Erik Arvstedt
9d0b8c8f6f
joinmarket-ob-watcher: use DynamicUser
...
DynamicUser simplifies services that don't need a persistent uid/gid,
like joinmarket-ob-watcher.
For existing installations the data dir migration to dynamic users
is automatically handled by systemd.
2021-02-07 22:41:44 +01:00
Erik Arvstedt
e9c98f415c
joinmarket: explain need for tor control socket
2021-02-07 22:41:31 +01:00
Erik Arvstedt
d9c87b6a8f
joinmarket: fix wallet creation
...
- Fix jm-wallet-seed being globally readable.
- Handle seed extraction failures.
If seed extraction fails, remove the newly created wallet.
This guarantees that wallets always have an accompanying seed.
2021-02-07 22:41:31 +01:00
Erik Arvstedt
7458350108
treewide: remove deprecated types.loaOf
2021-02-07 22:41:31 +01:00
Erik Arvstedt
9cf038939c
treewide: use mkEnableOption
2021-02-07 22:41:31 +01:00
Erik Arvstedt
7a97304f13
treewide: remove unit descriptions
...
Systemd's `Description` option is a misnomer (as confessed by `man systemd.unit`):
Its value is used by user-facing tools in place of the unit file name, so this option
could have been more aptly named `label` or `name`.
`Description` should only be set if the unit file name is not sufficient for naming a unit.
This is not the case for our services, except for `systemd.services.nb-netns-bridge`
whose description has been kept.
As an example how this affects users, weird journal lines like
```
nb-test systemd[1]: Starting Run clightningd...
```
are now replaced by
```
nb-test systemd[1]: Starting clightning.service...
```
2021-02-07 22:41:31 +01:00
Erik Arvstedt
a942177ecf
treewide: remove user descriptions
...
User descriptions are stored in the `comment` field in /etc/passwd.
In our case, these are completely redundant and don't add any useful information.
2021-02-07 22:41:30 +01:00
Erik Arvstedt
4f6ff408ef
treewide: remove unneeded string literals
2021-02-07 22:41:29 +01:00
Erik Arvstedt
e6a6c721c1
treewide: streamline 'extraConfig' descriptions
2021-02-07 22:40:11 +01:00
Erik Arvstedt
e774c045de
treewide: fix formatting
2021-02-07 22:40:10 +01:00
Erik Arvstedt
0b5b29a2a3
netns-isolation: simplify permission definition for netns-exec
...
The new definition is equivalent to the old one.
2021-02-07 22:39:06 +01:00
Erik Arvstedt
a587a2b02a
defaultHardening: explain where @system-service is defined
2021-02-07 22:39:06 +01:00
Erik Arvstedt
bb3a69797e
README: minor improvements
...
- Simplify examples link text.
That the examples README is located in a subdirectory is not relevant here.
- The backup frequency is freely configurable.
It's set to 'daily' only by secure-node.nix.
2021-02-07 22:39:06 +01:00
Erik Arvstedt
13fc9dfabf
examples: improve introductory comments
2021-02-07 22:39:05 +01:00
Erik Arvstedt
af2040f4c4
netns-isolation: use 'true' for systemd option
2021-02-07 22:39:05 +01:00
Erik Arvstedt
c246bbb36e
bitcoind, clightning, lnd: improve descriptions
...
bitcoind: The previous description of 'prune' didn't match the int-only
values supported by our option.
2021-02-07 22:39:05 +01:00
Erik Arvstedt
7533f12ef1
bitcoind, clightning, run-tests: minor refactoring
...
bitcoind: use builtins.toFile
clightning: use boolToString
run-tests: remove leftover var
2021-02-07 22:39:05 +01:00
Erik Arvstedt
41fe9b0c1d
elementsd: minor refactoring
...
- Use pname
- urls -> url
2021-02-07 22:39:05 +01:00
Erik Arvstedt
f0850d3f23
btcpayserver: reorder config settings
...
Move 'bind' and 'port' next to each other and to the top.
2021-02-07 22:39:05 +01:00
Erik Arvstedt
d1c0ea9f85
btcpayserver: add missing systemd postgresql dependency
...
btcpayserver fails if it starts before postgresql.
