Erik Arvstedt
a2466b1127
secrets: allow extending generate-secrets
...
`generate-secrets` is no longer a monolithic script. Instead, it's
composed of the values of option `nix-bitcoin.generateSecretsCmds`.
This has the following advantages:
- generate-secrets is now extensible by users
- Only secrets of enabled services are generated
- RPC IPs in the `lnd` and `loop` certs are no longer hardcoded.
Secrets are no longer automatically generated when entering nix-shell.
Instead, they are generated before deployment (via `krops-deploy`)
because secrets generation is now dependant on the node configuration.
2021-09-12 11:29:54 +02:00
Erik Arvstedt
24fd1e9bdc
improve examples/shell.nix
...
The user's local node configuration directory usually contains a copy of
examples/shell.nix.
1. Move the shell implementation from shell.nix to nix-bitcoin/helper/makeShell.nix
Because the shell is no longer defined locally in the user's config
directory, we can now ship new shell features via nix-bitcoin updates.
2. Simplify examples/nix-bitcoin-release.nix
nix-bitcoin-release.nix, as generated via `fetch-release`, now
contains a simple fetchTarball statement which can be directly imported.
This allows us to get rid of the extra `nix-bitcoin-unpacked` derivation
which adds a dependency on the user's local nixpkgs.
To keep `fetch-release` as simple as possible for easy auditing, we just
fetch and verify a `nar-hash.txt` file that is now uploaded
via `push-release.sh`.
A migration guide for updating the user's local `shell.nix` is
automatically printed when the user starts a new shell after updating
nix-bitcoin.
This is achieved by throwing an error in `generate-secrets`, which is called
on shell startup.
This commit is required to deploy the new extensible `generate-secrets`
mechanism introduced in the next commit.
2021-09-12 11:29:54 +02:00
Erik Arvstedt
e1e3d8a92b
secrets: simplify cert generation
...
- Remove openssl.cnf which includes many unused settings.
- Generate the key and cert files with a single call to openssl.
- Option `-nodes` ("no DES") disables encryption of the key file.
- Option `-addext` is used to specify `subjectAltName` settings
that were previously defined by openssl.cnf.
The key type is unchanged.
Certificate changes:
- Certificate duration is now 10 years
- Organization (subj 'O') is now 'loop' instead of 'loopd' for
lightning-loop to simplify the code.
For reference, the org. name in auto-generated loop certs is
"loop autogenerated cert".
- The certificate now includes all default x509v3 extensions.
These were previously restricted to just `subjectAltName` by openssl.cnf.
We now use the openssl defaults for simplicity.
2021-09-11 15:07:24 +02:00
Erik Arvstedt
5087ce245f
minor cleanups
...
- btcpayserver: remove unneeded trailing semicolons
- krops/get-sha256:
`tail` is unneeded because `nix-prefetch-url` just outputs a single
line containing the hash.
2021-09-11 15:07:23 +02:00
Jonas Nick
faa7831708
Merge fort-nix/nix-bitcoin#384 : joinmarket: Update patch hash
...
c35e96a553
joinmarket: update patch hash (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK c35e96a553
Tree-SHA512: 40f1bbe6990fa940c0153e00719d2e56e20ce9dc01a5975c48e0da070544b873cafa6cb9aeb860498aad8c104c379f3e368496c96cc569966963a707f478178c
2021-09-06 11:39:40 +00:00
Erik Arvstedt
c35e96a553
joinmarket: update patch hash
...
The patch hash has changed due to an update of the PR branch.
The PR has now been merged.
2021-09-05 22:33:17 +02:00
Erik Arvstedt
926f1febb7
make-container: update extra-container version
...
Keep this file in sync with the latest extra-container update.
2021-09-04 08:17:38 +02:00
Erik Arvstedt
179b86d19c
joinmarket: allow recreating wallet from seed
...
This allows users to easily upgrade their wallets to use Fidelity Bonds.
2021-08-30 13:37:05 +02:00
nixbitcoin
00a0759884
joinmarket-ob-watcher: extra permissions & functionality for fidelity bonds
2021-08-30 13:37:04 +02:00
Erik Arvstedt
d7f9e33e1c
joinmarket-ob-watcher: move resource files to extra dir
...
Don't clutter joinmarket/bin with ob-watcher resource files.
2021-08-30 13:37:04 +02:00
nixbitcoin
e95abf6c7e
joinmarket: 0.8.3 -> 0.9.1
2021-08-30 09:02:26 +00:00
Erik Arvstedt
dde04f8cbe
update nixpkgs-unstable
...
Includes:
btcpayserver: 1.1.2 -> 1.2.0
lightning-loop: 0.14.2-beta -> 0.15.0-beta
nbxplorer: 2.1.52 -> 2.1.58
2021-08-26 12:45:10 +02:00
Erik Arvstedt
f7c2133250
add flake support
...
This change is fully backwards compatible.
We continue to use the standard non-flake evaluation mode in our
examples and internal tooling until the flakes design has stabilized.
'clightning-plugins = pkgs.recurseIntoAttrs' in pkgs/default.nix is
needed by flake-utils.lib.flattenTree in flake.nix.
It transforms the packages in `clightning-plugins` to top-level packages
named like `clightning-plugins/summary`. (The flake attr `packages`
must be a non-nested attrset of derivations.)
2021-08-26 12:45:10 +02:00
Erik Arvstedt
de77281cba
pkgs: import pinned nixpkgs in default.nix
...
pkgs/default.nix now explicitly specifies all its dependencies as arguments.
