87fb9f246b
add 'enable-tor' preset
...
Move 'enforceTor' and onion-service definitions from secure-node.nix.
Use the onionServices module to define onion services.
Onion services now automatically work for services that bind to an INADDR_ANY (`0.0.0.0`) address.
2021-01-14 13:25:08 +01:00
05b5402bb1
add nix-bitcoin.onionServices
2021-01-14 13:25:07 +01:00
fffe988248
onionAddresses: add readonly option 'dataDir'
...
Used by 'onionServices' in a later commit for services that announce
their onion address.
2021-01-14 13:25:07 +01:00
5f34b094d3
onionAddresses: improve script
...
- use -e to check for existence of /var/lib/tor/state, use shorter
polling interval
- clear existing dataDir contents to avoid accumulating obsolete data
- use concatMapStrings instead of foldl'
2021-01-14 13:25:07 +01:00
b266f23251
onionAddresses: use service 'script' option
...
This also makes the script stop on errors.
2021-01-14 13:25:07 +01:00
6d13b26d0a
onionAddresses: add more precise type for option 'access'
2021-01-14 13:25:06 +01:00
93562f76dd
onionAddresses: remove redundant option 'enable'
...
The service can be disabled via `onion-addresses.access = mkForce {};`
Also remove redundant description.
2021-01-14 13:25:06 +01:00
43c247e3fe
onionAddresses: use StateDirectory instead of tmpfiles
...
Simplifies the dataDir setup.
2021-01-14 13:25:06 +01:00
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses
...
This clarifies its function.
2021-01-14 13:25:05 +01:00
09e0042aa8
spark-wallet: add consistent address options
2021-01-14 13:25:05 +01:00
39f16c0b4a
liquidd: add consistent address options
2021-01-14 13:25:05 +01:00
b5d76ba1b3
electrs: add consistent address options
2021-01-14 13:25:04 +01:00
8fa32b7f91
btcpayserver: add consistent address options
2021-01-14 13:25:04 +01:00
e78a609687
clightning: add consistent address options
...
Also remove option 'autolisten'. This option has no effect because
option 'bind-addr' is always set.
2021-01-14 13:25:04 +01:00
b41a720c28
lnd: add consistent address options
...
Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
2021-01-14 13:25:03 +01:00
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc'
2021-01-14 13:25:03 +01:00
5b7e0d09b2
bitcoind: add consistent address options
2021-01-14 13:25:03 +01:00
79f4723cda
lightning-charge: remove package and module
2021-01-01 19:16:46 +00:00
58de79d401
nanopos: remove package and module
2021-01-01 17:37:30 +00:00
da674d1ccf
Merge #292 : joinmarket: always synchronize secrets.jm-wallet-password
...
ed636dd070ed636dd070
2020-12-30 19:18:56 +00:00
ed636dd070
joinmarket: always synchronize secrets.jm-wallet-password
...
secrets.jm-wallet-password is always needed by joinmarket, not just when
joinmarket.yieldgenerator.enable
2020-12-30 16:49:50 +00:00
edc657d138
btcpayserver: add rootpath option
2020-12-30 16:47:50 +00:00
f89498d4fc
clboss: add module
2020-12-22 09:40:00 +00:00
7b32a78de2
Merge #284 : Fix containers
...
2bfb4efbd83403795c86ff94985b8bc8e73c959e44b06aea5aa359cdfb66a5a2fc72742bfb4efbd82bfb4efbd8
2020-12-21 12:24:14 +00:00
c8e73c959e
fix 'hardened' profile for NixOS 20.09
...
The 'scudo' memory allocator set by the 'hardened' profile breaks some
services on 20.09.
The fix for NixOS unstable (https://github.com/NixOS/nixpkgs/pull/104052 )
is ineffective on 20.09.
As a workaround, add a custom 'hardened' preset that uses the default allocator.
2020-12-18 19:56:56 +01:00
fdfafb2f40
joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
...