2021-02-07 22:39:05 +01:00
Jonas Nick
9cd52e04b5
Merge #316 : lndconnect: add preconfigured lndconnect-rest script
...
891a69ee8e
docs: add zeus usage instructions (nixbitcoin)
ebd478fd0d
lnd: add option 'restOnionService' (nixbitcoin)
a344ae95c9
move mkHiddenService to lib (Erik Arvstedt)
a26ed03d77
rename nix-bitcoin-services.nix -> lib.nix (Erik Arvstedt)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 891a69ee8e
Tree-SHA512: 91bae39f92aed5bdd44499bf861c434b983b02e90fae317ee2f293df710cf101faecaabbe316821dc1a5b5bfb1db68195f05c9984d93e2d279c76c1cde061d95
2021-02-05 22:10:35 +00:00
nixbitcoin
891a69ee8e
docs: add zeus usage instructions
2021-02-05 09:17:15 +01:00
nixbitcoin
ebd478fd0d
lnd: add option 'restOnionService'
2021-02-05 09:17:14 +01:00
Erik Arvstedt
a344ae95c9
move mkHiddenService to lib
2021-02-04 12:39:54 +00:00
Erik Arvstedt
a26ed03d77
rename nix-bitcoin-services.nix -> lib.nix
2021-02-04 12:39:48 +00:00
Jonas Nick
c0abae97a4
Merge #314 : bitcoind: add uptime to the public API whitelist
...
86d7db9940
bitcoind: add uptime to the public api whitelist (Martin Milata)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 86d7db9940
Tree-SHA512: cba7427e99998dee9f83bee2c1793b17518401b4505bebdb8dfc144429c9861fd8358a4633176fc11860a8377071fbbd56e7feefa0171e37525cb7002e296f27
2021-02-03 09:12:47 +00:00
Martin Milata
86d7db9940
bitcoind: add uptime to the public api whitelist
...
It is needed by lnd to check bitcoind health status since lnd-0.12.0.
2021-02-02 22:32:20 +01:00
Jonas Nick
0c9613d013
Merge #310 : update nixpkgs-unstable
...
a33c678d3b
update nixpkgs-unstable (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK a33c678d3b
jonasnick:
ACK a33c678d3b
Tree-SHA512: 25e89e41b512bf8baeb0838c8dd833e832a77e41b1d39995f80612ef5d27154138260f0b168402d6f77351104b1d1766d9a365ae63fee236c227fcd2cbdf0e2a
2021-02-01 12:19:37 +00:00
nixbitcoin
a33c678d3b
update nixpkgs-unstable
...
Includes c-lightning 0.9.3 and lnd 0.12.0-beta
2021-02-01 10:11:30 +00:00
Jonas Nick
cba1188db8
Merge #308 : Update nixpkgs-unstable, bitcoind
...
b114d0c3b1
bitcoind: use systemd startup notification (Erik Arvstedt)
332d0e70c8
bitcoind: support onion address announcing (Erik Arvstedt)
9662c19ab1
onionServices: use actual user name of services (Erik Arvstedt)
5c09845e6f
bitcoind: tag incoming connections as onion on enforceTor (Erik Arvstedt)
8f9ea61d6e
update nixpkgs-unstable (Erik Arvstedt)
05e5ec99ec
modules packages: build electrs, lightning-loop with nixpkgs stable (Erik Arvstedt)
44546561fc
run-tests: allow defining scenarios via cmdline args (Erik Arvstedt)
fc40776689
improve backup test (Erik Arvstedt)
9a67a32779
fix build-to-cachix (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK b114d0c3b1
nixbitcoin:
ACK b114d0c3b1
Tree-SHA512: fbf4810fb0e1aeb46618c53cea3d6bde582eb92837afabe77e5bbf5c4add82277af4eba6bfeae6331f8992902e5dbe5081f2a016121a02dab3e797d53f232dd2
2021-02-01 10:07:22 +00:00
Erik Arvstedt
b114d0c3b1
bitcoind: use systemd startup notification
2021-01-31 22:26:49 +01:00
Erik Arvstedt
332d0e70c8
bitcoind: support onion address announcing
2021-01-31 22:26:49 +01:00
Erik Arvstedt
9662c19ab1
onionServices: use actual user name of services
...
