994
README: Add Example section 2020-03-30 10:55:50 +02:00
Jonas Nick
44ccbb91d0
Clean up development shell.nix 2020-03-30 10:49:15 +02:00
Erik Arvstedt
abcee651d3
add deploy-container.sh 2020-03-30 10:49:15 +02:00
Erik Arvstedt
e398674964
run-tests.sh: fix leaking tmp files outside TMPDIR
- Move vm image (NIX_DISK_IMAGE) from $TMP to $TMPDIR
- Set $PWD

Also:
- Simplify mktemp command
- USE_TMPDIR=1: Don't create extra dir inside $TMPDIR
2020-03-29 18:51:35 +02:00
Erik Arvstedt
b07c77f4a4
secrets.nix: remove obsolete comment 2020-03-29 18:51:34 +02:00
Erik Arvstedt
3a606608fb
remove custom no-upnp bitcoind builds
Disabling upnp via compilation brings no substantial security benefits.
There's no way to inadvertently enable upnp, it must be set explicitly
via bitcoind.extraConfig.

But it's a huge hassle for new users who have to recompile bitcoind
before being able to use nix-bitcoin.

Also, elementsd is currently built with upnp support by default.
2020-03-26 10:14:03 +01:00
Erik Arvstedt
5dadea310c
add deploy-nixops.sh 2020-03-24 21:43:22 +00:00
Erik Arvstedt
0c74c365de
mention performance loss with hardened kernel profile 2020-03-24 21:43:22 +00:00