- Fix firewall.allowedTCPPorts settings
- Section `Allow bitcoind RPC connections`:
Set catch-all listen for `rpc.address` instead of `address`.
- rpc.allowip: Set subnet zero to fix allowing all addresses
- Move section `updating` from `usage.md` to `configuration.md` and
rename `usage.md` -> `services.md`.
`services.md` documents how enable and interact with node services.
- README: Move `docs` below `Get started`. The `docs` section is short and
should be easily accessible.
- Don't overwrite `nix-bitcoin-release.nix` on errors
- Show a message to indicate whether `nix-bitcoin-release.nix` was
updated
- Don't start a shell when called noninteractively
Also, update `usage.md` and reformat `shell.nix`.
- Update nixos iso
- Make sure to be root before parting and give instructions for checking
UEFI vs. legacy
- Instead of making user replace automatically generated nixos config,
explain how to add options.
- Add boot.loader options directly to hardware-configuration.nix
- Copy .gitignore when setting up a deployment dir
- Stress that the first config that is deployed remotely must include ssh key.
- Debian: 9 Strech -> Debian 10 Buster
- nix: 2.3.3 -> 2.3.10
- enable usage outside of secure-node.nix
- use json as the output format
- show ports
- also show local addresses, which is particularly useful when
netns-isolation is enabled
- only show enabled services
Password length and alphabet is unchanged, but the restriction to
include at least one numeric and one capital char has been removed.
This restriction is not needed by client applications,
adds code complexity, and even (insignificantly) reduces entropy.
Reason for switching to pwgen:
apg uses /dev/random instead of /dev/urandom which brings no security
benefits but can stall the generate-secrets script on low-entropy
devices due to blocking.
Since `security.rngd` has been disabled in NixOS 20.09, blocking
in generate-secrets can also appear on regular NixOS desktop systems.