greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,400 Commits 8 Branches 0 Tags
Commit Graph

633 Commits

Author SHA1 Message Date
nixbitcoin
e873326bfe
modules: use user & group options 
I've tried my best to locate all uses of hardcoded usernames, but its
not guaranteed that all have been found/fixed.
 2021-02-17 11:50:25 +00:00
nixbitcoin
ccef870b74
spark-wallet: add user & group options 2021-02-17 11:50:07 +00:00
nixbitcoin
85a1722545
lnd: add user & group options 2021-02-17 11:49:51 +00:00
nixbitcoin
42f7e9f874
joinmarket: 0.8.0-a5e8879 -> 0.8.1 
- Update joinmarket package
- Revert unofficial release settings
- Move Yield Generator config to configFile
- Add new config option max_sweep_fee_change
 2021-02-14 16:23:53 +00:00
nixbitcoin
2ca92a34a5
services: use doas if enabled 
- Remove sudo from recurring-donations path because it's not used by
  the service

- Use doas instead of sudo in secure-node.nix
 2021-02-09 12:44:04 +00:00
Erik Arvstedt
ce2b445777
treewide: use runuser for dropping privileges 
When running as root, use runuser instead of sudo.
As opposed to sudo or doas, runuser is a standalone
binary that needs no external configuration.
Also, it's a bit faster.
 2021-02-09 12:44:01 +00:00
Erik Arvstedt
803584a288
backups: don't use hardcoded secrets dir 2021-02-07 22:45:38 +01:00
Erik Arvstedt
6a32812412
services: add names for systemd helper scripts 
The systemd journal now shows a specific script name instead of
the generic name "script" before script output.
 2021-02-07 22:45:36 +01:00
Erik Arvstedt
6982699613
services: use consistent layout 
Use the following order of definitions for all services:
- assertions
- configuration of other services
- environment.systemPackages
- tmpfiles
- own service
- users
- secrets
 2021-02-07 22:42:23 +01:00
Erik Arvstedt
a43534dda0
services: improve config file setup 
- btcpayserver, nbxplorer: Add quotes to the
  dataDir arg. (dataDir can contain spaces.)

- clightning, liquidd: use 'install'
 2021-02-07 22:42:22 +01:00
Erik Arvstedt
18f2002cf0
joinmarket-yieldgenerator: improve systemd journal output 
Journal entries now look like
`joinmarket-yieldgenerator[9795]: User data location: /var/lib/joinmarket`
instead of
`bash[9795]: User data location: /var/lib/joinmarket`
 2021-02-07 22:41:46 +01:00
Erik Arvstedt
9d0b8c8f6f
joinmarket-ob-watcher: use DynamicUser 
DynamicUser simplifies services that don't need a persistent uid/gid,
like joinmarket-ob-watcher.

For existing installations the data dir migration to dynamic users
is automatically handled by systemd.
 2021-02-07 22:41:44 +01:00
Erik Arvstedt
e9c98f415c
joinmarket: explain need for tor control socket 2021-02-07 22:41:31 +01:00
Erik Arvstedt
d9c87b6a8f
joinmarket: fix wallet creation 
- Fix jm-wallet-seed being globally readable.

- Handle seed extraction failures.
  If seed extraction fails, remove the newly created wallet.
  This guarantees that wallets always have an accompanying seed.
 2021-02-07 22:41:31 +01:00
Erik Arvstedt
7458350108
treewide: remove deprecated types.loaOf 2021-02-07 22:41:31 +01:00
Erik Arvstedt
9cf038939c
treewide: use mkEnableOption 2021-02-07 22:41:31 +01:00
Erik Arvstedt
7a97304f13
treewide: remove unit descriptions 
Systemd's `Description` option is a misnomer (as confessed by `man systemd.unit`):
Its value is used by user-facing tools in place of the unit file name, so this option
could have been more aptly named `label` or `name`.
`Description` should only be set if the unit file name is not sufficient for naming a unit.
This is not the case for our services, except for `systemd.services.nb-netns-bridge`
whose description has been kept.

