Commit Graph

1733 Commits

Author SHA1 Message Date
Erik Arvstedt
f405a2ceda make-container.sh: improve root handling
Don't auto-switch to root when executing make-container.sh, because
auto root switching is also implemented in extra-container.

Besides simplifying the code, this is useful for a later commit that
introduces flakes-based container building.
With this change, the container is built under the regular user
instead of root, thereby utilizing the user's regular fetcher and
evaluation caches.
2023-06-01 02:56:22 -07:00
Erik Arvstedt
6a2d4ab1d7 profiles/hardened: support pure eval mode 2023-06-01 02:56:22 -07:00
Erik Arvstedt
ada564c1ea add compatibility with Nix PR #6530 (Source tree abstraction)
Avoid adding flake resource paths to the store (via string
interpolation).
This reduces performance and can lead to modules getting imported
twice, once through a local path and once through a store path.

This might not be needed in a future Nix release, in which case we can
revert this.
2023-06-01 02:56:22 -07:00
Erik Arvstedt
514c05ee47 tests/vmWithoutTests: poweroff on shell exit
This allows quitting the VM with Ctrl-D like in the minimal example VM.
2023-06-01 02:56:22 -07:00
Erik Arvstedt
c12489d838 tests, example: avoid lengthy documentation build
This options manual rebuild takes 30-60s and is triggered by the extra
NixOS options defined by nix-bitcoin.
2023-06-01 02:56:22 -07:00
Erik Arvstedt
d5e50191d6 test/shellcheck-services: add configurable source prefix
This allows using this module for services defined outside of nix-bitcoin.
2023-06-01 02:56:22 -07:00
Erik Arvstedt
b2bae90584 bitcoind: fix rare startup error
Previously, dhcpcd and bitcoind starting up in parallel could lead to
the following error in bitcoind:
```
bitcoind: libevent: getaddrinfo: address family for nodename not supported
bitcoind: Binding RPC on address 127.0.0.1 port 8332 failed.
bitcoind: Unable to bind any endpoint for
```
After the initial failure, the bitcoind service would always restart successfully.

This race condition, where both applications were simultaneously
manipulating network resources, was only triggered under specific
hardware conditions.

Fix it by running bitcoind after dhcp has started (by running after
`network-online.target`).
This bug and the fix only affect the default NixOS scripted
networking backend.
2023-06-01 02:56:22 -07:00
Erik Arvstedt
f874c3b563 pkgs: add lnd 0.15.4 (hotfix)
Includes an emergency hotfix:
https://github.com/lightningnetwork/lnd/releases/tag/v0.15.4-beta
2023-06-01 02:56:22 -07:00
Erik Arvstedt
b3c134c01d lnd: fix missing RPC permissions when bitcoind is pruned 2023-06-01 02:56:22 -07:00
Erik Arvstedt
29d1a6b8a8 test/shellcheck-services: fix error by excluding unavailable services 2023-06-01 02:56:22 -07:00
Erik Arvstedt
425a411e2b test/shellcheck-services: simplify accessing service definitions
This also improves performance by removing the extra module evaluation.
2023-06-01 02:56:22 -07:00
Erik Arvstedt
5e6b560fcf tests: run flake-info in sandbox
Don't use sandboxing in Cirrus CI where namespace support is missing.
2023-06-01 02:56:22 -07:00
Erik Arvstedt
bdb4ee0e0b revert "tests: disable nixosSearch" 2023-06-01 02:56:22 -07:00
Erik Arvstedt
d96c0a628a btcpayserver: use new option certfilepath for lnd 2023-06-01 02:56:22 -07:00
Erik Arvstedt
589860b842 Revert "pkgs: add lnd 0.15.2"
This reverts commit cf836b5d3b.
2023-06-01 02:56:22 -07:00
Erik Arvstedt
ac4c01c374 update nixpkgs
btcpayserver: 1.6.10 -> 1.6.12
clightning: 0.12.0 -> 0.12.1
fulcrum: 1.8.1 -> 1.8.2
nbxplorer: 2.3.33 -> 2.3.41
2023-06-01 02:56:22 -07:00
Erik Arvstedt
effc1ce0a7 defaultHardening: allow syscall set_mempolicy
This syscall is safe to allow.
It's required by the dotnet runtime (btcpayserver, nbxplorer) update
introduced in the following commit.
2023-06-01 02:56:22 -07:00
Erik Arvstedt
48170b241c pkgs: add lnd 0.15.2
Includes an emergency hotfix:
https://github.com/lightningnetwork/lnd/releases/tag/v0.15.2-beta
2023-06-01 02:56:22 -07:00
Jonas Nick
5a063aff00 update nixpkgs
electrs: 0.9.7 -> 0.9.9
elementsd: 0.21.0.2 -> 22.0
fulcrum: 1.7.0 -> 1.8.1
2023-06-01 02:56:22 -07:00
Jonas Nick
b25bccbdc6 clightning-plugins: update packages 2023-06-01 02:56:22 -07:00
Greg Shuflin
9a7e5e1921 Patch to prevent chmod 2022-09-20 19:34:12 -07:00
Jonas Nick
755da16a1b
Merge fort-nix/nix-bitcoin#529: ShellCheck on scripts generated by nix
f3f8d650ab shellcheck: fix the lint warnings for other generated scripts (Otto Sabart)
acd341426a shellcheck: prevent globbing and word splitting in package shell scripts (Otto Sabart)
c3b97e6728 tests: add `shellcheckServices` (Erik Arvstedt)
01fa900633 shellcheck: fix setup-secrets.sh, spark-wallet (Erik Arvstedt)
ee15837244 shellcheck: prevent globbing and word splitting in unit shell scripts (Otto Sabart)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK f3f8d650ab
  jonasnick:
    Concept ACK f3f8d650ab

