Commit Graph

222 Commits

Author SHA1 Message Date
Erik Arvstedt
4e5c1d7551
disable redundant logfile 2020-04-12 22:32:37 +02:00
Erik Arvstedt
a05551fd1c
improve config file formatting 2020-04-12 22:32:37 +02:00
Erik Arvstedt
5e81d60d63
improve formatting 2020-04-12 22:32:37 +02:00
Erik Arvstedt
d60a5aa4db
define rpc.users submodule inline
Improves readability.
2020-04-12 22:32:37 +02:00
Erik Arvstedt
1a2271fb14
remove unused variable 'hexStr' 2020-04-12 22:32:36 +02:00
Erik Arvstedt
4e92b1c818
remove redundant hardening options
These are already defined in nix-bitcoin-services.defaultHardening.
2020-04-12 22:32:36 +02:00
Erik Arvstedt
47fd6cd0f3
simplify ExecStart 2020-04-12 22:32:36 +02:00
Erik Arvstedt
64fc63cc40
remove pidFile
- service type "simple" is the default
- pidFile is not needed for service type "simple"
2020-04-12 22:32:36 +02:00
Erik Arvstedt
bceaa361ca
operator: allow reading systemd journal 2020-04-09 11:02:06 +02:00
Erik Arvstedt
145961c2de
fix operator authorized keys setup
This fixes these flaws in `copy-root-authorized-keys`:
- When `.vbox-nixops-client-key` is missing, operator's authorized_keys
  file is always appended to, growing the file indefinitely.
- Service is always added and not restricted to nixops-vbox deployments.
2020-04-09 11:02:06 +02:00
Erik Arvstedt
37b2faf63c
move systemPackages definitions to services
These are generally useful and shouldn't be limited to secure-node.nix.

Also, only add the hardware-wallets group when hardware wallets are enabled.
2020-04-08 17:35:14 +02:00
Erik Arvstedt
6c22e13b7f
copy-root-authorized-keys: use inline script definition 2020-04-08 17:35:14 +02:00
Erik Arvstedt
63c6fe3213
fixup! use '' for multi-line string 2020-04-08 17:35:14 +02:00
Erik Arvstedt
ab617946a9
extract variable 'cfg' 2020-04-08 17:35:13 +02:00
Erik Arvstedt
36c84d8360
add option clightning.onionport
Analogous to electrs.onionport
2020-04-08 17:35:13 +02:00
Erik Arvstedt
681dbaf328
move electrs.onionport option
Only used in secure-node.nix
2020-04-08 17:35:13 +02:00
Erik Arvstedt
74fbfa3a5d
use lib.optionals 2020-04-08 17:35:13 +02:00
Erik Arvstedt
ec6d33fbb6
rearrange code sections
Move services to the top, operator account setup to the bottom.
2020-04-08 17:35:13 +02:00
Erik Arvstedt
e16ddc9c77
extract 'mkHiddenService'
toPort equals port by default.
2020-04-08 17:35:13 +02:00
Erik Arvstedt
89d3d58850
use mkIf 2020-04-08 17:35:13 +02:00
Erik Arvstedt
85e52a06cb
improve grouping of suboptions 2020-04-08 17:35:12 +02:00
Erik Arvstedt
1a63f0ca6a
remove option 'services.nix-bitcoin.enable'
Users can enable the node config just by importing secure-node.nix
2020-04-08 17:35:12 +02:00
Erik Arvstedt
0f8b2e91fd
add nix-bitcoin.nix for backwards compatibility 2020-04-08 17:35:12 +02:00
Erik Arvstedt
28792f79dc
rename nix-bitcoin.nix -> presets/secure-node.nix 2020-04-08 17:35:12 +02:00
Jonas Nick
9239268ab6
Merge #136: Change the nix-bitcoin deployment from forking this repo to importing the module
b2e15c17b8 docs: Update to new deployment method (import instead of fork) (Jonas Nick)
5ed0284db9 Add fetch-release script (Jonas Nick)
c303cd47e4 Add push-release.sh helper (Jonas Nick)
705d187a35 examples/shell.nix: don't run shellHook on subsequent nix-shells (Erik Arvstedt)
65039be656 docs: Remove duplicate instructions (Jonas Nick)
455c5664c9 docs: Replace tabs with spaces (Jonas Nick)
8aa4714979 docs: Update NixOS version (Jonas Nick)
9df22a2764 add deploy-qemu-vm.sh example (Erik Arvstedt)
548ced1994 README: Add Example section (Jonas Nick)
44ccbb91d0 Clean up development shell.nix (Jonas Nick)
abcee651d3 add deploy-container.sh (Erik Arvstedt)
5dadea310c add deploy-nixops.sh (Erik Arvstedt)
0c74c365de mention performance loss with hardened kernel profile (Erik Arvstedt)
f3121892ef move main module import to configuration.nix (Erik Arvstedt)
0c0978c007 extract module 'deployment/nixops.nix', add option 'deployment.secretsDir' (Erik Arvstedt)
87d0286498 Change the nix-bitcoin deployment from forking this repo to importing the module (Jonas Nick)

Pull request description:

Top commit has no ACKs.