This is required for flake support.
Also simplify pinned.nix and python-packages by removing unused attrs.
2021-08-16 10:43:07 +02:00
Erik Arvstedt
fdc278a0b8
lib: fix comment
2021-08-15 11:29:36 +02:00
Erik Arvstedt
c758d68ea4
lib: rename privileged -> rootScript
...
The naming is now analogous the related function `script`.
2021-08-15 11:29:34 +02:00
Jonas Nick
8a49b41bb4
update nixpkgs-{stable,unstable}
...
Includes
- clightning 0.10.1
- lightning-loop 0.14.2
2021-08-14 17:57:49 +00:00
Erik Arvstedt
c4c2b03e19
extra-container: 0.6 -> 0.7
...
Version 0.7 adds support for NixOS 21.05.
2021-08-14 10:46:41 +02:00
Erik Arvstedt
ca64a4a64f
clightning-plugins.prometheus: use current nixpkgs version of prometheus-client
2021-08-14 10:46:41 +02:00
Erik Arvstedt
3aab1fc267
spark-wallet: update to new node-env
2021-08-14 10:46:41 +02:00
Erik Arvstedt
35fe939cf8
security: update /proc restriction mechanism
...
NixOS option `security.hideProcessInformation` for globally restricting
access to /proc has been removed.
Use per-service restrictions via 'ProtectProc' instead.
Rename
`nix-bitcoin.security.hideProcessInformation` to
`nix-bitcoin.security.dbusHideProcessInformation`
because this option now only implements the dbus restriction.
2021-08-14 10:46:41 +02:00
Erik Arvstedt
178a0dcf8f
services: use new 'tor' options
2021-08-14 10:46:41 +02:00
Erik Arvstedt
a25ceecca5
update to NixOS 21.05
2021-08-12 11:18:26 +02:00
Erik Arvstedt
b758150c9e
pinned: expose nixpkgsStable, nixpkgsUnstable
...
This allows accessing the pinned nixpkgs.
E.g., this is useful for comparing package versions between stable
and unstable.
2021-08-12 11:18:08 +02:00
Jonas Nick
1ecd9756f6
Merge fort-nix/nix-bitcoin#369 : BTCPayServer L-BTC Support
...
54810ce1bf
btcpayserver: add L-BTC support (nixbitcoin)
b24c14ec61
liquidd: make regtest capable (nixbitcoin)
b7225f5d11
update nixpkgs-unstable (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 54810ce1bf
Tree-SHA512: 363165d3b977cd4425191bce4246dd9e83daf914bf2adcaf3cf42d0c170f5730e7e79934a97e5f9c071d0f52bf9ee75a3aa710c4c52135ea58bcdd898babcc74
2021-08-10 12:23:46 +00:00
nixbitcoin
ed480a35af
joinmarket: 0.8.2 -> 0.8.3
...
Includes
- coincurve: 13.0.0 -> 15.0.0
- Update Darkscience Tor onion address
2021-08-10 10:12:29 +00:00
nixbitcoin
b7225f5d11
update nixpkgs-unstable
...
Includes
- btcpayserver: optional altcoin support
- lnd 0.13.1-beta
2021-08-10 10:00:13 +00:00
Jonas Nick
650e50b409
clightning-plugins: update to latest rev
...
This is necessary in preparation for clightning 0.10.1 which requires an update
to the rebalance plugin.
2021-08-10 08:37:14 +00:00
Pavol Rusnak
2f4d7b866c
elementsd: replace local version with nixpkgs
2021-07-16 23:32:58 +02:00
Jonas Nick
676a4beb81
Merge fort-nix/nix-bitcoin#359 : charge-lnd: add module
...
b666bb2903
charge-lnd: add module (Martin Milata)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK b666bb2903
Tree-SHA512: c5e1edeefbd68ec4ba0e12c57922fb21ae3d1b3d54e403087e5bb7f6285db0a011404125c516bd7739741609d21fef6e7d86ad613c364aca6010652118faffff
2021-07-15 22:15:28 +00:00
Martin Milata
b666bb2903
charge-lnd: add module
2021-07-12 17:36:31 +02:00
nixbitcoin
ffbbdab999
lightning-loop & lightning-pool: replace local versions with nixpkgs
2021-07-12 11:20:32 +00:00
Jonas Nick
842ed44292
Merge fort-nix/nix-bitcoin#366 : Update nixpkgs
...
ce10003747
lnd: allow curl to retry in the create-wallet script (Jonas Nick)
a23b9d1c2d
lnd: check that state is RPC_ACTIVE after unlocking (Jonas Nick)
c75347027b
lnd: don't wait until the RPC port is open after unlocking (Jonas Nick)
bc9199a386
Update nixpkgs (Jonas Nick)
8fbba87c0f
Update nixpkgs (Martin Milata)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK ce10003747
Tree-SHA512: 658d74caec7849ff173ce58c7807d5342f39ff159bc40e617e9f28de7696b91e2801f920b183deefea141f9de2db9a9423ce13d31e6b96ff991ab07032522b55
2021-07-09 21:44:47 +00:00
Jonas Nick
bc9199a386
Update nixpkgs
2021-07-07 13:12:46 +00:00
nixbitcoin
c0a0d03006
elementsd: 0.18.1.11 -> 0.18.1.12
2021-07-07 10:40:47 +00:00
Martin Milata
8fbba87c0f
Update nixpkgs
...