Tree-SHA512: b7a8ae1e8db57e6bb1285832cdd52414913339344e6c6c72621e48404887ae214ed839364d3f2d272cc4b339812ee032e73040b60e6a9f1b9d189ecbae745772
2022-09-13 15:03:58 +00:00
Otto Sabart
f3f8d650ab
shellcheck: fix the lint warnings for other generated scripts 2022-09-12 21:00:00 +02:00
Otto Sabart
acd341426a
shellcheck: prevent globbing and word splitting in package shell scripts 2022-09-12 21:00:00 +02:00
Erik Arvstedt
c3b97e6728
tests: add shellcheckServices 2022-09-12 21:00:00 +02:00
Erik Arvstedt
01fa900633
shellcheck: fix setup-secrets.sh, spark-wallet 2022-09-12 21:00:00 +02:00
Otto Sabart
ee15837244
shellcheck: prevent globbing and word splitting in unit shell scripts 2022-09-12 21:00:00 +02:00
Jonas Nick
4e63301ac3
Merge fort-nix/nix-bitcoin#546: Update nixpkgs
63f8b74026 pyln-client: add patch that fixes plugins (Jonas Nick)
5255c7e8bc pyln-client: remove pkg patch that has become unnecessary (Jonas Nick)
c165836fd1 bitcoind: add "getdeploymentinfo" to public rpc whitelist (Jonas Nick)
623c238b16 clightning-plugins: remove commando pkg and module (Jonas Nick)
33144262ec clightning-plugins: bump ver of pyln-client required by prometheus (Jonas Nick)
9c766df16a Revert "clightning: fix build" (Jonas Nick)
b57e7466fb update nixpkgs (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 63f8b74026

Tree-SHA512: 699ce5179ee202218933424ac3fe746a405700daccad78109d8118013cba6d64d40b07a87430281cbde96438250a05b03be0e44ebb69d85e2d41ec3ae57d6c7e
2022-09-07 09:42:43 +00:00
Jonas Nick
ff04de6972
Merge fort-nix/nix-bitcoin#545: test/lib/create-git-repo: fix variable quoting
49e30f7172 test/lib/create-git-repo: fix empty var expansion (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 49e30f7172

Tree-SHA512: 321f01bd8674e7cc91718e9799e3175cb640feb42ebac90588a60cdbe160b705aac4effa4cc229adc41c062c3cdf7ad90317a4dde90665d71141016faf2ce43a
2022-09-07 09:41:19 +00:00
Jonas Nick
63f8b74026
pyln-client: add patch that fixes plugins
Without this patch, the summary and feeadjuster plugins crash on startup.
2022-09-07 09:33:00 +00:00
Erik Arvstedt
49e30f7172
test/lib/create-git-repo: fix empty var expansion
When `amend` is empty, expand it to nothing instead of an empty
string (which causes a git error).
2022-09-07 11:02:15 +02:00
Jonas Nick
5255c7e8bc
pyln-client: remove pkg patch that has become unnecessary 2022-09-07 08:44:52 +00:00
Jonas Nick
c165836fd1
bitcoind: add "getdeploymentinfo" to public rpc whitelist
This is required by lnd 0.15.1.
2022-09-07 08:44:52 +00:00
Jonas Nick
623c238b16
clightning-plugins: remove commando pkg and module
clightning 0.12.0 ships with a reimplementation of the commando plugin that is
incompatible with the commando module that existed in nix-bitcoin.
2022-09-07 08:44:52 +00:00
Jonas Nick
33144262ec
clightning-plugins: bump ver of pyln-client required by prometheus 2022-09-07 08:44:51 +00:00
Jonas Nick
9c766df16a
Revert "clightning: fix build"
This reverts commit 321e8ba06e which is not
necessary anymore due to the nixpkgs update.
2022-09-07 08:44:51 +00:00
Jonas Nick
b57e7466fb
update nixpkgs
btcpayserver: 1.6.9 -> 1.6.10
lnd: 0.15.0-beta -> 0.15.1-beta
2022-09-07 08:44:47 +00:00
Jonas Nick
462c2541d7
Merge fort-nix/nix-bitcoin#547: tests: disable nixosSearch
7985e075e5 README: remove nixos-search (Erik Arvstedt)
c63da4734e tests: disable `nixosSearch` (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 7985e075e5

