Erik Arvstedt
4f6ff408ef
treewide: remove unneeded string literals
2021-02-07 22:41:29 +01:00
Erik Arvstedt
e6a6c721c1
treewide: streamline 'extraConfig' descriptions
2021-02-07 22:40:11 +01:00
Erik Arvstedt
e774c045de
treewide: fix formatting
2021-02-07 22:40:10 +01:00
Erik Arvstedt
c246bbb36e
bitcoind, clightning, lnd: improve descriptions
...
bitcoind: The previous description of 'prune' didn't match the int-only
values supported by our option.
2021-02-07 22:39:05 +01:00
Erik Arvstedt
7533f12ef1
bitcoind, clightning, run-tests: minor refactoring
...
bitcoind: use builtins.toFile
clightning: use boolToString
run-tests: remove leftover var
2021-02-07 22:39:05 +01:00
Erik Arvstedt
a26ed03d77
rename nix-bitcoin-services.nix -> lib.nix
2021-02-04 12:39:48 +00:00
Erik Arvstedt
b114d0c3b1
bitcoind: use systemd startup notification
2021-01-31 22:26:49 +01:00
Erik Arvstedt
332d0e70c8
bitcoind: support onion address announcing
2021-01-31 22:26:49 +01:00
Erik Arvstedt
5c09845e6f
bitcoind: tag incoming connections as onion on enforceTor
2021-01-31 22:26:49 +01:00
Erik Arvstedt
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc'
2021-01-14 13:25:03 +01:00
Erik Arvstedt
5b7e0d09b2
bitcoind: add consistent address options
2021-01-14 13:25:03 +01:00
Erik Arvstedt
f1681f5b45
add option nix-bitcoin.pkgs, remove overlay
...
This works around a nixpkgs bug where overlays are ignored in containers.
2020-11-09 22:10:07 +01:00
Erik Arvstedt
8b053326cc
bitcoind: use type str for rpcbind
...
Extra RPC bind addresses can still be added via extraConfig.
2020-10-29 21:21:28 +01:00
Erik Arvstedt
58d24e735d
netns-bitcoind: allow RPC access from main netns
2020-10-29 21:21:27 +01:00
Erik Arvstedt
e0675cb256
move enforceTor logic to service modules
...
This enables tor support for services without using secure-node.nix
2020-10-29 21:21:27 +01:00
Erik Arvstedt
9e928e2097
bitcoind: add regtest support
...
Remove unsupported option 'testnet'.
2020-10-16 18:01:49 +02:00
Erik Arvstedt
9aa19c3fdd
extract operator module
2020-10-16 16:46:55 +02:00
Erik Arvstedt
9d610991be
bitcoind: remove custom rpc user names
...
Simpler.
We've just removed option 'bitcoind.rpcuser', so we can also remove the
old name 'bitcoinrpc'.
2020-08-27 11:39:26 +02:00
Erik Arvstedt
1408403dec
bitcoind: clarify how bitcoin-cli RPC access is enabled
...
It's not immediately clear why rpcuser/rpcpassword are needed in addition to the rpcauth
config entries.
2020-08-26 22:52:47 +02:00
Erik Arvstedt
4790c601a1
bitcoind: move rpc user config to bitcoind
...
This enables modules-only usage.
The privileged user is needed by bitcoind (cli), the public user is
needed by other services.
2020-08-26 22:52:47 +02:00
Erik Arvstedt
876cfadf1a
bitcoind: add rpc user option 'passwordHMACFromFile'
...
This allows adding additional rpc users without the need for
user-specific code in preStart.
2020-08-26 22:52:47 +02:00
Erik Arvstedt
59434e79f0
bitcoind: simplify default rpc user name config
2020-08-26 21:16:32 +02:00
Erik Arvstedt
205829b91f
bitcoind: remove whitespace
2020-08-26 21:16:32 +02:00
Erik Arvstedt
9715134f06
netns: don't repeat cli definitions
...
1. Saves some code.
2. Guarantees that the netns and no-netns cli defs are always in sync.
2020-08-25 11:40:27 +02:00
Jonas Nick
62f83a71b8
Merge #218 : Fix typos
...
df89ceed39
Fix typos (practicalswift)
Pull request description:
ACKs for top commit:
jonasnick:
ACK df89ceed39
Tree-SHA512: 8cd04469dd0c46259790f00f380a840c22f10424c2504a7667e70cfdb03f30801e34f3c53aeffc9259a971484d4a12f1dbe5ceade493c8559e8c00ec011e7c73
2020-08-04 15:13:09 +00:00
nixbitcoin
e650df30d5
bitcoind: bump rpcthread count
2020-08-04 14:46:57 +00:00
practicalswift
df89ceed39
Fix typos
2020-08-04 13:32:06 +00:00
nixbitcoin
5086fc3234
bitcoin: drive-by prune fix
2020-07-28 14:32:54 +00:00
nixbitcoin
1bf45a9547
bitcoind: add rpcwhitelist feature
...
