Commit Graph

1090 Commits

Author SHA1 Message Date
Erik Arvstedt
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver
In case of btcpayserver the default onion service is a security risk
because any visitor can register an admin account on a freshly setup node.
2021-01-14 13:25:09 +01:00
Erik Arvstedt
18c7842e1a
modules: show warnings for obsolete options 2021-01-14 13:25:09 +01:00
Erik Arvstedt
45c40c4eb9
versioning: simplify assertion evaluation 2021-01-14 13:25:09 +01:00
Erik Arvstedt
bed00fe937
lnd: use onionServices for address announcing 2021-01-14 13:25:09 +01:00
Erik Arvstedt
3980cd5a41
clightning: use onionServices for address announcing 2021-01-14 13:25:08 +01:00
Erik Arvstedt
bd2a46cb73
spark-wallet: use onionServices
Also remove the unneeded definition of ReadWritePaths because the
service doesn't need write access to onion files.
2021-01-14 13:25:08 +01:00
Erik Arvstedt
87fb9f246b
add 'enable-tor' preset
Move 'enforceTor' and onion-service definitions from secure-node.nix.
Use the onionServices module to define onion services.

Onion services now automatically work for services that bind to an INADDR_ANY (`0.0.0.0`) address.
2021-01-14 13:25:08 +01:00
Erik Arvstedt
05b5402bb1
add nix-bitcoin.onionServices 2021-01-14 13:25:07 +01:00
Erik Arvstedt
fffe988248
onionAddresses: add readonly option 'dataDir'
Used by 'onionServices' in a later commit for services that announce
their onion address.
2021-01-14 13:25:07 +01:00
Erik Arvstedt
5f34b094d3
onionAddresses: improve script
- use -e to check for existence of /var/lib/tor/state, use shorter
  polling interval
- clear existing dataDir contents to avoid accumulating obsolete data
- use concatMapStrings instead of foldl'
2021-01-14 13:25:07 +01:00
Erik Arvstedt
b266f23251
onionAddresses: use service 'script' option
This also makes the script stop on errors.
2021-01-14 13:25:07 +01:00
Erik Arvstedt
6d13b26d0a
onionAddresses: add more precise type for option 'access' 2021-01-14 13:25:06 +01:00
Erik Arvstedt
93562f76dd
onionAddresses: remove redundant option 'enable'
The service can be disabled via `onion-addresses.access = mkForce {};`

Also remove redundant description.
2021-01-14 13:25:06 +01:00
Erik Arvstedt
43c247e3fe
onionAddresses: use StateDirectory instead of tmpfiles
Simplifies the dataDir setup.
2021-01-14 13:25:06 +01:00
Erik Arvstedt
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses
This clarifies its function.
2021-01-14 13:25:05 +01:00
Erik Arvstedt
55073eee70
remove nix-bitcoin.pkgs.lib
Type ipv4Address is not needed anymore because all services have
separate 'port' and 'address' options.
2021-01-14 13:25:05 +01:00
Erik Arvstedt
09e0042aa8
spark-wallet: add consistent address options 2021-01-14 13:25:05 +01:00
Erik Arvstedt
39f16c0b4a
liquidd: add consistent address options 2021-01-14 13:25:05 +01:00
Erik Arvstedt
b5d76ba1b3
electrs: add consistent address options 2021-01-14 13:25:04 +01:00
Erik Arvstedt
8fa32b7f91
btcpayserver: add consistent address options 2021-01-14 13:25:04 +01:00
Erik Arvstedt
e78a609687
clightning: add consistent address options
Also remove option 'autolisten'. This option has no effect because
option 'bind-addr' is always set.
2021-01-14 13:25:04 +01:00
Erik Arvstedt
b41a720c28
lnd: add consistent address options
Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
2021-01-14 13:25:03 +01:00
Erik Arvstedt
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc' 2021-01-14 13:25:03 +01:00
Erik Arvstedt
5b7e0d09b2
bitcoind: add consistent address options 2021-01-14 13:25:03 +01:00
Jonas Nick
41a6be6552
Merge #297: joinmarket: add enforceTor to firewall scripts on netns-level
71ee16d767 joinmarket: add enforceTor to firewall scripts on netns-level (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 71ee16d767

