nix-bitcoin

Author	SHA1	Message	Date
Erik Arvstedt	f36df8f563	secure-node: remove redundant bitcoind settings - `discover` is automatically disabled by bitcoind because we're setting `externalip` via the `nix-bitcoin.onionServices` mechanism - `bech32` is bitcoind's default addresstype	2021-10-04 00:33:26 +02:00
Jonas Nick	0c31130ac8	secure-node: remove default bitcoin addnode Onion v2 addresses are incompatible with the upcoming bitcoind version.	2021-09-19 20:03:40 +00:00
Erik Arvstedt	35fe939cf8	security: update /proc restriction mechanism NixOS option `security.hideProcessInformation` for globally restricting access to /proc has been removed. Use per-service restrictions via 'ProtectProc' instead. Rename `nix-bitcoin.security.hideProcessInformation` to `nix-bitcoin.security.dbusHideProcessInformation` because this option now only implements the dbus restriction.	2021-08-14 10:46:41 +02:00
Erik Arvstedt	178a0dcf8f	services: use new 'tor' options	2021-08-14 10:46:41 +02:00
Erik Arvstedt	a25ceecca5	update to NixOS 21.05	2021-08-12 11:18:26 +02:00
nixbitcoin	3b938a909f	add hardened-extended preset	2021-04-02 10:59:09 +00:00
Jonas Nick	a4dabc7390	Remove nixops examples and documentation	2021-03-15 12:42:47 +00:00
kon	eb21012745	pool: add pkg, module & tests	2021-03-01 10:59:35 +01:00
nixbitcoin	b1c9e13033	bitcoind: secure-node remove assumevalid	2021-02-23 11:04:31 +00:00
nixbitcoin	2ca92a34a5	services: use doas if enabled - Remove sudo from recurring-donations path because it's not used by the service - Use doas instead of sudo in secure-node.nix	2021-02-09 12:44:04 +00:00
Erik Arvstedt	a344ae95c9	move mkHiddenService to lib	2021-02-04 12:39:54 +00:00
nixbitcoin	8c125ec48c	joinmarket-obwatcher: add pkg & module	2021-01-17 17:40:12 +00:00
Erik Arvstedt	e2922eb4ce	move rpc thread count setting to lightning modules	2021-01-14 13:25:12 +01:00
Erik Arvstedt	757a66b9bd	liquid: move rpcuser definition to module	2021-01-14 13:25:11 +01:00
Erik Arvstedt	0e00c39d47	secure-node: improve layout	2021-01-14 13:25:11 +01:00
Erik Arvstedt	5f7a7962f7	backups: remove redundant option 'program' Not needed until we support other backup backends.	2021-01-14 13:25:11 +01:00
Erik Arvstedt	04d8560f86	secure-node: remove qrencode, tor from systemPackages Keep jq which is useful for analyzing service cli output.	2021-01-14 13:25:10 +01:00
Erik Arvstedt	323a431aba	improve nodeinfo - enable usage outside of secure-node.nix - use json as the output format - show ports - also show local addresses, which is particularly useful when netns-isolation is enabled - only show enabled services	2021-01-14 13:25:10 +01:00
Erik Arvstedt	f6b883a9ac	remove webindex This module is outdated and incomplete. We can readd an improved version in the future. Move nanopos nginx proxy tests to the nanopos test.	2021-01-14 13:25:10 +01:00
Erik Arvstedt	2a240d6f4a	enable-tor: disable default onion services for clightning, lnd, btcpayserver In case of btcpayserver the default onion service is a security risk because any visitor can register an admin account on a freshly setup node.	2021-01-14 13:25:09 +01:00
Erik Arvstedt	bd2a46cb73	spark-wallet: use onionServices Also remove the unneeded definition of ReadWritePaths because the service doesn't need write access to onion files.	2021-01-14 13:25:08 +01:00
Erik Arvstedt	87fb9f246b	add 'enable-tor' preset Move 'enforceTor' and onion-service definitions from secure-node.nix. Use the onionServices module to define onion services. Onion services now automatically work for services that bind to an INADDR_ANY (`0.0.0.0`) address.	2021-01-14 13:25:08 +01:00
Erik Arvstedt	93562f76dd	onionAddresses: remove redundant option 'enable' The service can be disabled via `onion-addresses.access = mkForce {};` Also remove redundant description.	2021-01-14 13:25:06 +01:00
Erik Arvstedt	5c6977b006	rename onion-chef -> nix-bitcoin.onionAddresses This clarifies its function.	2021-01-14 13:25:05 +01:00
