It appears the pinned attrset is a bit adhoc. This generalizes
pinned.nix so that you can do:
$ nix build -f . pinned.stable.hwi
$ nix build -f . pinned.unstable.hwi
etc
Signed-off-by: William Casarin <jb55@jb55.com>
Disabling upnp via compilation brings no substantial security benefits.
There's no way to inadvertently enable upnp, it must be set explicitly
via bitcoind.extraConfig.
But it's a huge hassle for new users who have to recompile bitcoind
before being able to use nix-bitcoin.
Also, elementsd is currently built with upnp support by default.
Use buildRustPackage instead of buildRustCrate (via crate2nix).
buildRustPackage builds the whole executable and its libraries in a
single `cargo build` process.
With the create2nix approach each library is built in a separate derivation,
directly using rustc instead of the cargo wrapper.
Benefits of buildRustPackage:
- Much simpler to maintain
- Package derivation evaluates much faster
Benefits of crate2nix:
- Build can be distributed over multiple build hosts
- Better sharing of common dependencies between different builds
- More fine-grained rebuilding on build failures
In nixpkgs buildRustPackage is used for almost all Rust pkgs, it's
also a better fit for our use case.
Each secret file to be deployed is now backed by one local file.
This simplifies 'setup-secrets' and the secret definitions.
Also, with the old format it was not possible to add new secrets
to secrets.nix in a simple way.
Old secrets are automatically converted to the new format when running
nix-shell.
Using the new option 'nix-bitcoin.secrets', secrets are now directly
defined by the services that use them.
An executable is more robust to use than shell aliases.
This is also a preparation for commit 'add module test' because the
NixOS testing framework makes interactive aliases hard to use: It
unsets 'PS1' which is used by programs/bash/bash.nix to detect
interactive shells.
We're now directly using Greg's unmodified banlist which
simplifies the update process.
The banlist package with its dependency on the bitcoin datadir path is only
relevant for internal use within nix-bitcoin, so we can safely remove
it.
We're now using the bitcoin-cli from `services.bitcoind.package`.
Fixes#129
Without this, starting the virtualbox guest service fails during machine activation.
This is due to an incompatible NixOS machine base image.
Fix this by using an updated version of nixops.
c5024d0f15 Add liquid-swap tool to CI (Jonas Nick)
29e612d3bd Remove spark-wallet with unstable from nixpkgs because it doesn't work (Jonas Nick)
c1d67c4cee Update nixpkgs (Jonas Nick)
Pull request description:
Top commit has no ACKs.
Tree-SHA512: 64de79713b656a7535c0a89f8cead5be0168b067d2e79d9b9dfa7152635d09cea677494ad04f8a0b5f9c5278860ff8f75813561ddafb5ca8024f1f66b4fd4f34
ae15205689 Mention another way to get nixops to pick up the correct IP address of a virtualbox (Jonas Nick)
4df0c9fcfd Fix nodeinfo for clightning (Jonas Nick)
Pull request description:
ACKs for top commit:
cypherpunk2140:
ACK ae15205689
Tree-SHA512: 56fff8c687e0070c0dcd1d7c44cd1b82f6d86103e8634a06fc823dea4bf9d1d986bcfb19caa6c72836c4cbcb636cd5360b3326ae71ee05ecf0942c02566b61b9
9d029fd1af Remove lnd explicit tor onion service config (Ștefan D. Mihăilă)
1f407ef22c Remove lnd user from onion-chef (Ștefan D. Mihăilă)
5880023158 Increase xxd column size (Ștefan D. Mihăilă)
101ae3c370 Instruct user to backup channel.backup (Ștefan D. Mihăilă)
fccd91972a Fix "value is a list [...]" error when lnd is not enabled (Ștefan D. Mihăilă)
700fdf6feb Add logdir and tor.privatekeypath to lnd.conf (Ștefan D. Mihăilă)
5a2517b926 Check for existing secrets and create them more granularly (Ștefan D. Mihăilă)
d6f961db89 Reuse lnd seed (Ștefan D. Mihăilă)
9b0753135c Add LND support (Ștefan D. Mihăilă)
4acf5cd32c Remove unused nginx.csr file (Ștefan D. Mihăilă)
19b971f21f Rename nginx certificate files (Ștefan D. Mihăilă)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 9d029fd1af
Tree-SHA512: 58ee80bcab6c3a1c4642a5d40b94e10d28311557ae7c69539fee90d6f252a6afc70b8066cc7d7ddc0a45e2675978718a369b0341c518f8ce7590cbde1403eaeb
This is almost equivalent except that with symbolic reference node2nix
consults the NPM registry for package.json information instead of the
package.json in the tgz file. The registry canonicalizes the
"dependencies" attribute in that it adds all "optionalDependencies",
which the npm binary would do for local package.json files, but
node2nix does not.
For spark-wallet optionalDependencies are not listed in the tgz
distributed package.json, hence node2nix misses them. This leads to a
missing qrcode-terminal package and spark-wallet dying when called
with -Q.
The strategy of invoking node2nix inside a derivation (installPhase in
this case) does not work, as under NixOS installations there is no
network traffic allowed during a derivation build. Hence, we move
node2nix outside and rewrite the packaging into the modules.
Also switch to callPackage instead of plain imports. This could
probably be done on all other imported packages inside of
nix-bitcoin-pkgs.nix.