Tree-SHA512: 18e8b71f42715c5e82e2dafde9dcc965594d76aacc6be7ee2ec746a9510065749cc65331687a57d7140f45779c3b7867f6260ec224d361fb5a477062a27d6e4c
2020-04-08 15:03:08 +00:00
Erik Arvstedt
b07c77f4a4
secrets.nix: remove obsolete comment 2020-03-29 18:51:34 +02:00
Erik Arvstedt
0c0978c007
extract module 'deployment/nixops.nix', add option 'deployment.secretsDir' 2020-03-24 21:43:21 +00:00
Jonas Nick
106dcacb61
lnd: add package option 2020-03-09 08:22:00 +00:00
Erik Arvstedt
5596bcf4fb
bitcoind: set default rpcuser
We're already setting a default rpcpassword, so we should set an
accompanying rpcuser so that rpc clients like electrs work out of the box.
2020-03-04 18:09:52 +01:00
Erik Arvstedt
c4cf323873
electrs: add option 'extraArgs'
Electrs allows defining settings multiple times via cmdline args, but
not via config files.
So 'extraArgs' is the only way to implement overridable settings,
'extraOptions' wouldn't work.
2020-03-04 18:09:52 +01:00
Erik Arvstedt
e731d71232
electrs: add option 'address' 2020-03-04 18:09:52 +01:00
Erik Arvstedt
0be67c325e
electrs: use cfg.user, cfg.group 2020-03-04 18:09:51 +01:00
Erik Arvstedt
48be5a79fa
electrs.enable: use mkEnableOption 2020-03-04 18:09:51 +01:00
Erik Arvstedt
b75b2a1626
electrs: improve description 2020-03-04 18:09:51 +01:00
Erik Arvstedt
fa3455d01f
electrs: don't leak bitcoinrpc secret through process ARGV
Supply secret via private config file instead.
2020-03-04 18:09:51 +01:00
Erik Arvstedt
47481b2642
electrs: quote dataDir in shell cmd 2020-03-04 18:09:50 +01:00
Erik Arvstedt
8fb33d1099
electrs: use bitcoind.dataDir option 2020-03-04 18:09:50 +01:00
Erik Arvstedt
45ba1f1fb3
electrs: don't print timestamps to log
Already provided by journald.
2020-03-04 18:09:49 +01:00
Erik Arvstedt
88080a58bf
electrs: wrap long lines in preStart 2020-03-04 18:09:49 +01:00
Erik Arvstedt
301bb91ae5
simplify setting high-memory options 2020-03-04 18:09:49 +01:00
Erik Arvstedt
93fd2329b8
electrs: make nginx TLS proxy optional
Electrs users shouldn't be forced to run a TLS proxy.
2020-03-04 18:09:48 +01:00
Erik Arvstedt
acde24ce43
electrs: move user/group definitions to bottom
Consistent with other service defs.
2020-03-04 18:09:48 +01:00
Erik Arvstedt
148327326b
electrs: formatting 2020-03-04 18:09:48 +01:00
Erik Arvstedt
cce9932b62
make pinned pkgs accessible through pkgs/default.nix
Useful for developing and for importing pinned pkgs via config.nix.
2020-03-04 18:09:48 +01:00
Jonas Nick
ea8d29d96f
Merge #141: Fix secrets setup
ad23b508e3 {generate,setup}-secrets: remove process hardening (Erik Arvstedt)
89f9bedb9d generate-secrets.nix: fix indentation (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK ad23b508e3

Tree-SHA512: 1cb031f9dbfd3150316e4d4f365d37cb7f591910412ee3c70e01beda3498dbf514d4b620f257f32f64c6dcc4845659f45f69f5839e0b7401997320140530d2a0
2020-02-26 21:40:14 +00:00
Jonas Nick
323b2a7f17
Allow adding multiple nodes to bitcoind with the addnodes option and improve bitcoin module option descriptions 2020-02-26 21:34:18 +00:00
Erik Arvstedt
ad23b508e3
{generate,setup}-secrets: remove process hardening
ProtectSystem=full disables writing to /etc which is the default
secrets location.

Besides that, hardening is pointless for {generate,setup}-secrets which
don't read external input and are fully under our control.
2020-02-26 20:38:46 +01:00
Erik Arvstedt
89f9bedb9d
generate-secrets.nix: fix indentation 2020-02-26 20:38:46 +01:00
Jonas Nick
9d3588e1de
Convert nix-bitcoin extraConfig options to regular options 2020-02-23 19:22:07 +00:00
Erik Arvstedt
6fe647ecc4
spark-wallet, lightning-charge: specify mainchain network in clightning data dir
This fixes warnings in each service.
2020-01-15 23:13:48 +00:00