Erik Arvstedt	39f16c0b4a	liquidd: add consistent address options	2021-01-14 13:25:05 +01:00
Erik Arvstedt	b5d76ba1b3	electrs: add consistent address options	2021-01-14 13:25:04 +01:00
Erik Arvstedt	8fa32b7f91	btcpayserver: add consistent address options	2021-01-14 13:25:04 +01:00
Erik Arvstedt	e78a609687	clightning: add consistent address options Also remove option 'autolisten'. This option has no effect because option 'bind-addr' is always set.	2021-01-14 13:25:04 +01:00
Erik Arvstedt	b41a720c28	lnd: add consistent address options Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.	2021-01-14 13:25:03 +01:00
Erik Arvstedt	dd4a0238f9	bitcoind: group rpc options under parent option 'rpc'	2021-01-14 13:25:03 +01:00
Erik Arvstedt	5b7e0d09b2	bitcoind: add consistent address options	2021-01-14 13:25:03 +01:00
Jonas Nick	79f4723cda	lightning-charge: remove package and module	2021-01-01 19:16:46 +00:00
Jonas Nick	58de79d401	nanopos: remove package and module	2021-01-01 17:37:30 +00:00
Erik Arvstedt	c8e73c959e	fix 'hardened' profile for NixOS 20.09 The 'scudo' memory allocator set by the 'hardened' profile breaks some services on 20.09. The fix for NixOS unstable (https://github.com/NixOS/nixpkgs/pull/104052) is ineffective on 20.09. As a workaround, add a custom 'hardened' preset that uses the default allocator.	2020-12-18 19:56:56 +01:00
nixbitcoin	f29f04c0c4	secure-node: LND no longer requires ControlPort Onion service is now generated through mkHiddenService function.	2020-11-06 08:51:23 +00:00
Erik Arvstedt	e0675cb256	move enforceTor logic to service modules This enables tor support for services without using secure-node.nix	2020-10-29 21:21:27 +01:00
Erik Arvstedt	5e0e16529c	netns: fix default addressblock value type Also remove redundant definition in secure-node.nix	2020-10-20 18:21:37 +02:00
Erik Arvstedt	480d0d3959	liquid: fix bitcoin rpc settings - Remove redundant option mainchainrpchost. This option is already provided by bitcoind. - Set a working default for rpcport and rpcuser. Enables use without secure-node.	2020-10-16 16:46:55 +02:00
Erik Arvstedt	9aa19c3fdd	extract operator module	2020-10-16 16:46:55 +02:00
nixbitcoin	173891fa5b	joinmarket: add module	2020-09-22 13:50:37 +00:00
nixbitcoin	605b37c16e	nodeinfo: add btcpayserver onion	2020-09-15 12:09:31 +00:00
nixbitcoin	15b574faa7	nbxplorer/btcpayserver: add module	2020-09-15 12:09:12 +00:00
Erik Arvstedt	4790c601a1	bitcoind: move rpc user config to bitcoind This enables modules-only usage. The privileged user is needed by bitcoind (cli), the public user is needed by other services.	2020-08-26 22:52:47 +02:00
Erik Arvstedt	876cfadf1a	bitcoind: add rpc user option 'passwordHMACFromFile' This allows adding additional rpc users without the need for user-specific code in preStart.	2020-08-26 22:52:47 +02:00
Erik Arvstedt	121301337b	netns: add option 'allowedUser' for modules-only usage The dependency on secure-node.nix prevented using nix-bitcoin by just importing modules.nix.	2020-08-25 11:40:27 +02:00
Erik Arvstedt	d0b8d77de2	netns: remove conditionals for service settings Going without the conditionals (like in secure-node.nix) adds readability and doesn't reduce evaluation performance (in fact, it even slightly improves performance due to implementation details of mkIf). To avoid errors, remove use of disabled services in secure-node.nix and nix-bitcoin-webindex.nix.	2020-08-25 11:40:27 +02:00
Erik Arvstedt	44de5064cd	security: don't restrict process info by default for module users	2020-08-20 13:12:07 +02:00
Erik Arvstedt	588a0b2405	security: enable full systemd-status for group 'proc' Previously, systemd-status was broken for all users except root. Use a 'default' deny policy, which is overridden for group 'proc'. Add operator to group 'proc'. Also, remove redundant XML boilerplate.	2020-08-20 13:12:06 +02:00
nixbitcoin	e4fb7a52de	backups: add module	2020-08-04 15:25:37 +00:00
nixbitcoin	e650df30d5	bitcoind: bump rpcthread count	2020-08-04 14:46:57 +00:00

1 2

97 Commits