- Adds lnd to netns-isolation.services
- Specifies listen option (defaults to localhost) as target of
hiddenService.
- Amends hardcoded lnd ip to lnd-cert
WARNING: Breaking changes for lnd cert. lnd-key and lnd-cert will have
to be deleted and redeployed.
currently, nodeinfo has presets/secure-node.nix as a strict
dependency as it requires onion-chef and the 'operatorName' option.
and nix-bitcoin-webindex.nix has nodeinfo as a dependecy.
so don't add nodeinfo and webindex to modules.nix because they will fail on standalone use.
Download shesek's github spark-npm.tgz, verify signature, unpack
spark-npm.tgz, patch package.json to include qrcode-terminal in
dependencies, run node2nix with tmpdir as local source, replace tmpdir
spark-wallet source with shesek's github spark-npm.tgz in
node-packages.nix.
spark-wallet: erikarvstedt fixups
move script to pkg dir, add hint to script in pkg def
remove unneeded script deps
add extended bash error checking
rename DIR -> TMPDIR
remove TMPDIR on exit
strip whitespace, simplify comments
gpg2 -> gpg
latesttagelectrs -> latest
tmpdir: don't use XDG_RUNTIME_DIR
XDG_RUNTIME_DIR is often in RAM and shouldn't be used for larger
workloads like repo downlaods
verify fingerprint of the imported key
remove trailing '-' in output
simplify output
Hide --fetch-key output
Output is not relevant to user, looks better without it
More accurately describe ./get-sha256 function
User might think that ./get-sha256 automatically updates sha256 in default.nix
Fetch key from sks keyservers instead of keybase.io
Using --recv-key simplifies getting the right key, and only the
right key, greatly. I try to refrain from using sks keyservers,
but the certificate spamming attack shouldn't be an issue in this
case because we create a temporary keychain just for the
verificaiton.
remove unneeded cargoDepsHook
Make clang nativeBuildInput instead of buildInput
e95f5981aa Remove KN countrycode (nixbitcoin)
742aef1e0f Only set dataDirReadableByGroup if cfg.high-memory is enabled (nixbitcoin)
Pull request description:
ACKs for top commit:
jonasnick:
ACK e95f5981aa
Tree-SHA512: e8253b934211e6fc6be11917f8acb05a05e390caafdf86f90670f9299d9c0d98596758ff021c65aae199c9a5a3f86f87854e1b8f50a53bab8ad28d9a7003d98e
It appears the pinned attrset is a bit adhoc. This generalizes
pinned.nix so that you can do:
$ nix build -f . pinned.stable.hwi
$ nix build -f . pinned.unstable.hwi
etc
Signed-off-by: William Casarin <jb55@jb55.com>
Disabling upnp via compilation brings no substantial security benefits.
There's no way to inadvertently enable upnp, it must be set explicitly
via bitcoind.extraConfig.
But it's a huge hassle for new users who have to recompile bitcoind
before being able to use nix-bitcoin.
Also, elementsd is currently built with upnp support by default.
Use buildRustPackage instead of buildRustCrate (via crate2nix).
buildRustPackage builds the whole executable and its libraries in a
single `cargo build` process.
With the create2nix approach each library is built in a separate derivation,
directly using rustc instead of the cargo wrapper.
Benefits of buildRustPackage:
- Much simpler to maintain
- Package derivation evaluates much faster
Benefits of crate2nix:
- Build can be distributed over multiple build hosts
- Better sharing of common dependencies between different builds
- More fine-grained rebuilding on build failures
In nixpkgs buildRustPackage is used for almost all Rust pkgs, it's
also a better fit for our use case.
Each secret file to be deployed is now backed by one local file.
This simplifies 'setup-secrets' and the secret definitions.
Also, with the old format it was not possible to add new secrets
to secrets.nix in a simple way.
Old secrets are automatically converted to the new format when running
nix-shell.
Using the new option 'nix-bitcoin.secrets', secrets are now directly
defined by the services that use them.
An executable is more robust to use than shell aliases.
This is also a preparation for commit 'add module test' because the
NixOS testing framework makes interactive aliases hard to use: It
unsets 'PS1' which is used by programs/bash/bash.nix to detect
interactive shells.