nixos-unstable:
a76f6b02852a724059a7b7cfe73ac5b7a2a81831 lnd: 0.12.1-beta -> 0.13.0-beta
e2dc2b859674411f5ed5b81781926afc7fde5260 btcpayserver: 1.0.7.2 -> 1.1.1
074b608d01e60fbef9bffe0ac7e25e72d20f4866 nbxplorer: 2.1.49 -> 2.1.51
60c6153ab12229fa3d067460614131da5e67f6da btcpayserver/update.sh: auto-update nbxplorer
1608efae17a36cc6206d929801cf2bd887d157b2 btcpayserver, nbxplorer: gpg verify upstream sources
c0693eae1e9cb28ad148ebb49f8200d340432079 hwi: 2.0.1 -> 2.0.2
43031a05d2e2b08ed5f98b3f5255e7d76ef4e403 charge-lnd: init at 0.1.2
5fd4f796b4210d691b1f89e1f29043d635cd20e0 charge-lnd: 0.1.2 -> 0.1.3
2021-06-20 23:28:46 +02:00
Jonas Nick
bdd00bff6c
Merge #358 : lightning-loop: 0.12.1 -> 0.12.2
...
e6f2646ea7
lightning-loop: 0.12.1 -> 0.12.2 (nixbitcoin)
Pull request description:
ACKs for top commit:
jonasnick:
ACK e6f2646ea7
Tree-SHA512: 64c7a826abd8c3fa4f3bbae338e2971f2155860cd9ebfb1fda43dd59cfb543acb0f726ba84631142fec6d70a26d59fc8e3519c8a863b7a7fc74c3d75dcddb552
2021-05-05 21:53:48 +00:00
nixbitcoin
e6f2646ea7
lightning-loop: 0.12.1 -> 0.12.2
2021-05-05 09:12:15 +00:00
nixbitcoin
3963d04209
clboss: 0.11A -> 0.11B
2021-05-05 09:04:18 +00:00
Erik Arvstedt
7ae0a38701
electrs: replace local version with nixpkgs
2021-05-04 11:31:35 +00:00
Jonas Nick
9588b0af08
update nixpkgs
...
Includes
bitcoin: 0.21.0 -> 0.21.1
2021-05-03 18:15:21 +00:00
nixbitcoin
a71f69cb3a
hwi: replace local version with upstream
2021-04-23 11:17:18 +00:00
Jonas Nick
e93a861b92
Update nixpkgs (stable only)
2021-04-19 19:49:08 +00:00
Jonas Nick
4875314b6f
clboss: 0.10 -> 0.11A
2021-04-11 12:39:08 +00:00
nixbitcoin
daeedda825
clightning-plugins: update rev and dependencies
2021-04-09 16:10:33 +02:00
Erik Arvstedt
c5f67629e6
joinmarket: add copy of cryptography 3.3.2
2021-04-07 19:05:40 +02:00
nixbitcoin
ca0c6289d7
update nixpkgs-unstable
...
btcpayserver: 1.0.7.0 -> 1.0.7.2
clightning: 0.9.3 -> 0.10.0
2021-04-07 10:02:19 +00:00
Jonas Nick
ca71eb01d2
Merge #349 : elementsd: 0.18.1.9 -> 0.18.1.11
...
9bb2c02978
elementsd: 0.18.1.9 -> 0.18.1.11 (nixbitcoin)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 9bb2c02978
Tree-SHA512: c9ab3588eee0fd19ca23ebcf50b70547614ad6a67958e23cf5b1779c795505166b168a45cc8d6a8e2863aa4ded1cc81d795d495cd551e557592d052ecccf16d6
2021-04-02 13:00:31 +00:00
nixbitcoin
9bb2c02978
elementsd: 0.18.1.9 -> 0.18.1.11
2021-04-02 11:03:03 +00:00
nixbitcoin
d56a363d3d
services: improve default hardening
2021-04-02 10:59:17 +00:00
nixbitcoin
cde9597fc4
lightning-loop: 0.12.0 -> 0.12.1
2021-03-26 09:31:11 +00:00
Jonas Nick
aea1706e49
Merge #345 : electrs: 0.8.8 -> 0.8.9
...
d5c53e1510
electrs: 0.8.8 -> 0.8.9 (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK d5c53e1510
Tree-SHA512: f57bd85e2c9ca592774d1e5aaa13042cdf6f3887715e99ed6a0aa9a4d5f5e3c9b32200c616ba2a51b7d50ab414297ea79cca0a0be5002c3cf1b1c92023a6e9c5
2021-03-22 19:58:28 +00:00
Erik Arvstedt
4cddf284e9
treewide: remove use of deprecated stdenv.lib
2021-03-22 14:39:32 +01:00
Erik Arvstedt
08fe9ba84a
services: add finer-grained address family restrictions
...
Due to a possible NixOS bug, this commit has no effect on NixOS 20.09
where `RestrictAddressFamilies` is a no-op.
It's only relevant for NixOS unstable with cgroups v2.
bitcoind+zmq: instead of allowing all address families, only add the required
AF_NETLINK family.
lnd: lnd only runs a zmq client, not a server, therefore it requires
no additional address families.
lightning-pool, clightning-plugin-zmq: add AF_NETLINK.
2021-03-22 14:35:29 +01:00
Erik Arvstedt
020433cec6
services: add helper fn setAllowedIPAddresses
...