As an example how this affects users, weird journal lines like
```
nb-test systemd[1]: Starting Run clightningd...
```
are now replaced by
```
nb-test systemd[1]: Starting clightning.service...
```
 2021-02-07 22:41:31 +01:00
Erik Arvstedt
a942177ecf
treewide: remove user descriptions 
User descriptions are stored in the `comment` field in /etc/passwd.
In our case, these are completely redundant and don't add any useful information.
 2021-02-07 22:41:30 +01:00
Erik Arvstedt
4f6ff408ef
treewide: remove unneeded string literals 2021-02-07 22:41:29 +01:00
Erik Arvstedt
e6a6c721c1
treewide: streamline 'extraConfig' descriptions 2021-02-07 22:40:11 +01:00
Erik Arvstedt
e774c045de
treewide: fix formatting 2021-02-07 22:40:10 +01:00
Erik Arvstedt
0b5b29a2a3
netns-isolation: simplify permission definition for netns-exec 
The new definition is equivalent to the old one.
 2021-02-07 22:39:06 +01:00
Erik Arvstedt
af2040f4c4
netns-isolation: use 'true' for systemd option 2021-02-07 22:39:05 +01:00
Erik Arvstedt
c246bbb36e
bitcoind, clightning, lnd: improve descriptions 
bitcoind: The previous description of 'prune' didn't match the int-only
values supported by our option.
 2021-02-07 22:39:05 +01:00
Erik Arvstedt
7533f12ef1
bitcoind, clightning, run-tests: minor refactoring 
bitcoind: use builtins.toFile
clightning: use boolToString
run-tests: remove leftover var
 2021-02-07 22:39:05 +01:00
Erik Arvstedt
f0850d3f23
btcpayserver: reorder config settings 
Move 'bind' and 'port' next to each other and to the top.
 2021-02-07 22:39:05 +01:00
Erik Arvstedt
d1c0ea9f85
btcpayserver: add missing systemd postgresql dependency 
btcpayserver fails if it starts before postgresql.
 2021-02-07 22:39:05 +01:00
nixbitcoin
ebd478fd0d
lnd: add option 'restOnionService' 2021-02-05 09:17:14 +01:00
Erik Arvstedt
a344ae95c9
move mkHiddenService to lib 2021-02-04 12:39:54 +00:00
Erik Arvstedt
a26ed03d77
rename nix-bitcoin-services.nix -> lib.nix 2021-02-04 12:39:48 +00:00
Martin Milata
86d7db9940 bitcoind: add uptime to the public api whitelist 
It is needed by lnd to check bitcoind health status since lnd-0.12.0.
 2021-02-02 22:32:20 +01:00
Erik Arvstedt
b114d0c3b1
bitcoind: use systemd startup notification 2021-01-31 22:26:49 +01:00
Erik Arvstedt
332d0e70c8
bitcoind: support onion address announcing 2021-01-31 22:26:49 +01:00
Erik Arvstedt
9662c19ab1
onionServices: use actual user name of services 
Previously, onionAddresses definitions in onionServices were of the form
onionAddresses.access.<service> = [<service>];

This caused failures for configurations where a service user name was
overridden or for bitcoind whose default user is 'bitcoin' instead of 'bitcoind'.