Tree-SHA512: cef089012807c90034d4b1f259bf6d81bfb83a36e7d2aadd85e817728f646948c12c25d199525d578d44366ee10389cb5081c4d86842b19b06b1066ff8feec19
2021-01-10 23:11:08 +00:00
Jonas Nick
bd9bf54471
Merge #299: joinmarket: add rpcWalletFile option
e3a45fcc0c joinmarket: add rpcWalletFile option (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK e3a45fcc0c

Tree-SHA512: 325978ca7acbf19fba3888796474c9cf45d145fcee88888f0ada7ec5aad474974bf72722e3cabd99235e044892be35599624a6248194fbfc29e8cd3e6a5d329a
2021-01-10 21:53:39 +00:00
Jonas Nick
e3a45fcc0c
joinmarket: add rpcWalletFile option
The joinmarket docs recommend using a separate wallet to avoid mixing up jm and
default wallet.
2021-01-10 21:52:27 +00:00
nixbitcoin
71ee16d767
joinmarket: add enforceTor to firewall scripts on netns-level 2021-01-04 16:09:20 +00:00
Jonas Nick
0c6579b942
Merge #295: Remove deprecated nanopos & lightning-charge
79f4723cda lightning-charge: remove package and module (Jonas Nick)
58de79d401 nanopos: remove package and module (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 79f4723cda

Tree-SHA512: 853022697966159a3d1d32317b2d2e11d1f3d1f014956cf8ca72d12b30c8990a097ae17e2a11bcd666ade798695787a28f75fee1b42b21ac4bbe0d9875d112a2
2021-01-01 20:47:16 +00:00
Jonas Nick
79f4723cda
lightning-charge: remove package and module 2021-01-01 19:16:46 +00:00
Jonas Nick
58de79d401
nanopos: remove package and module 2021-01-01 17:37:30 +00:00
Jonas Nick
da674d1ccf
Merge #292: joinmarket: always synchronize secrets.jm-wallet-password
ed636dd070 joinmarket: always synchronize secrets.jm-wallet-password (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK ed636dd070

Tree-SHA512: 8024f29f98a87991701dcdb7576c4b3b72c859373153b9281b8a4bba179a33aa39a7496ecd373c0251c8d9c36e1fc7c768a2dcc228aa006bab461f8cbc5d7b0d
2020-12-30 19:18:56 +00:00
Jonas Nick
ef28768221
Merge #291: btcpayserver: add rootpath option
edc657d138 btcpayserver: add rootpath option (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK edc657d138

Tree-SHA512: d96e2fd58c46fe1e70c239c37bf97ac1431a1b83068728bbbbf69a91deb63e2a78404ca0b9a53315c457b87f86b3901c03d76befcf9db4e260c597f2706bba8c
2020-12-30 19:05:38 +00:00
Jonas Nick
656c6a1d67
Merge #289: readme: update and split into various parts
bcedf69549 readme: update and split into various parts (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK bcedf69549

Tree-SHA512: a2c3c08c4b147225621d61ac67fd11b2ebec55bda1976a731d307a9935db23499a0f4a4d6d2c7dc27940027d8e0db42c1b02ff25554c49f81d5102c8599c2439
2020-12-30 19:02:55 +00:00
nixbitcoin
ed636dd070
joinmarket: always synchronize secrets.jm-wallet-password
secrets.jm-wallet-password is always needed by joinmarket, not just when
joinmarket.yieldgenerator.enable
2020-12-30 16:49:50 +00:00
nixbitcoin
edc657d138
btcpayserver: add rootpath option 2020-12-30 16:47:50 +00:00
nixbitcoin
bcedf69549
readme: update and split into various parts 2020-12-30 15:59:22 +00:00
Jonas Nick
37caf814a7
Merge #286: Fix boot loader reference for UEFI
792962bb32 Fix boot loader reference for UEFI (Galder Zamarreño)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 792962bb32