Also use 'allowLocalIPAddresses' instead of 'allowTor' in bitcoind-import-banlist
which doesn't use Tor.
2021-03-22 13:20:45 +01:00
nixbitcoin
d5c53e1510
electrs: 0.8.8 -> 0.8.9
2021-03-22 11:54:28 +00:00
Erik Arvstedt
d214605b32
spark-wallet: add flakes compatibility
...
Pure flakes can't use NIX_PATH.
2021-03-16 12:46:19 +01:00
Erik Arvstedt
81db927f66
spark-wallet/generate: remove supplement.json
...
This file is empty and has no effect.
2021-03-16 12:46:19 +01:00
Jonas Nick
e017675d5e
krops: add package
2021-03-15 18:53:07 +01:00
Jonas Nick
b07185915a
Merge #331 : nixops: remove libvirtd plugin
...
f1064761d7
nixops: remove libvirtd plugin (nixbitcoin)
Pull request description:
ACKs for top commit:
jonasnick:
ACK f1064761d7
erikarvstedt:
ACK f1064761d7
Tree-SHA512: 66c8fc20c2f210d5d37025cc1772330354a6a8ecbdb1fb9e8fcd1391030485c936ab28647f739bd90b083d627602ade39a5575114d69db8e8d1375989d5cdd0e
2021-03-14 14:42:43 +00:00
Jonas Nick
1377cf5147
Merge #337 : joinmarket: 0.8.1 -> 0.8.2
...
5ead2a7075
joinmarket: 0.8.1 -> 0.8.2 (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 5ead2a7075
Tree-SHA512: 2ac87f74a1008c058adef81d11049d985a64f435d75ef61584e8debdcc985f78c1d43430c09ee71c247a93908a5ba3a1efdcf91b0666a84b3269509a99685343
2021-03-10 21:24:12 +00:00
nixbitcoin
5ead2a7075
joinmarket: 0.8.1 -> 0.8.2
...
- add SNICKER to default config
- update package
- ob-watcher: copy vendorized js and css dependencies
- add missing dependency to jmbase
- use cryptography from pinned.nixpkgs-unstable
2021-03-10 13:33:49 +00:00
nixbitcoin
6c9c820862
lightning-loop: 0.11.3-beta -> 0.12.0-beta
2021-03-07 18:28:08 +00:00
kon
eb21012745
pool: add pkg, module & tests
2021-03-01 10:59:35 +01:00
Jonas Nick
f214a703a5
Merge #332 : update nixpkgs-unstable
...
32acaa5f48
update nixpkgs-unstable (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 32acaa5f48
jonasnick:
ACK 32acaa5f48
Tree-SHA512: b688c81da82ef5166fc8074471187f72188b3fb5dc455a9b24c5e3497e3406898185acd2e551356af3300578b2b98eeabf22edcbb7614f02f6ca34afa05b05b0
2021-02-25 08:03:24 +00:00
nixbitcoin
32acaa5f48
update nixpkgs-unstable
...
btcpayserver: 1.0.5.9 -> 1.0.6.8
nbxplorer: 2.1.46 -> 2.1.49
2021-02-23 10:57:55 +00:00
nixbitcoin
eaa58505a7
electrs: v0.8.7 -> v0.8.8
2021-02-23 10:51:43 +00:00
nixbitcoin
f1064761d7
nixops: remove libvirtd plugin
...
Fix "Package 'libvirt-5.9.0' is marked as insecure, refusing to
evaluate."
2021-02-23 10:36:30 +00:00
nixbitcoin
42f7e9f874
joinmarket: 0.8.0-a5e8879 -> 0.8.1
...
- Update joinmarket package
- Revert unofficial release settings
- Move Yield Generator config to configFile
- Add new config option max_sweep_fee_change
2021-02-14 16:23:53 +00:00
Jonas Nick
1302f87c70
Merge #321 : Update nixpkgs
...
47e5442910
Update nixpkgs (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 47e5442910
Tree-SHA512: 4bbcd7711ca3fdf3b8cca36c22b60ceed79a965b3d844dffd44299357ddedd0522c1b5835c53ac0d07b8c0c9456b390d3414017b6d98c8eff469c0039114b471
2021-02-12 22:24:39 +00:00
nixbitcoin
47e5442910
Update nixpkgs
...
Includes CVE-2019-25016 patch
2021-02-12 09:59:55 +00:00
nixbitcoin
b6f6b5e372
lightning-loop: 0.11.2-beta -> 0.11.3-beta
2021-02-10 15:37:29 +00:00
Jonas Nick
f9683889d9
Merge #312 : Refactorings, cleanups
...