Previously, onionAddresses definitions in onionServices were of the form
onionAddresses.access.<service> = [<service>];
This caused failures for configurations where a service user name was
overridden or for bitcoind whose default user is 'bitcoin' instead of 'bitcoind'.
Now set the equivalent of:
onionAddresses.access.<actualServiceUser> = [<service>];
Implement this via a new option `onionAddresses.services` to make things more
readable and to work around an infinite recursion error in onionServices.
2021-01-31 22:26:49 +01:00
Erik Arvstedt
5c09845e6f
bitcoind: tag incoming connections as onion on enforceTor
2021-01-31 22:26:49 +01:00
Erik Arvstedt
8f9ea61d6e
update nixpkgs-unstable
...
- bitcoind 0.20.1 -> 0.21.0
Manually create a wallet in the backup test because bitcoind
does not create a default wallet anymore
- disable the failing elementsd build on unstable
2021-01-31 22:26:30 +01:00
Erik Arvstedt
05e5ec99ec
modules packages: build electrs, lightning-loop with nixpkgs stable
...
Building with nixBitcoinPkgsUnstable was only a temporary measure to
fix build errors on stable.
2021-01-30 11:38:47 +01:00
Erik Arvstedt
44546561fc
run-tests: allow defining scenarios via cmdline args
...
This simplifies running self-contained scenarios for testing and debugging.
2021-01-30 11:38:47 +01:00
Erik Arvstedt
fc40776689
improve backup test
...
Only check enabled services. This allows running the backup test with a custom subset of other
tests.
Also, show a meaningful error on test failure.
Previously, just an AssertionError without a message was shown.
Because the test code is evaluated from a string and not a file, there
was also no backtrace to the tests file.
2021-01-30 11:38:47 +01:00
Erik Arvstedt
9a67a32779
fix build-to-cachix
...
- Don't fail on `kill $cachixPid` when cachix has already exited.
This fixes some failing CI builds.
- Stop the cachix background worker before the final `cachix push`.
This can avoid unneeded reuploads.
Use the coreutils version of tail on cirrus which supports
argument --pid.
2021-01-30 11:38:47 +01:00
Jonas Nick
58a88619ae
Merge #306 : Update nixpkgs
...
f96591c030
Update nixpkgs (nixbitcoin)
Pull request description:
ACKs for top commit:
jonasnick:
ACK f96591c030
Tree-SHA512: 41e79c1660108a7f6d879a11eecdcfd01135079f664794c198eef08c542dd0e829a6033cfc0851d3d9d5fb0f154db7933efa11a3e3d808dd40ef6d89dee0c58a
2021-01-27 16:17:11 +00:00
nixbitcoin
f96591c030
Update nixpkgs
...
Includes CVE-2021-3156 patch
2021-01-27 15:15:47 +00:00
Jonas Nick
0de91d1b03
Merge #302 : electrs: v0.8.6 -> v0.8.7
...
69da6f94f1
electrs: v0.8.6 -> v0.8.7 (nixbitcoin)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 69da6f94f1
Tree-SHA512: 773c37cbd48e62e123cbc439e395d4dd1320199b22bd64066680429245ce9638cc210c35043f1edbc3030f96b5ce97fe464dc4bc9c9a89f1265ed72d66f2bc49
2021-01-20 21:20:50 +00:00
nixbitcoin
69da6f94f1
electrs: v0.8.6 -> v0.8.7
2021-01-20 13:20:18 +00:00
Jonas Nick
035438d427
Merge #290 : JoinMarket Orderbook Watcher
...
8c125ec48c
joinmarket-obwatcher: add pkg & module (nixbitcoin)
915df059f4
joinmarket: 0.8.0-bcfa7eb -> 0.8.0-a5e8879 (Erik Arvstedt)
254246cf39
joinmarket: use installPhase (Erik Arvstedt)
Pull request description:
ACKs for top commit:
erikarvstedt:
ACK 8c125ec48c
Tree-SHA512: 5e4ba14a2a90c505b7cd7e09c33548d06ec466502c48f8d551a4437c5542dab427ec7f9cb7a15c849cc7ce11685c493b9773ec08591e1980ebe2a84abef17141
2021-01-17 20:00:13 +00:00
Jonas Nick
ecf119d545
Merge #300 : Fix lnd nodeinfo
...