Now set the equivalent of:
onionAddresses.access.<actualServiceUser> = [<service>];

Implement this via a new option `onionAddresses.services` to make things more
readable and to work around an infinite recursion error in onionServices.
 2021-01-31 22:26:49 +01:00
Erik Arvstedt
5c09845e6f
bitcoind: tag incoming connections as onion on enforceTor 2021-01-31 22:26:49 +01:00
Jonas Nick
035438d427
Merge #290: JoinMarket Orderbook Watcher 
8c125ec48c3f3caabab65acd2d7c9f2dffe1a2d3 joinmarket-obwatcher: add pkg & module (nixbitcoin)
915df059f43b2e3ec872094630d15e46c5386864 joinmarket: 0.8.0-bcfa7eb -> 0.8.0-a5e8879 (Erik Arvstedt)
254246cf39e88c843a75ce7ef8dd0c7de2d0100e joinmarket: use installPhase (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 8c125ec48c3f3caabab65acd2d7c9f2dffe1a2d3

Tree-SHA512: 5e4ba14a2a90c505b7cd7e09c33548d06ec466502c48f8d551a4437c5542dab427ec7f9cb7a15c849cc7ce11685c493b9773ec08591e1980ebe2a84abef17141
 2021-01-17 20:00:13 +00:00
nixbitcoin
8c125ec48c
joinmarket-obwatcher: add pkg & module 2021-01-17 17:40:12 +00:00
kon
9480ada135 nodeinfo fix lnd 2021-01-17 17:13:09 +01:00
Jonas Nick
c6c14889eb
Merge #293: Module refactorings, onionServices 
e2922eb4ce6b820fd1bf698c6aadce5d5f4d27c6 move rpc thread count setting to lightning modules (Erik Arvstedt)
352fc4e8fe6c24ff856464d9c53997b96197130b liquid: remove insecure and redundant option 'rpcpassword' (Erik Arvstedt)
757a66b9bd1784d9a20fce8cf04414f31f2c762d liquid: move rpcuser definition to module (Erik Arvstedt)
0e00c39d4784bc64e30b1fc37c684e75e08bdaa6 secure-node: improve layout (Erik Arvstedt)
5f7a7962f77057dba76954bb44813006b98cecde backups: remove redundant option 'program' (Erik Arvstedt)
04d8560f86e94fc9d2f9df1c8334e11442b75373 secure-node: remove qrencode, tor from systemPackages (Erik Arvstedt)
323a431abade32e3c5f0f98acfaada6a80edc1d0 improve nodeinfo (Erik Arvstedt)
f6b883a9acd92e3d94062b21615db14c8383f3b7 remove webindex (Erik Arvstedt)
2a240d6f4a2bc624772b2065f07b1f1a55bf4eb0 enable-tor: disable default onion services for clightning, lnd, btcpayserver (Erik Arvstedt)
18c7842e1affa87df63809cd2f7a6b068468918e modules: show warnings for obsolete options (Erik Arvstedt)
45c40c4eb94b1176216ca2b466442b8029ca8b51 versioning: simplify assertion evaluation (Erik Arvstedt)
bed00fe937a1e7e6a2496ac29ee904e4440b073e lnd: use onionServices for address announcing (Erik Arvstedt)
3980cd5a4191e96d8cf1a942b89149a8c034b31c clightning: use onionServices for address announcing (Erik Arvstedt)
bd2a46cb73de511b763d87593aadf6d0d9eefe11 spark-wallet: use onionServices (Erik Arvstedt)
87fb9f246bd448d890e3958c4be786d81f264b27 add 'enable-tor' preset (Erik Arvstedt)
05b5402bb152543ee21aec583436d35425bcc3b9 add nix-bitcoin.onionServices (Erik Arvstedt)
fffe988248fcb48fe0a58214aa96b2900c92309b onionAddresses: add readonly option 'dataDir' (Erik Arvstedt)
5f34b094d3c13978e1689e73d679190a8f0cdcbb onionAddresses: improve script (Erik Arvstedt)
b266f232515ce64354d22271ffba9dca8496a67f onionAddresses: use service 'script' option (Erik Arvstedt)
6d13b26d0a5d42821028ce999653cff3771a3cc9 onionAddresses: add more precise type for option 'access' (Erik Arvstedt)
93562f76dd0da0ccc77e71e522fb75332ed674ed onionAddresses: remove redundant option 'enable' (Erik Arvstedt)
43c247e3fe3b2a8f635373a4278ba990694b330a onionAddresses: use StateDirectory instead of tmpfiles (Erik Arvstedt)
5c6977b006d492ac7030373129ddb989e0691847 rename onion-chef -> nix-bitcoin.onionAddresses (Erik Arvstedt)
55073eee70056b2850656cb3db1b62068b726267 remove nix-bitcoin.pkgs.lib (Erik Arvstedt)
09e0042aa84b5effa746d9cf76fd06b3a97ad06c spark-wallet: add consistent address options (Erik Arvstedt)
39f16c0b4aab844b183ee4c97acebf95eb2fe1c0 liquidd: add consistent address options (Erik Arvstedt)
b5d76ba1b3cb3c0683a4b0e2feac8aa722966193 electrs: add consistent address options (Erik Arvstedt)
8fa32b7f91523ac6c499c036931d03f98b39be05 btcpayserver: add consistent address options (Erik Arvstedt)
e78a6096871ad88421f7673f24139d0c3f51d867 clightning: add consistent address options (Erik Arvstedt)
b41a720c28a426b1576a063ab74e295b70a5b13e lnd: add consistent address options (Erik Arvstedt)
dd4a0238f9bcc4148eb718933d5ab95ca211e4b9 bitcoind: group rpc options under parent option 'rpc' (Erik Arvstedt)
5b7e0d09b2e85386c16d40ad624e824f88f3c015 bitcoind: add consistent address options (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK e2922eb4ce6b820fd1bf698c6aadce5d5f4d27c6
  jonasnick:
    ACK e2922eb4ce6b820fd1bf698c6aadce5d5f4d27c6