0a2c8e4864
run-tests: add option --copy-src (Erik Arvstedt)
803584a288
backups: don't use hardcoded secrets dir (Erik Arvstedt)
c29d44b49a
ci: use 'cachix watch-exec' (Erik Arvstedt)
6a32812412
services: add names for systemd helper scripts (Erik Arvstedt)
6982699613
services: use consistent layout (Erik Arvstedt)
a43534dda0
services: improve config file setup (Erik Arvstedt)
18f2002cf0
joinmarket-yieldgenerator: improve systemd journal output (Erik Arvstedt)
9d0b8c8f6f
joinmarket-ob-watcher: use DynamicUser (Erik Arvstedt)
e9c98f415c
joinmarket: explain need for tor control socket (Erik Arvstedt)
d9c87b6a8f
joinmarket: fix wallet creation (Erik Arvstedt)
7458350108
treewide: remove deprecated types.loaOf (Erik Arvstedt)
9cf038939c
treewide: use mkEnableOption (Erik Arvstedt)
7a97304f13
treewide: remove unit descriptions (Erik Arvstedt)
a942177ecf
treewide: remove user descriptions (Erik Arvstedt)
4f6ff408ef
treewide: remove unneeded string literals (Erik Arvstedt)
e6a6c721c1
treewide: streamline 'extraConfig' descriptions (Erik Arvstedt)
e774c045de
treewide: fix formatting (Erik Arvstedt)
0b5b29a2a3
netns-isolation: simplify permission definition for netns-exec (Erik Arvstedt)
a587a2b02a
defaultHardening: explain where @system-service is defined (Erik Arvstedt)
bb3a69797e
README: minor improvements (Erik Arvstedt)
13fc9dfabf
examples: improve introductory comments (Erik Arvstedt)
af2040f4c4
netns-isolation: use 'true' for systemd option (Erik Arvstedt)
c246bbb36e
bitcoind, clightning, lnd: improve descriptions (Erik Arvstedt)
7533f12ef1
bitcoind, clightning, run-tests: minor refactoring (Erik Arvstedt)
41fe9b0c1d
elementsd: minor refactoring (Erik Arvstedt)
f0850d3f23
btcpayserver: reorder config settings (Erik Arvstedt)
d1c0ea9f85
btcpayserver: add missing systemd postgresql dependency (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 0a2c8e4864
Tree-SHA512: 5c81b36042fbb2f016c8e58ba9e05ef3389d5376b8df713d3258d2cd0b6a9239904531171aca8e49bea7039341d5fa91aa9474c6d98de849c25ede52deccc5a3
2021-02-08 20:32:03 +00:00
Erik Arvstedt
6a32812412
services: add names for systemd helper scripts
...
The systemd journal now shows a specific script name instead of
the generic name "script" before script output.
2021-02-07 22:45:36 +01:00
Jonas Nick
2ebd1129a5
Merge #317 : Pkg updates
...
a0f48c9de9
examples: fix deploy-container interactive flag (nixbitcoin)
a2f265cd35
secp256k1: move to top-level packages (Erik Arvstedt)
d41a843167
jmbitcoin: remove secp256k1 from propagatedBuildInputs (Erik Arvstedt)
c22adb03af
extra-container: 0.5 -> 0.6 (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK a0f48c9de9
jonasnick:
ACK a0f48c9de9
Tree-SHA512: 29fa58a960673df407831dd41594c66b26dad1de1e792f4fcc8e35641f39dd873d77b725651be5e01c875bf42284fa78903bab0ea677ec5a0e7eccf98816845d
2021-02-07 21:44:10 +00:00
Erik Arvstedt
4f6ff408ef
treewide: remove unneeded string literals
2021-02-07 22:41:29 +01:00
Erik Arvstedt
e774c045de
treewide: fix formatting
2021-02-07 22:40:10 +01:00
Erik Arvstedt
a587a2b02a
defaultHardening: explain where @system-service is defined
2021-02-07 22:39:06 +01:00
Erik Arvstedt
41fe9b0c1d
elementsd: minor refactoring
...
- Use pname
- urls -> url
2021-02-07 22:39:05 +01:00
Erik Arvstedt
a2f265cd35
secp256k1: move to top-level packages
...
Reason: secp256k1 is not a Python package.
2021-02-06 11:43:36 +01:00
Erik Arvstedt
d41a843167
jmbitcoin: remove secp256k1 from propagatedBuildInputs
...
Adding this input has no effect. jmbitcoin accesses secp256k1 via bitcointx.
2021-02-06 11:43:36 +01:00
Erik Arvstedt
c22adb03af
extra-container: 0.5 -> 0.6
2021-02-06 11:43:36 +01:00
nixbitcoin
ebd478fd0d
lnd: add option 'restOnionService'
2021-02-05 09:17:14 +01:00
Erik Arvstedt
a344ae95c9
move mkHiddenService to lib
2021-02-04 12:39:54 +00:00
Erik Arvstedt
a26ed03d77
rename nix-bitcoin-services.nix -> lib.nix
2021-02-04 12:39:48 +00:00
nixbitcoin
a33c678d3b
update nixpkgs-unstable
...
Includes c-lightning 0.9.3 and lnd 0.12.0-beta
2021-02-01 10:11:30 +00:00
Erik Arvstedt
8f9ea61d6e
update nixpkgs-unstable
...
- bitcoind 0.20.1 -> 0.21.0
Manually create a wallet in the backup test because bitcoind
does not create a default wallet anymore
- disable the failing elementsd build on unstable
2021-01-31 22:26:30 +01:00
Erik Arvstedt
05e5ec99ec
modules packages: build electrs, lightning-loop with nixpkgs stable
...
Building with nixBitcoinPkgsUnstable was only a temporary measure to
fix build errors on stable.
2021-01-30 11:38:47 +01:00
Jonas Nick
58a88619ae
Merge #306 : Update nixpkgs
...
f96591c030
Update nixpkgs (nixbitcoin)
Pull request description:
ACKs for top commit:
jonasnick:
ACK f96591c030
Tree-SHA512: 41e79c1660108a7f6d879a11eecdcfd01135079f664794c198eef08c542dd0e829a6033cfc0851d3d9d5fb0f154db7933efa11a3e3d808dd40ef6d89dee0c58a
2021-01-27 16:17:11 +00:00
nixbitcoin
f96591c030
Update nixpkgs
...
