This is simpler and more memory-efficient.
We've also changed other services to use this appraoch.
Also remove unneded `wait_for_unit` in the electrs regtest test.
- README: add matrix room
- examples/configuration.nix: explain why bitcoind is enabled by default
- btcpayserver: group lnd service settings
- clightning:
Use public onion port only when the onion service is public
This allows users to enable the onion service while announcing a
non-onion public address.
- netns-isolation: move `readOnly` attr to the top
- tests: use mkDefault to allow for easier overriding
- tests/btcpayserver: test web server response
- `waitfornewblock` was previously not included in the public RPC
whitelist because it's reserved for testing and marked as hidden
in bitcoind.
- electrs changed its verbosity settings. `-vv` is now the best choice
for normal usage.
- bitcoind option `dataDirReadableByGroup` is now unused.
Because it can be valuable for other use cases and implementing
it is intricate, we're keeping it for now.
- test: keep `nc` connection open because otherwise the electrs
RPC server would now close the connection before sending a response.
joinmarket-ob-watcher now makes extensive use of bitcoind because of
JoinMarket's new fidelity bond functionality. Therefore it fails on
non-synced nodes, as those in the test suite. We now test that the
service fails with the correct error, rather than asserting that it is
running.
NixOS option `security.hideProcessInformation` for globally restricting
access to /proc has been removed.
Use per-service restrictions via 'ProtectProc' instead.
Rename
`nix-bitcoin.security.hideProcessInformation` to
`nix-bitcoin.security.dbusHideProcessInformation`
because this option now only implements the dbus restriction.
Keeping the secrets dir read-only is more simple and robust.
- lnd seed mnemonic creation and joinmarket wallet creation can be
run as the regular service user instead of root.
- It is easier to switch to a third-party secrets deployment
method in the future.
Don't create a seed mnemonic for lnd when a wallet exists.
This avoids creating unused mnemonics and helps simplifying
the migration command in `versioning.nix`.
When running as root, use runuser instead of sudo.
As opposed to sudo or doas, runuser is a standalone
binary that needs no external configuration.
Also, it's a bit faster.
- bitcoind 0.20.1 -> 0.21.0
Manually create a wallet in the backup test because bitcoind
does not create a default wallet anymore
- disable the failing elementsd build on unstable
Only check enabled services. This allows running the backup test with a custom subset of other
tests.
Also, show a meaningful error on test failure.
Previously, just an AssertionError without a message was shown.
Because the test code is evaluated from a string and not a file, there
was also no backtrace to the tests file.
- enable usage outside of secure-node.nix
- use json as the output format
- show ports
- also show local addresses, which is particularly useful when
netns-isolation is enabled
- only show enabled services
When 'loop getparams' fails, jq gets no stdin and exits with code 0.
Because -o pipefail is not enabled in the testing shell, the whole test
command succeeds, although it should fail.
Just test "loop getparams" instead and ignore its output.
- Use fping for pinging multiple hosts in parallel.
Significantly improves test runtime:
>13 s -> ~200 ms for the negative ping tests.
- Only test network namespaces that are enabled.
This allows running the netns test with a reduced service set for debugging.
- Remove deprecated services, instead add btcpayserver, spark-wallet
This improves debugging and experimenting by making it easy to compose fine-grained
scenarios that have specific tests and features enabled.
The VM test output now includes the subtest name and duration.
Remove the 'raise Exception()' hack for interactive mode.
Run 'banlist-and-restart' test before 'backups'. This speeds up the test
by avoiding an extra shutdown of all bitcoin-related services.