Commit Graph

286 Commits

Author SHA1 Message Date
Erik Arvstedt
f61e928139
services: support 0.0.0.0/:: in address options
Previously, client services didn't decode these special INADDR_ANY
addresses and failed to connect.
2021-10-04 00:33:26 +02:00
Jonas Nick
e94e071ad6
update nixpkgs
bitcoin: 0.21.1 -> 22.0
bitcoind: 0.21.1 -> 22.0
electrs: 0.8.10 -> 0.8.11
2021-09-19 20:07:55 +00:00
Erik Arvstedt
0186b2a764
examples/shell.nix: Add upgrade note for NixOps users 2021-09-15 12:01:37 +02:00
nixbitcoin
3e146512d7
joinmarket: add copy of twisted 20.3.0 2021-09-14 20:06:35 +00:00
Erik Arvstedt
a2466b1127
secrets: allow extending generate-secrets
`generate-secrets` is no longer a monolithic script. Instead, it's
composed of the values of option `nix-bitcoin.generateSecretsCmds`.

This has the following advantages:
- generate-secrets is now extensible by users
- Only secrets of enabled services are generated
- RPC IPs in the `lnd` and `loop` certs are no longer hardcoded.

Secrets are no longer automatically generated when entering nix-shell.
Instead, they are generated before deployment (via `krops-deploy`)
because secrets generation is now dependant on the node configuration.
2021-09-12 11:29:54 +02:00
Erik Arvstedt
24fd1e9bdc
improve examples/shell.nix
The user's local node configuration directory usually contains a copy of
examples/shell.nix.

1. Move the shell implementation from shell.nix to nix-bitcoin/helper/makeShell.nix
   Because the shell is no longer defined locally in the user's config
   directory, we can now ship new shell features via nix-bitcoin updates.

2. Simplify examples/nix-bitcoin-release.nix
   nix-bitcoin-release.nix, as generated via `fetch-release`, now
   contains a simple fetchTarball statement which can be directly imported.
   This allows us to get rid of the extra `nix-bitcoin-unpacked` derivation
   which adds a dependency on the user's local nixpkgs.

   To keep `fetch-release` as simple as possible for easy auditing, we just
   fetch and verify a `nar-hash.txt` file that is now uploaded
   via `push-release.sh`.

A migration guide for updating the user's local `shell.nix` is
automatically printed when the user starts a new shell after updating
nix-bitcoin.
This is achieved by throwing an error in `generate-secrets`, which is called
on shell startup.

This commit is required to deploy the new extensible `generate-secrets`
mechanism introduced in the next commit.
2021-09-12 11:29:54 +02:00
Erik Arvstedt
e1e3d8a92b
secrets: simplify cert generation
- Remove openssl.cnf which includes many unused settings.
- Generate the key and cert files with a single call to openssl.
  - Option `-nodes` ("no DES") disables encryption of the key file.
  - Option `-addext` is used to specify `subjectAltName` settings
    that were previously defined by openssl.cnf.

The key type is unchanged.
Certificate changes:
- Certificate duration is now 10 years
- Organization (subj 'O') is now 'loop' instead of 'loopd' for
  lightning-loop to simplify the code.
  For reference, the org. name in auto-generated loop certs is
  "loop autogenerated cert".
- The certificate now includes all default x509v3 extensions.
  These were previously restricted to just `subjectAltName` by openssl.cnf.
  We now use the openssl defaults for simplicity.
2021-09-11 15:07:24 +02:00
Erik Arvstedt
5087ce245f
minor cleanups
- btcpayserver: remove unneeded trailing semicolons

- krops/get-sha256:
  `tail` is unneeded because `nix-prefetch-url` just outputs a single
  line containing the hash.
2021-09-11 15:07:23 +02:00
Jonas Nick
faa7831708
Merge fort-nix/nix-bitcoin#384: joinmarket: Update patch hash
c35e96a553 joinmarket: update patch hash (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK c35e96a553

Tree-SHA512: 40f1bbe6990fa940c0153e00719d2e56e20ce9dc01a5975c48e0da070544b873cafa6cb9aeb860498aad8c104c379f3e368496c96cc569966963a707f478178c
2021-09-06 11:39:40 +00:00
Erik Arvstedt
c35e96a553
joinmarket: update patch hash
The patch hash has changed due to an update of the PR branch.
The PR has now been merged.
2021-09-05 22:33:17 +02:00
Erik Arvstedt
926f1febb7
make-container: update extra-container version
Keep this file in sync with the latest extra-container update.
2021-09-04 08:17:38 +02:00
Erik Arvstedt
179b86d19c
joinmarket: allow recreating wallet from seed
This allows users to easily upgrade their wallets to use Fidelity Bonds.
2021-08-30 13:37:05 +02:00
nixbitcoin
00a0759884
joinmarket-ob-watcher: extra permissions & functionality for fidelity bonds 2021-08-30 13:37:04 +02:00
Erik Arvstedt
d7f9e33e1c
joinmarket-ob-watcher: move resource files to extra dir
Don't clutter joinmarket/bin with ob-watcher resource files.
2021-08-30 13:37:04 +02:00
nixbitcoin
e95abf6c7e
joinmarket: 0.8.3 -> 0.9.1 2021-08-30 09:02:26 +00:00
Erik Arvstedt
dde04f8cbe
update nixpkgs-unstable
Includes:
btcpayserver: 1.1.2 -> 1.2.0
lightning-loop: 0.14.2-beta -> 0.15.0-beta
nbxplorer: 2.1.52 -> 2.1.58
2021-08-26 12:45:10 +02:00
Erik Arvstedt
f7c2133250
add flake support
This change is fully backwards compatible.