Update to 0.8.0 with hotfix for genwallet script
Includes module versioning error with migration instructions
2020-12-17 11:12:58 +00:00
5feb9e3eae
lnd: fix rpc/rest port configuration
2020-12-07 14:38:36 +01:00
1d44b99340
add curated clightning plugins
2020-11-18 20:21:34 -06:00
f1681f5b45
add option nix-bitcoin.pkgs, remove overlay
...
This works around a nixpkgs bug where overlays are ignored in containers.
2020-11-09 22:10:07 +01:00
b1a5f5e7b9
don't add service-only pkgs to systemPackages
...
These packages are not useful in shell environemnts.
2020-11-09 22:10:07 +01:00
e39ad358a4
lnd: remove unused bitcoind from PATH
2020-11-09 22:10:07 +01:00
59e128a994
joinmarket: add payjoin configuration
2020-11-06 08:51:25 +00:00
f29f04c0c4
secure-node: LND no longer requires ControlPort
...
Onion service is now generated through mkHiddenService function.
2020-11-06 08:51:23 +00:00
0972af55f1
netns: fix setup service restarts
2020-11-03 21:55:13 +01:00
63a464431b
netns: fail when netns already exists
...
Under normal circumstances, service-specific netns should never exist
before the netns setup service starts.
An existing netns is a genuine error that should not be silently ignored.
2020-11-03 21:55:13 +01:00
b4b607dfa5
netns: simplify firewall setup
2020-10-29 22:36:20 +01:00
25639cec42
netns: fix error msg when starting netns
...
Previously, the failing initial `netns delete` resulted in a
"Cannot remove namespace file ..." error visible in the journal
and status output.
2020-10-29 21:21:30 +01:00
67068afd6b
netns: fix error when stopping netns
...
A short time after `netns delete` finishes, the peer link in the main
netns is automatically removed.
When `link del` is run before that, it fails with
`Cannot find device "nb-veth-br-*"` and the netns service enters a failed state.
2020-10-29 21:21:30 +01:00
8da01fe8a6
lightning-loop: allow RPC access from main netns
...
Note that this also exposes the REST server, which is secured by
macaroon auth like the RPC server.
2020-10-29 21:21:29 +01:00
d76b080b74
lightning-loop: add RPC and REST server options
2020-10-29 21:21:29 +01:00
e66636ef0e
liquidd: use type str for rpcbind
2020-10-29 21:21:29 +01:00
de23fdd377
lnd: use type str for rpclisten, restlisten
2020-10-29 21:21:28 +01:00
8b053326cc
bitcoind: use type str for rpcbind
...
Extra RPC bind addresses can still be added via extraConfig.
2020-10-29 21:21:28 +01:00
6903e8afcc
netns-liquidd: allow RPC access from main netns
2020-10-29 21:21:28 +01:00
82f4901880
netns-lnd: allow RPC access from main netns
2020-10-29 21:21:27 +01:00
58d24e735d
netns-bitcoind: allow RPC access from main netns
2020-10-29 21:21:27 +01:00
e0675cb256
move enforceTor logic to service modules
...
This enables tor support for services without using secure-node.nix
2020-10-29 21:21:27 +01:00
0cc8caa737
lnd: only set tor.active on enforceTor
...
This also enables the test scenario 'netnsRegtest' introduced in a
later commit by fixing the following bug:
For unknown reasons, when tor.active=true and tor is not running, lnd
fails with a tor connection error on netns-isolation, but runs fine
without netns-isolation.
2020-10-29 21:21:26 +01:00
5e0e16529c
netns: fix default addressblock value type
...
Also remove redundant definition in secure-node.nix
2020-10-20 18:21:37 +02:00
6933b0ef47
Merge #251 : Services: Auto-enable dependencies
...
67e49fe41567e49fe415
2020-10-20 11:17:10 +00:00
Erik Arvstedt
Jonas Nick
nixbitcoin
Martin Milata
Ian Shipman