9480ada135
nodeinfo fix lnd (kon)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK 9480ada135
Tree-SHA512: 5da72fa8b6341b8248348acf23916d5325cf8f1d58606103aee2881824f83249d128e84d92cd2ca51cea3e6b64b1a6e457bde4689335998e5f8525d7f366bfdc
2021-01-17 19:59:38 +00:00
nixbitcoin
8c125ec48c
joinmarket-obwatcher: add pkg & module
2021-01-17 17:40:12 +00:00
Erik Arvstedt
915df059f4
joinmarket: 0.8.0-bcfa7eb -> 0.8.0-a5e8879
2021-01-17 17:40:01 +00:00
kon
9480ada135
nodeinfo fix lnd
2021-01-17 17:13:09 +01:00
Erik Arvstedt
254246cf39
joinmarket: use installPhase
...
This simplifies the build.
2021-01-17 14:17:14 +01:00
Jonas Nick
c6c14889eb
Merge #293 : Module refactorings, onionServices
...
e2922eb4ce
move rpc thread count setting to lightning modules (Erik Arvstedt)
352fc4e8fe
liquid: remove insecure and redundant option 'rpcpassword' (Erik Arvstedt)
757a66b9bd
liquid: move rpcuser definition to module (Erik Arvstedt)
0e00c39d47
secure-node: improve layout (Erik Arvstedt)
5f7a7962f7
backups: remove redundant option 'program' (Erik Arvstedt)
04d8560f86
secure-node: remove qrencode, tor from systemPackages (Erik Arvstedt)
323a431aba
improve nodeinfo (Erik Arvstedt)
f6b883a9ac
remove webindex (Erik Arvstedt)
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver (Erik Arvstedt)
18c7842e1a
modules: show warnings for obsolete options (Erik Arvstedt)
45c40c4eb9
versioning: simplify assertion evaluation (Erik Arvstedt)
bed00fe937
lnd: use onionServices for address announcing (Erik Arvstedt)
3980cd5a41
clightning: use onionServices for address announcing (Erik Arvstedt)
bd2a46cb73
spark-wallet: use onionServices (Erik Arvstedt)
87fb9f246b
add 'enable-tor' preset (Erik Arvstedt)
05b5402bb1
add nix-bitcoin.onionServices (Erik Arvstedt)
fffe988248
onionAddresses: add readonly option 'dataDir' (Erik Arvstedt)
5f34b094d3
onionAddresses: improve script (Erik Arvstedt)
b266f23251
onionAddresses: use service 'script' option (Erik Arvstedt)
6d13b26d0a
onionAddresses: add more precise type for option 'access' (Erik Arvstedt)
93562f76dd
onionAddresses: remove redundant option 'enable' (Erik Arvstedt)
43c247e3fe
onionAddresses: use StateDirectory instead of tmpfiles (Erik Arvstedt)
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses (Erik Arvstedt)
55073eee70
remove nix-bitcoin.pkgs.lib (Erik Arvstedt)
09e0042aa8
spark-wallet: add consistent address options (Erik Arvstedt)
39f16c0b4a
liquidd: add consistent address options (Erik Arvstedt)
b5d76ba1b3
electrs: add consistent address options (Erik Arvstedt)
8fa32b7f91
btcpayserver: add consistent address options (Erik Arvstedt)
e78a609687
clightning: add consistent address options (Erik Arvstedt)
b41a720c28
lnd: add consistent address options (Erik Arvstedt)
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc' (Erik Arvstedt)
5b7e0d09b2
bitcoind: add consistent address options (Erik Arvstedt)
Pull request description:
ACKs for top commit:
nixbitcoin:
ACK e2922eb4ce
jonasnick:
ACK e2922eb4ce
Tree-SHA512: a85b33efe66048f06699b3997f83c9427f70f278fa66d30ee9a29c91f50723ff8bd1ffb9d968d7f08818742c8c6afb0b40dbfc14b95a4b8c3302caf9bede4198
2021-01-14 20:42:23 +00:00