Tree-SHA512: a85b33efe66048f06699b3997f83c9427f70f278fa66d30ee9a29c91f50723ff8bd1ffb9d968d7f08818742c8c6afb0b40dbfc14b95a4b8c3302caf9bede4198
 2021-01-14 20:42:23 +00:00
Erik Arvstedt
e2922eb4ce
move rpc thread count setting to lightning modules 2021-01-14 13:25:12 +01:00
Erik Arvstedt
352fc4e8fe
liquid: remove insecure and redundant option 'rpcpassword' 2021-01-14 13:25:11 +01:00
Erik Arvstedt
757a66b9bd
liquid: move rpcuser definition to module 2021-01-14 13:25:11 +01:00
Erik Arvstedt
0e00c39d47
secure-node: improve layout 2021-01-14 13:25:11 +01:00
Erik Arvstedt
5f7a7962f7
backups: remove redundant option 'program' 
Not needed until we support other backup backends.
 2021-01-14 13:25:11 +01:00
Erik Arvstedt
04d8560f86
secure-node: remove qrencode, tor from systemPackages 
Keep jq which is useful for analyzing service cli output.
 2021-01-14 13:25:10 +01:00
Erik Arvstedt
323a431aba
improve nodeinfo 
- enable usage outside of secure-node.nix
- use json as the output format
- show ports
- also show local addresses, which is particularly useful when
  netns-isolation is enabled
- only show enabled services
 2021-01-14 13:25:10 +01:00
Erik Arvstedt
f6b883a9ac
remove webindex 
This module is outdated and incomplete. We can readd an improved version in
the future.

Move nanopos nginx proxy tests to the nanopos test.
 2021-01-14 13:25:10 +01:00
Erik Arvstedt
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver 
In case of btcpayserver the default onion service is a security risk
because any visitor can register an admin account on a freshly setup node.
 2021-01-14 13:25:09 +01:00
Erik Arvstedt
18c7842e1a
modules: show warnings for obsolete options 2021-01-14 13:25:09 +01:00
Erik Arvstedt
45c40c4eb9
versioning: simplify assertion evaluation 2021-01-14 13:25:09 +01:00