Includes CVE-2021-3156 patch
2021-01-27 15:15:47 +00:00
nixbitcoin
69da6f94f1
electrs: v0.8.6 -> v0.8.7
2021-01-20 13:20:18 +00:00
nixbitcoin
8c125ec48c
joinmarket-obwatcher: add pkg & module
2021-01-17 17:40:12 +00:00
Erik Arvstedt
915df059f4
joinmarket: 0.8.0-bcfa7eb -> 0.8.0-a5e8879
2021-01-17 17:40:01 +00:00
Erik Arvstedt
254246cf39
joinmarket: use installPhase
...
This simplifies the build.
2021-01-17 14:17:14 +01:00
Erik Arvstedt
55073eee70
remove nix-bitcoin.pkgs.lib
...
Type ipv4Address is not needed anymore because all services have
separate 'port' and 'address' options.
2021-01-14 13:25:05 +01:00
Jonas Nick
79f4723cda
lightning-charge: remove package and module
2021-01-01 19:16:46 +00:00
Jonas Nick
58de79d401
nanopos: remove package and module
2021-01-01 17:37:30 +00:00
nixbitcoin
9423eadcee
clboss: add pkg
2020-12-22 09:39:37 +00:00
Jonas Nick
7b32a78de2
Merge #284 : Fix containers
...
2bfb4efbd8
make-container: fix usage comment (Erik Arvstedt)
3403795c86
tests: add example scripts (Erik Arvstedt)
ff94985b8b
tests: add test 'hardened' (Erik Arvstedt)
c8e73c959e
fix 'hardened' profile for NixOS 20.09 (Erik Arvstedt)
44b06aea5a
extra-container: 0.5-pre -> 0.5 (Erik Arvstedt)
a359cdfb66
generate-secrets: use pwgen (Erik Arvstedt)
a5a2fc7274
make-container: fix renamed variable (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 2bfb4efbd8
jonasnick:
utACK 2bfb4efbd8
Tree-SHA512: 421b1fc5bf695d6815f060d129855ae0fecc06f7946ed8ac2bfe53895d7dc9529aad40099fc16844547791010232252f74b1ce32cbc9c6458e6d77f327450e94
2020-12-21 12:24:14 +00:00
Erik Arvstedt
44b06aea5a
extra-container: 0.5-pre -> 0.5
2020-12-18 19:56:56 +01:00
Erik Arvstedt
a359cdfb66
generate-secrets: use pwgen
...
Password length and alphabet is unchanged, but the restriction to
include at least one numeric and one capital char has been removed.
This restriction is not needed by client applications,
adds code complexity, and even (insignificantly) reduces entropy.
Reason for switching to pwgen:
apg uses /dev/random instead of /dev/urandom which brings no security
benefits but can stall the generate-secrets script on low-entropy
devices due to blocking.
Since `security.rngd` has been disabled in NixOS 20.09, blocking
in generate-secrets can also appear on regular NixOS desktop systems.
2020-12-18 19:56:56 +01:00
nixbitcoin
fdfafb2f40
joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
...
Update to 0.8.0 with hotfix for genwallet script
Includes module versioning error with migration instructions
2020-12-17 11:12:58 +00:00
nixbitcoin
c9657305e7
temp: modify get-sha256 for hotfix commit
2020-12-14 16:55:03 +00:00
nixbitcoin
522b0000e6
lightning-loop: 0.11.1-beta -> 0.11.2-beta
2020-12-09 16:13:24 +00:00
Jonas Nick
fabe4df478
Update nixpkgs
...
Includes clightning: 0.9.1 -> 0.9.2 and btcpayserver: 1.0.5.5 -> 1.0.5.9
2020-12-07 12:30:11 +00:00
Jonas Nick
8e268c5ced
Fetch from the nixpkgs repo instead of nixpkgs-channels
...
nixpkgs-channels is deprecated.
2020-12-06 21:42:20 +00:00
Erik Arvstedt
1c0233c0a8
use Cirrus CI
...
- Make more economic use of the free CI resources by removing redundant build tasks:
- Build unstable pkgs in a single separate task ("pkgs_unstable").
- All stable pkgs are implicitly built by the modules tests.
- The build script (ci/build.sh) can now be executed locally for easier
debugging.
- Use an explicit 'cachix push' command instead of helper/wait-for-network-idle.rb.
This is simpler and more reliable.
2020-12-06 19:07:54 +01:00
Erik Arvstedt
a6346c2561
electrs: 0.8.5 -> 0.8.6
2020-12-01 12:51:36 +01:00
Ian Shipman
1d44b99340
add curated clightning plugins
2020-11-18 20:21:34 -06:00
Erik Arvstedt
5399f73b20
add txzmq python pkg
2020-11-18 20:21:34 -06:00
Erik Arvstedt
e62e163177
add clightning python pkgs
2020-11-18 20:21:34 -06:00
Erik Arvstedt
1a16e55237
move python packages to pkgs/python-packages
...
Remove obsolete passthru from joinmarket because joinmarket packages are
now accessible via pkgs/python-packages.