We continue to use the standard non-flake evaluation mode in our
examples and internal tooling until the flakes design has stabilized.

'clightning-plugins = pkgs.recurseIntoAttrs' in pkgs/default.nix is
needed by flake-utils.lib.flattenTree in flake.nix.
It transforms the packages in `clightning-plugins` to top-level packages
named like `clightning-plugins/summary`. (The flake attr `packages`
must be a non-nested attrset of derivations.)
2021-08-26 12:45:10 +02:00
Erik Arvstedt
de77281cba
pkgs: import pinned nixpkgs in default.nix
pkgs/default.nix now explicitly specifies all its dependencies as arguments.
This is required for flake support.

Also simplify pinned.nix and python-packages by removing unused attrs.
2021-08-16 10:43:07 +02:00
Erik Arvstedt
fdc278a0b8
lib: fix comment 2021-08-15 11:29:36 +02:00
Erik Arvstedt
c758d68ea4
lib: rename privileged -> rootScript
The naming is now analogous the related function `script`.
2021-08-15 11:29:34 +02:00
Jonas Nick
8a49b41bb4
update nixpkgs-{stable,unstable}
Includes
- clightning 0.10.1
- lightning-loop 0.14.2
2021-08-14 17:57:49 +00:00
Erik Arvstedt
c4c2b03e19
extra-container: 0.6 -> 0.7
Version 0.7 adds support for NixOS 21.05.
2021-08-14 10:46:41 +02:00
Erik Arvstedt
ca64a4a64f
clightning-plugins.prometheus: use current nixpkgs version of prometheus-client 2021-08-14 10:46:41 +02:00
Erik Arvstedt
3aab1fc267
spark-wallet: update to new node-env 2021-08-14 10:46:41 +02:00
Erik Arvstedt
35fe939cf8
security: update /proc restriction mechanism
NixOS option `security.hideProcessInformation` for globally restricting
access to /proc has been removed.
Use per-service restrictions via 'ProtectProc' instead.

Rename
`nix-bitcoin.security.hideProcessInformation` to
`nix-bitcoin.security.dbusHideProcessInformation`
because this option now only implements the dbus restriction.
2021-08-14 10:46:41 +02:00
Erik Arvstedt
178a0dcf8f
services: use new 'tor' options 2021-08-14 10:46:41 +02:00
Erik Arvstedt
a25ceecca5
update to NixOS 21.05 2021-08-12 11:18:26 +02:00
Erik Arvstedt
b758150c9e
pinned: expose nixpkgsStable, nixpkgsUnstable
This allows accessing the pinned nixpkgs.
E.g., this is useful for comparing package versions between stable
and unstable.
2021-08-12 11:18:08 +02:00
Jonas Nick
1ecd9756f6
Merge fort-nix/nix-bitcoin#369: BTCPayServer L-BTC Support
54810ce1bf btcpayserver: add L-BTC support (nixbitcoin)
b24c14ec61 liquidd: make regtest capable (nixbitcoin)
b7225f5d11 update nixpkgs-unstable (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 54810ce1bf

Tree-SHA512: 363165d3b977cd4425191bce4246dd9e83daf914bf2adcaf3cf42d0c170f5730e7e79934a97e5f9c071d0f52bf9ee75a3aa710c4c52135ea58bcdd898babcc74
2021-08-10 12:23:46 +00:00
nixbitcoin
ed480a35af
joinmarket: 0.8.2 -> 0.8.3
Includes
- coincurve: 13.0.0 -> 15.0.0
- Update Darkscience Tor onion address
2021-08-10 10:12:29 +00:00
nixbitcoin
b7225f5d11
update nixpkgs-unstable
Includes
- btcpayserver: optional altcoin support
- lnd 0.13.1-beta
2021-08-10 10:00:13 +00:00
Jonas Nick
650e50b409
clightning-plugins: update to latest rev
This is necessary in preparation for clightning 0.10.1 which requires an update
to the rebalance plugin.
2021-08-10 08:37:14 +00:00
Pavol Rusnak
2f4d7b866c
elementsd: replace local version with nixpkgs 2021-07-16 23:32:58 +02:00
Jonas Nick
676a4beb81
Merge fort-nix/nix-bitcoin#359: charge-lnd: add module
b666bb2903 charge-lnd: add module (Martin Milata)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK b666bb2903

