Erik Arvstedt
4e5c1d7551
disable redundant logfile
2020-04-12 22:32:37 +02:00
Erik Arvstedt
a05551fd1c
improve config file formatting
2020-04-12 22:32:37 +02:00
Erik Arvstedt
5e81d60d63
improve formatting
2020-04-12 22:32:37 +02:00
Erik Arvstedt
d60a5aa4db
define rpc.users submodule inline
...
Improves readability.
2020-04-12 22:32:37 +02:00
Erik Arvstedt
1a2271fb14
remove unused variable 'hexStr'
2020-04-12 22:32:36 +02:00
Erik Arvstedt
4e92b1c818
remove redundant hardening options
...
These are already defined in nix-bitcoin-services.defaultHardening.
2020-04-12 22:32:36 +02:00
Erik Arvstedt
47fd6cd0f3
simplify ExecStart
2020-04-12 22:32:36 +02:00
Erik Arvstedt
64fc63cc40
remove pidFile
...
- service type "simple" is the default
- pidFile is not needed for service type "simple"
2020-04-12 22:32:36 +02:00
Erik Arvstedt
bceaa361ca
operator: allow reading systemd journal
2020-04-09 11:02:06 +02:00
Erik Arvstedt
145961c2de
fix operator authorized keys setup
...
This fixes these flaws in `copy-root-authorized-keys`:
- When `.vbox-nixops-client-key` is missing, operator's authorized_keys
file is always appended to, growing the file indefinitely.
- Service is always added and not restricted to nixops-vbox deployments.
2020-04-09 11:02:06 +02:00
Erik Arvstedt
37b2faf63c
move systemPackages definitions to services
...
These are generally useful and shouldn't be limited to secure-node.nix.
Also, only add the hardware-wallets group when hardware wallets are enabled.
2020-04-08 17:35:14 +02:00
Erik Arvstedt
6c22e13b7f
copy-root-authorized-keys: use inline script definition
2020-04-08 17:35:14 +02:00
Erik Arvstedt
63c6fe3213
fixup! use '' for multi-line string
2020-04-08 17:35:14 +02:00
Erik Arvstedt
ab617946a9
extract variable 'cfg'
2020-04-08 17:35:13 +02:00
Erik Arvstedt
36c84d8360
add option clightning.onionport
...
Analogous to electrs.onionport
2020-04-08 17:35:13 +02:00
Erik Arvstedt
681dbaf328
move electrs.onionport option
...
Only used in secure-node.nix
2020-04-08 17:35:13 +02:00
Erik Arvstedt
74fbfa3a5d
use lib.optionals
2020-04-08 17:35:13 +02:00
Erik Arvstedt
ec6d33fbb6
rearrange code sections
...
Move services to the top, operator account setup to the bottom.
2020-04-08 17:35:13 +02:00
Erik Arvstedt
e16ddc9c77
extract 'mkHiddenService'
...
toPort equals port by default.
2020-04-08 17:35:13 +02:00
Erik Arvstedt
89d3d58850
use mkIf
2020-04-08 17:35:13 +02:00
Erik Arvstedt
85e52a06cb
improve grouping of suboptions
2020-04-08 17:35:12 +02:00
Erik Arvstedt
1a63f0ca6a
remove option 'services.nix-bitcoin.enable'
...
Users can enable the node config just by importing secure-node.nix
2020-04-08 17:35:12 +02:00
Erik Arvstedt
0f8b2e91fd
add nix-bitcoin.nix for backwards compatibility
2020-04-08 17:35:12 +02:00
Erik Arvstedt
28792f79dc
rename nix-bitcoin.nix -> presets/secure-node.nix
2020-04-08 17:35:12 +02:00
Jonas Nick
9239268ab6
Merge #136 : Change the nix-bitcoin deployment from forking this repo to importing the module
...
b2e15c17b8
docs: Update to new deployment method (import instead of fork) (Jonas Nick)
5ed0284db9
Add fetch-release script (Jonas Nick)
c303cd47e4
Add push-release.sh helper (Jonas Nick)
705d187a35
examples/shell.nix: don't run shellHook on subsequent nix-shells (Erik Arvstedt)
65039be656
docs: Remove duplicate instructions (Jonas Nick)
455c5664c9
docs: Replace tabs with spaces (Jonas Nick)
8aa4714979
docs: Update NixOS version (Jonas Nick)
9df22a2764
add deploy-qemu-vm.sh example (Erik Arvstedt)
548ced1994
README: Add Example section (Jonas Nick)
44ccbb91d0
Clean up development shell.nix (Jonas Nick)
abcee651d3
add deploy-container.sh (Erik Arvstedt)
5dadea310c
add deploy-nixops.sh (Erik Arvstedt)
0c74c365de
mention performance loss with hardened kernel profile (Erik Arvstedt)
f3121892ef
move main module import to configuration.nix (Erik Arvstedt)
0c0978c007
extract module 'deployment/nixops.nix', add option 'deployment.secretsDir' (Erik Arvstedt)
87d0286498
Change the nix-bitcoin deployment from forking this repo to importing the module (Jonas Nick)
Pull request description:
Top commit has no ACKs.