Tree-SHA512: 7653518b835295e500f3bad86d8e68c70adddd7e6ee0abbfa5a1b3863a2c32cb6eba4da1b0f6984d85ccd4758b669983377e16cd379fced1bc3a1117099b5ffd
2020-12-23 14:27:21 +00:00
Galder Zamarreño
792962bb32
Fix boot loader reference for UEFI 2020-12-23 12:55:45 +01:00
Jonas Nick
4d1150a671
Merge #285: Add CLBOSS
196e3c9dbb clboss: add test todo (nixbitcoin)
f89498d4fc clboss: add module (nixbitcoin)
9423eadcee clboss: add pkg (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 196e3c9dbb
  jonasnick:
    utACK 196e3c9dbb

Tree-SHA512: 1c3e0dd23f45554cd423d1a4d57f936c1a3fd9e25b8332acef67ce6a648b38e55e780e4d393f93a1cbb1e342773e0f4aa039216c6d10641fe7436e7b155cc83f
2020-12-22 21:32:09 +00:00
nixbitcoin
196e3c9dbb
clboss: add test todo 2020-12-22 09:54:11 +00:00
nixbitcoin
f89498d4fc
clboss: add module 2020-12-22 09:40:00 +00:00
nixbitcoin
9423eadcee
clboss: add pkg 2020-12-22 09:39:37 +00:00
Jonas Nick
7b32a78de2
Merge #284: Fix containers
2bfb4efbd8 make-container: fix usage comment (Erik Arvstedt)
3403795c86 tests: add example scripts (Erik Arvstedt)
ff94985b8b tests: add test 'hardened' (Erik Arvstedt)
c8e73c959e fix 'hardened' profile for NixOS 20.09 (Erik Arvstedt)
44b06aea5a extra-container: 0.5-pre -> 0.5 (Erik Arvstedt)
a359cdfb66 generate-secrets: use pwgen (Erik Arvstedt)
a5a2fc7274 make-container: fix renamed variable (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 2bfb4efbd8
  jonasnick:
    utACK 2bfb4efbd8

Tree-SHA512: 421b1fc5bf695d6815f060d129855ae0fecc06f7946ed8ac2bfe53895d7dc9529aad40099fc16844547791010232252f74b1ce32cbc9c6458e6d77f327450e94
2020-12-21 12:24:14 +00:00
Jonas Nick
4195541976
Merge #283: joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
fdfafb2f40 joinmarket: 0.7.4 -> 0.8.0-bcfa7eb (nixbitcoin)
c9657305e7 temp: modify get-sha256 for hotfix commit (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK fdfafb2f40

Tree-SHA512: 510d0baf3fcb552169352fef79bcb6c8e04a68eaf4b4f6ec446a925f89d9585cdc23c20cb69748e5e0b19d8aed10c05fb47e4c0a7902d7a1cfa58844005a2f7f
2020-12-20 19:31:43 +00:00
Erik Arvstedt
2bfb4efbd8
make-container: fix usage comment 2020-12-19 13:18:50 +01:00
Erik Arvstedt
3403795c86
tests: add example scripts 2020-12-18 19:56:56 +01:00
Erik Arvstedt
ff94985b8b
tests: add test 'hardened' 2020-12-18 19:56:56 +01:00
Erik Arvstedt
c8e73c959e
fix 'hardened' profile for NixOS 20.09
The 'scudo' memory allocator set by the 'hardened' profile breaks some
services on 20.09.
The fix for NixOS unstable (https://github.com/NixOS/nixpkgs/pull/104052)
is ineffective on 20.09.

As a workaround, add a custom 'hardened' preset that uses the default allocator.
2020-12-18 19:56:56 +01:00
Erik Arvstedt
44b06aea5a
extra-container: 0.5-pre -> 0.5 2020-12-18 19:56:56 +01:00