2020-11-18 20:21:34 -06:00
nixbitcoin
50372c9f2f
lightning-loop: 0.11.0-beta -> 0.11.1-beta
2020-11-18 15:36:38 +00:00
Erik Arvstedt
f1681f5b45
add option nix-bitcoin.pkgs, remove overlay
...
This works around a nixpkgs bug where overlays are ignored in containers.
2020-11-09 22:10:07 +01:00
Jonas Nick
a36957203c
Update nixpkgs (stable 20.03 -> 20.09)
2020-11-08 20:37:16 +00:00
nixbitcoin
546053511b
lightning-loop: 0.10.0-beta -> 0.11.0-beta
2020-11-06 08:51:30 +00:00
nixbitcoin
d4c0653c64
joinmarket: 0.7.0 -> 0.7.2
2020-11-06 08:51:15 +00:00
Jonas Nick
dbad828851
Merge #255 : Improve netns-isolation and Tor config
...
b4b607dfa5
netns: simplify firewall setup (Erik Arvstedt)
25639cec42
netns: fix error msg when starting netns (Erik Arvstedt)
67068afd6b
netns: fix error when stopping netns (Erik Arvstedt)
4ff88efc50
netns: add address binding test (Erik Arvstedt)
8da01fe8a6
lightning-loop: allow RPC access from main netns (Erik Arvstedt)
d76b080b74
lightning-loop: add RPC and REST server options (Erik Arvstedt)
9ddf7864a4
lightning-loop regtest: fix incorrectly succeeding test (Erik Arvstedt)
e66636ef0e
liquidd: use type str for rpcbind (Erik Arvstedt)
de23fdd377
lnd: use type str for rpclisten, restlisten (Erik Arvstedt)
8b053326cc
bitcoind: use type str for rpcbind (Erik Arvstedt)
6903e8afcc
netns-liquidd: allow RPC access from main netns (Erik Arvstedt)
82f4901880
netns-lnd: allow RPC access from main netns (Erik Arvstedt)
58d24e735d
netns-bitcoind: allow RPC access from main netns (Erik Arvstedt)
0e2ff948d3
test: add scenario 'netnsRegtest' (Erik Arvstedt)
e0675cb256
move enforceTor logic to service modules (Erik Arvstedt)
0cc8caa737
lnd: only set tor.active on enforceTor (Erik Arvstedt)
9a931483b9
netns test: remove strict dependency on clightning, electrs (Erik Arvstedt)
bae1b7f413
netns test: improve ping test (Erik Arvstedt)
5e0e16529c
netns: fix default addressblock value type (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK b4b607dfa5
nixbitcoin:
ACK b4b607dfa5
Tree-SHA512: b290831d9a3fa4de56b0f19cf84a1998e830aa844532d7cba8cd8227c785a23bfa1514123a974652e8e61060e1297b6bfbcff9640580206a04c5292309b1daef
2020-11-02 16:11:34 +00:00
Erik Arvstedt
8da01fe8a6
lightning-loop: allow RPC access from main netns
...
Note that this also exposes the REST server, which is secured by
macaroon auth like the RPC server.
2020-10-29 21:21:29 +01:00
Erik Arvstedt
6903e8afcc
netns-liquidd: allow RPC access from main netns
2020-10-29 21:21:28 +01:00
Erik Arvstedt
82f4901880
netns-lnd: allow RPC access from main netns
2020-10-29 21:21:27 +01:00
Erik Arvstedt
58d24e735d
netns-bitcoind: allow RPC access from main netns
2020-10-29 21:21:27 +01:00
Erik Arvstedt
2a9b918f72
generate-secrets: always run with Bash, stop on errors
2020-10-23 10:54:15 +02:00
nixbitcoin
486f385fdd
lightning-loop: 0.9.0 -> 0.10.0
...
Includes macaroon authentication
2020-10-19 08:59:14 +00:00
nixbitcoin
480df0dd65
elementsd: 0.18.1.8 -> 0.18.1.9
2020-10-18 16:00:08 +00:00
nixbitcoin
1f2f910774
spark-wallet: 0.2.16 -> 0.2.17
2020-10-18 16:00:06 +00:00
Erik Arvstedt
572967d3ad
extra-container: pre-release -> 0.5-pre
2020-10-16 15:53:32 +02:00
Erik Arvstedt
ac6cee5c12
pkgs: add extra-container
2020-10-11 19:40:26 +02:00
Jonas Nick
c051544d46
Merge #234 : loop: v0.8.1 -> v0.9.0
...
a89a3e934f
test: increase diskSize (nixbitcoin)
24b506ff8a
tests: simplify lightning-loop test (nixbitcoin)
e7c5f956ea
lightning-loop: update module (nixbitcoin)
4a503f57bd
lightning-loop: v0.8.1 -> v0.9.0 (nixbitcoin)
Pull request description:
ACKs for top commit:
jonasnick:
reACK a89a3e934f
erikarvstedt:
I think it's okay if you would just merge 24b506ff8a
, which is the direct parent of the ACK'd a89a3e934f
, and removing a89a3e934f
itself is totally uncontroversial.
Tree-SHA512: cee2a2714c714a22c35cea0fa829b42a371540983609cda6609f4d063d849f2e725643bd77cfe78eb71665725164d63f83b6c2589be9e72ba30aaecd7c8dee6c
2020-09-29 17:53:09 +00:00
Jonas Nick
d4f9bbac3f
Update nixpkgs
...