Tree-SHA512: 18e8b71f42715c5e82e2dafde9dcc965594d76aacc6be7ee2ec746a9510065749cc65331687a57d7140f45779c3b7867f6260ec224d361fb5a477062a27d6e4c
2020-04-08 15:03:08 +00:00
Erik Arvstedt
b07c77f4a4
secrets.nix: remove obsolete comment
2020-03-29 18:51:34 +02:00
Erik Arvstedt
0c0978c007
extract module 'deployment/nixops.nix', add option 'deployment.secretsDir'
2020-03-24 21:43:21 +00:00
Jonas Nick
106dcacb61
lnd: add package option
2020-03-09 08:22:00 +00:00
Erik Arvstedt
5596bcf4fb
bitcoind: set default rpcuser
...
We're already setting a default rpcpassword, so we should set an
accompanying rpcuser so that rpc clients like electrs work out of the box.
2020-03-04 18:09:52 +01:00
Erik Arvstedt
c4cf323873
electrs: add option 'extraArgs'
...
Electrs allows defining settings multiple times via cmdline args, but
not via config files.
So 'extraArgs' is the only way to implement overridable settings,
'extraOptions' wouldn't work.
2020-03-04 18:09:52 +01:00
Erik Arvstedt
e731d71232
electrs: add option 'address'
2020-03-04 18:09:52 +01:00
Erik Arvstedt
0be67c325e
electrs: use cfg.user, cfg.group
2020-03-04 18:09:51 +01:00
Erik Arvstedt
48be5a79fa
electrs.enable: use mkEnableOption
2020-03-04 18:09:51 +01:00
Erik Arvstedt
b75b2a1626
electrs: improve description
2020-03-04 18:09:51 +01:00
Erik Arvstedt
fa3455d01f
electrs: don't leak bitcoinrpc secret through process ARGV
...
Supply secret via private config file instead.
2020-03-04 18:09:51 +01:00
Erik Arvstedt
47481b2642
electrs: quote dataDir in shell cmd
2020-03-04 18:09:50 +01:00
Erik Arvstedt
8fb33d1099
electrs: use bitcoind.dataDir option
2020-03-04 18:09:50 +01:00
Erik Arvstedt
45ba1f1fb3
electrs: don't print timestamps to log
...
Already provided by journald.
2020-03-04 18:09:49 +01:00
Erik Arvstedt
88080a58bf
electrs: wrap long lines in preStart
2020-03-04 18:09:49 +01:00
Erik Arvstedt
301bb91ae5
simplify setting high-memory options
2020-03-04 18:09:49 +01:00
Erik Arvstedt
93fd2329b8
electrs: make nginx TLS proxy optional
...
Electrs users shouldn't be forced to run a TLS proxy.
2020-03-04 18:09:48 +01:00
Erik Arvstedt
acde24ce43
electrs: move user/group definitions to bottom
...
Consistent with other service defs.
2020-03-04 18:09:48 +01:00
Erik Arvstedt
148327326b
electrs: formatting
2020-03-04 18:09:48 +01:00
Erik Arvstedt
cce9932b62
make pinned pkgs accessible through pkgs/default.nix
...
Useful for developing and for importing pinned pkgs via config.nix.
2020-03-04 18:09:48 +01:00
Jonas Nick
ea8d29d96f
Merge #141 : Fix secrets setup
...
ad23b508e3
{generate,setup}-secrets: remove process hardening (Erik Arvstedt)
89f9bedb9d
generate-secrets.nix: fix indentation (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK ad23b508e3
Tree-SHA512: 1cb031f9dbfd3150316e4d4f365d37cb7f591910412ee3c70e01beda3498dbf514d4b620f257f32f64c6dcc4845659f45f69f5839e0b7401997320140530d2a0
2020-02-26 21:40:14 +00:00
Jonas Nick
323b2a7f17
Allow adding multiple nodes to bitcoind with the addnodes option and improve bitcoin module option descriptions
2020-02-26 21:34:18 +00:00
Erik Arvstedt
ad23b508e3
{generate,setup}-secrets: remove process hardening
...
ProtectSystem=full disables writing to /etc which is the default
secrets location.
Besides that, hardening is pointless for {generate,setup}-secrets which
don't read external input and are fully under our control.
2020-02-26 20:38:46 +01:00
Erik Arvstedt
89f9bedb9d
generate-secrets.nix: fix indentation
2020-02-26 20:38:46 +01:00
Jonas Nick
9d3588e1de
Convert nix-bitcoin extraConfig options to regular options
2020-02-23 19:22:07 +00:00
Erik Arvstedt
6fe647ecc4
spark-wallet, lightning-charge: specify mainchain network in clightning data dir
...
This fixes warnings in each service.
2020-01-15 23:13:48 +00:00