Tree-SHA512: 3f6781ee7d6d026c36029fde47f146629d7c4eb59428fb1c2a904e1a36c8b4236f4b96c604c05f30063051eba2b6b3d13ceac44104590be61944d175b3f20638
2022-09-07 08:43:11 +00:00
Erik Arvstedt
7985e075e5
README: remove nixos-search 2022-09-07 10:24:16 +02:00
Erik Arvstedt
c63da4734e
tests: disable nixosSearch 2022-09-05 21:11:15 +02:00
Jonas Nick
6fed9b25cd
Merge fort-nix/nix-bitcoin#544: joinmarket: 0.9.6 -> 0.9.7
b9d2a882a7 joinmarket: 0.9.6 -> 0.9.7 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK b9d2a882a7

Tree-SHA512: 48f65f829f35b2b20d6fb95bd829db66bf7f11fcf97aad0c9e1673544f6420168f10a40fe3748d50c1f582c1be2b4ea7917dbbabb3661fa85cfff828fb56c8f7
2022-09-02 13:48:25 +00:00
nixbitcoin
b9d2a882a7
joinmarket: 0.9.6 -> 0.9.7 2022-09-02 11:11:26 +00:00
Jonas Nick
6145dc3032
Merge fort-nix/nix-bitcoin#539: Minor improvements
67a573dae8 create-git-repo.sh: fix amend error if there's no branch checked out (Erik Arvstedt)
d9eecb7d4c nixos-search/flake: remove unused output (Erik Arvstedt)
4e70db14bc README: fix capitalization (Erik Arvstedt)
030be842c8 secrets: use fetchurl derivation (Erik Arvstedt)
1713e016a0 clightning-replication: clarify comment about FUSE mounts (Erik Arvstedt)
cd3878e357 delete modules/default.nix (Erik Arvstedt)
f2a4d1fe65 docs/security: fix typo (Erik Arvstedt)
3a65dc0dc9 docs/configuration: improve section `Remote bitcoind` (Erik Arvstedt)
af115d746b internal scripts: use pinned, cached pkgs (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 67a573dae8

Tree-SHA512: 9ab2e9141793996eeae94cf2bb630491489a479841858187719fee9cf39e56b1db8bfc09f9466026b7409e160bb2047b374047ca4d2f7249077895c804663bd0
2022-08-29 11:38:48 +00:00
Erik Arvstedt
67a573dae8
create-git-repo.sh: fix amend error if there's no branch checked out
In this case, `git commit --amend` fails.

The state of a .git repo existing without a branch being checked out
can be reached through the following sequence of events (which I just
seem to have triggered):
1. The script calls `git init`
2. The user interrupts the script before `git commit` is finished
2022-08-29 00:12:19 +02:00
Erik Arvstedt
d9eecb7d4c
nixos-search/flake: remove unused output 2022-08-29 00:12:19 +02:00
Erik Arvstedt
4e70db14bc
README: fix capitalization 2022-08-29 00:12:18 +02:00
Erik Arvstedt
030be842c8
secrets: use fetchurl derivation
This moves fetching from eval time to build time, which is a better
fit for fetching build time resources.
2022-08-29 00:12:17 +02:00
Erik Arvstedt
1713e016a0
clightning-replication: clarify comment about FUSE mounts 2022-08-28 23:49:12 +02:00
Erik Arvstedt
cd3878e357
delete modules/default.nix
This file has been missing some modules for quite some time.
Remove it to simplify maintenance.
2022-08-28 23:49:12 +02:00
Erik Arvstedt
f2a4d1fe65
docs/security: fix typo 2022-08-28 23:49:12 +02:00