Includes clightning: 0.9.0-1 -> 0.9.1
2020-09-28 18:22:08 +00:00
Jonas Nick
00b413b5ce
Merge #237 : BTCPayServer from upstream & postgresqlBackup
...
73f4275d2a
backups: add btcpayserver database (nixbitcoin)
0784e2d479
Revert "temp: mirror erikarvstedt btcpayserver" (nixbitcoin)
7764f36405
pkgs: update pinned nixpkgs (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 73f4275d2a
Tree-SHA512: 6cd9ed61139918c762cfd66cfdc6f92d3d4d173fa29f8a7244b5f613a7982c5d48e10f0f0bce374cb40a51a84b4765ef8afb1b74fde5166967709d973107aa52
2020-09-25 17:57:21 +00:00
nixbitcoin
e7c5f956ea
lightning-loop: update module
...
* commandlineArgs -> configFile
* introduce tls certs
* loop dataDir
* fix formatting and descriptions
Warning: Manual migration of existing loop data directory necessary
2020-09-24 16:40:11 +00:00
nixbitcoin
4a503f57bd
lightning-loop: v0.8.1 -> v0.9.0
2020-09-24 16:39:36 +00:00
Erik Arvstedt
774da9d4e0
generate-secrets: fix python version for rpcauth
...
I accidentally included the minor version number.
Version 3.5 has been removed from nixpkgs unstable.
2020-09-24 16:32:38 +02:00
nixbitcoin
0784e2d479
Revert "temp: mirror erikarvstedt btcpayserver"
...
This reverts commit 99295328b4
.
Removes nbxplorer/btcpayserver from travis
Adds nbxplorer/btcpayserver to pinned.nix
2020-09-24 09:33:46 +00:00
nixbitcoin
7764f36405
pkgs: update pinned nixpkgs
2020-09-24 09:33:44 +00:00
nixbitcoin
d0701f518c
joinmarket: automatically generate wallet
2020-09-22 13:50:49 +00:00
nixbitcoin
173891fa5b
joinmarket: add module
2020-09-22 13:50:37 +00:00
nixbitcoin
f00d1d24c5
joinmarket: add pkg and local dependencies
2020-09-22 13:43:08 +00:00
nixbitcoin
15b574faa7
nbxplorer/btcpayserver: add module
2020-09-15 12:09:12 +00:00
Calvin Kim
99295328b4
temp: mirror erikarvstedt btcpayserver
2020-09-15 12:08:51 +00:00
Jonas Nick
4bddeb13b1
Update nixpkgs
...
Includes update lnd 0.10.3 -> 0.11.0
2020-09-08 08:21:26 +00:00
nixbitcoin
e56d5365cb
loop: update 0.7.0 -> 0.8.1
2020-08-30 07:59:01 +00:00
Jonas Nick
1c31208078
Merge #229 : Improve bitcoind RPC user config
...
9b6a3ec835
generate-secrets: extract fn 'makeHMAC' (Erik Arvstedt)
ca18ffb90a
generate-secrets: fetch rpcauth.py from github (Erik Arvstedt)
4d6127bb76
bitcoind: clarify RPC whitelist test (Erik Arvstedt)
9d610991be
bitcoind: remove custom rpc user names (Erik Arvstedt)
1408403dec
bitcoind: clarify how bitcoin-cli RPC access is enabled (Erik Arvstedt)
4790c601a1
bitcoind: move rpc user config to bitcoind (Erik Arvstedt)
876cfadf1a
bitcoind: add rpc user option 'passwordHMACFromFile' (Erik Arvstedt)
59434e79f0
bitcoind: simplify default rpc user name config (Erik Arvstedt)
205829b91f
bitcoind: remove whitespace (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 9b6a3ec835
jonasnick:
concept ACK 9b6a3ec835
Tree-SHA512: ccb9a8d2dc1f360cc1f0bd77535fa8edfd9afec0a519719103fd059d5912a1ed4960c22ef14df616a731f6a88861fecb8d1653fb71c2288b851e4a02f9f49cb2
2020-08-29 20:06:53 +00:00
Erik Arvstedt
9b6a3ec835
generate-secrets: extract fn 'makeHMAC'
2020-08-27 12:20:06 +02:00
Erik Arvstedt
ca18ffb90a
generate-secrets: fetch rpcauth.py from github
...
No need to vendor this.
2020-08-27 12:20:06 +02:00
Jonas Nick
4d19fb7bf7
Merge #228 : Update nixpkgs
...
52978b87fb
Update nixpkgs (Jonas Nick)
6a2efccdf3
spark-wallet: 0.2.14 -> 0.2.16 (Jonas Nick)
438dde84fe
Replace sks-keyservers.net with keyserver.ubuntu.com (Jonas Nick)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 52978b87fb
Tree-SHA512: b3f68865e2606760682e8fc1f6e637bfb38b382ea25cc67eff6402585b0f7118f132a5d9d7531c650d29d69c0b4eb8e277ad172038be73c4d34a9de678140844
2020-08-26 09:52:47 +00:00
Erik Arvstedt
ed73627e02
netns-exec: minor style fixes
...
- Use inline variable declarations
- Improve messages
- Fix naming: available -> allowed
- Simplify intro comment
2020-08-25 14:53:12 +02:00
Erik Arvstedt
91ebc2d517
netns-exec: simplify installation
2020-08-25 14:53:12 +02:00
Jonas Nick
52978b87fb
Update nixpkgs
...
Includes clightning 0.9.0
2020-08-25 12:41:29 +00:00