Default behavior for rpc whitelisting is set to 0, which means that
rpcwhitelisting is only enforced for rpc users for whom an `rpcwhitelist`
exists.
2020-07-28 14:32:50 +00:00
nixbitcoin
5a978a2836
bitcoind: switch from rpcpassword to rpcauth
...
Includes bitcoind's `share/rpcauth` to convert apg generated passwords
into salted HMAC-SHA-256 hashed passwords.
2020-07-28 14:32:47 +00:00
nixbitcoin
02853067a1
bitcoind: postStart wait until bitcoind can receive rpc calls
2020-07-21 13:23:07 +00:00
nixbitcoin
515aae2825
bitcoind: add netns and nonetns cli scripts
...
nonetns script needed for bitcoind-import-banlist
2020-07-21 09:38:24 +00:00
nixbitcoin
75ca6f186c
bitcoind: add netns
...
- Adds bitcoind to netns-isolation.services
- Adds rpcbind and rpcallowip options to allow using bitcoind with
network namespaces
- Adds bind option (defaults to localhost), used as target of hidden service
- Makes bitcoind-import-banlist run in netns
2020-07-21 09:38:22 +00:00
nixbitcoin
0fd99c4cc0
bitcoind: simplify pruning
...
Remove the possible null value for bitcoind.prune and set prune = 0 in
bitcoind as a default. Remove prune = 0 in secure-node.nix and the
mkForce in configuration.nix (bitcoind.prune = lib.mkForce ).
2020-06-15 10:55:57 +00:00
Jonas Nick
16e602e2b5
Merge #190 : services: use 'port' option type
...
db48ab9b69
services: use 'port' option type (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK db48ab9b69
Tree-SHA512: 24cf0c307b40652d1275575fdf4216696890b0f7786832e7bbee9e21cf6d23d3fc35480926c475fc98c17eba668f5ee2c8c0875689e725c8ad05f2fb6b9ecd20
2020-06-05 20:40:57 +00:00
Erik Arvstedt
db48ab9b69
services: use 'port' option type
2020-06-02 17:31:28 +02:00
nixbitcoin
a040e52854
All modules: ProtectSystem = strict
...
Add ReadWritePaths in all modules, except lnd which has ProtectSystem =
full.
2020-05-22 15:47:01 +00:00
nixbitcoin
adc71b892e
Remove PermissionStartOnly where possible and replace with bitcoinrpc
...
Remove PermissionsStartOnly for bitcoind and spark-wallet (it was never
needed there)
Give reason for PermissionsStartOnly in lightning-charge
Replace PermissionsStartOnly in clightning, electrs and liquid
2020-05-22 15:04:49 +00:00
nixbitcoin
91b6b2c370
All modules with preStart: Use systemd.tmpfiles.rules
...
This is NixOS' recommended way to setup service dirs
https://github.com/NixOS/nixpkgs/pull/56265 . This commit hands off the
initial data directory creation to systemd.tmpfiles.rules. All other
preStart scripts are left intact to limit this changes' scope.
2020-05-22 14:54:39 +00:00
nixbitcoin
7c70dd43ac
All modules: Give service config precedence over defaultHardening
...
With '//' the latter takes precedence over the former in case of
equally named attributes.
2020-05-22 08:08:27 +00:00
nixbitcoin
95d230d1d6
Remove bitcoinrpc group remnants
2020-05-19 11:13:22 +00:00
nixbitcoin
205fca3576
bitcoind: only make blocksdir group-readable when dataDirReadableByGroup
2020-05-19 11:13:18 +00:00
nixbitcoin
159f551b93
Remove bitcoin, clightning, electrs, liquid user home directory
2020-04-26 14:08:08 +02:00
Erik Arvstedt
4dc6c3ba5d
add option 'dataDirReadableByGroup'
...
These settings are now more accessible for users that don't use
nix-bitcoin's default node config.
Additionally, remove 'other' permissions via umask.
2020-04-16 15:55:34 +02:00
Erik Arvstedt
3e188238d0
only update bitcoin.conf when changed
2020-04-12 22:32:37 +02:00
Erik Arvstedt
08322eed9b
use [[ test
2020-04-12 22:32:37 +02:00
Erik Arvstedt
201fc33782
move line to relevant code section (blocks dir setup)
2020-04-12 22:32:37 +02:00
Erik Arvstedt
1f8fe310d0
remove option 'configFileOption'
...
It doesn't make sense for bitcoind users to completely redefine their
config file. Also, it's poorly named and the description is faulty.
This is a breaking change, but this option has probably no actual users.
2020-04-12 22:32:37 +02:00
Erik Arvstedt
4e5c1d7551
disable redundant logfile
2020-04-12 22:32:37 +02:00
Erik Arvstedt
a05551fd1c
improve config file formatting
2020-04-12 22:32:37 +02:00