Tree-SHA512: c5e1edeefbd68ec4ba0e12c57922fb21ae3d1b3d54e403087e5bb7f6285db0a011404125c516bd7739741609d21fef6e7d86ad613c364aca6010652118faffff
2021-07-15 22:15:28 +00:00
Martin Milata
b666bb2903 charge-lnd: add module 2021-07-12 17:36:31 +02:00
nixbitcoin
ffbbdab999
lightning-loop & lightning-pool: replace local versions with nixpkgs 2021-07-12 11:20:32 +00:00
Jonas Nick
842ed44292
Merge fort-nix/nix-bitcoin#366: Update nixpkgs
ce10003747 lnd: allow curl to retry in the create-wallet script (Jonas Nick)
a23b9d1c2d lnd: check that state is RPC_ACTIVE after unlocking (Jonas Nick)
c75347027b lnd: don't wait until the RPC port is open after unlocking (Jonas Nick)
bc9199a386 Update nixpkgs (Jonas Nick)
8fbba87c0f Update nixpkgs (Martin Milata)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK ce10003747

Tree-SHA512: 658d74caec7849ff173ce58c7807d5342f39ff159bc40e617e9f28de7696b91e2801f920b183deefea141f9de2db9a9423ce13d31e6b96ff991ab07032522b55
2021-07-09 21:44:47 +00:00
Jonas Nick
bc9199a386
Update nixpkgs 2021-07-07 13:12:46 +00:00
nixbitcoin
c0a0d03006
elementsd: 0.18.1.11 -> 0.18.1.12 2021-07-07 10:40:47 +00:00
Martin Milata
8fbba87c0f Update nixpkgs
nixos-unstable:
a76f6b02852a724059a7b7cfe73ac5b7a2a81831 lnd: 0.12.1-beta -> 0.13.0-beta
e2dc2b859674411f5ed5b81781926afc7fde5260 btcpayserver: 1.0.7.2 -> 1.1.1
074b608d01e60fbef9bffe0ac7e25e72d20f4866 nbxplorer: 2.1.49 -> 2.1.51
60c6153ab12229fa3d067460614131da5e67f6da btcpayserver/update.sh: auto-update nbxplorer
1608efae17a36cc6206d929801cf2bd887d157b2 btcpayserver, nbxplorer: gpg verify upstream sources
c0693eae1e9cb28ad148ebb49f8200d340432079 hwi: 2.0.1 -> 2.0.2
43031a05d2e2b08ed5f98b3f5255e7d76ef4e403 charge-lnd: init at 0.1.2
5fd4f796b4210d691b1f89e1f29043d635cd20e0 charge-lnd: 0.1.2 -> 0.1.3
2021-06-20 23:28:46 +02:00
Jonas Nick
bdd00bff6c
Merge #358: lightning-loop: 0.12.1 -> 0.12.2
e6f2646ea7 lightning-loop: 0.12.1 -> 0.12.2 (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK e6f2646ea7

Tree-SHA512: 64c7a826abd8c3fa4f3bbae338e2971f2155860cd9ebfb1fda43dd59cfb543acb0f726ba84631142fec6d70a26d59fc8e3519c8a863b7a7fc74c3d75dcddb552
2021-05-05 21:53:48 +00:00
nixbitcoin
e6f2646ea7
lightning-loop: 0.12.1 -> 0.12.2 2021-05-05 09:12:15 +00:00
nixbitcoin
3963d04209
clboss: 0.11A -> 0.11B 2021-05-05 09:04:18 +00:00
Erik Arvstedt
7ae0a38701
electrs: replace local version with nixpkgs 2021-05-04 11:31:35 +00:00
Jonas Nick
9588b0af08
update nixpkgs
Includes
bitcoin: 0.21.0 -> 0.21.1
2021-05-03 18:15:21 +00:00
nixbitcoin
a71f69cb3a
hwi: replace local version with upstream 2021-04-23 11:17:18 +00:00
Jonas Nick
e93a861b92
Update nixpkgs (stable only) 2021-04-19 19:49:08 +00:00
Jonas Nick
4875314b6f
clboss: 0.10 -> 0.11A 2021-04-11 12:39:08 +00:00
nixbitcoin
daeedda825
clightning-plugins: update rev and dependencies 2021-04-09 16:10:33 +02:00
Erik Arvstedt
c5f67629e6
joinmarket: add copy of cryptography 3.3.2 2021-04-07 19:05:40 +02:00