509fca5328
fix syntax error
...
Fixes #172
2020-05-06 12:13:32 +02:00
159f551b93
Remove bitcoin, clightning, electrs, liquid user home directory
2020-04-26 14:08:08 +02:00
742aef1e0f
Only set dataDirReadableByGroup if cfg.high-memory is enabled
2020-04-24 16:21:12 +02:00
4dc6c3ba5d
add option 'dataDirReadableByGroup'
...
These settings are now more accessible for users that don't use
nix-bitcoin's default node config.
Additionally, remove 'other' permissions via umask.
2020-04-16 15:55:34 +02:00
3e188238d0
only update bitcoin.conf when changed
2020-04-12 22:32:37 +02:00
08322eed9b
use [[ test
2020-04-12 22:32:37 +02:00
201fc33782
move line to relevant code section (blocks dir setup)
2020-04-12 22:32:37 +02:00
1f8fe310d0
remove option 'configFileOption'
...
It doesn't make sense for bitcoind users to completely redefine their
config file. Also, it's poorly named and the description is faulty.
This is a breaking change, but this option has probably no actual users.
2020-04-12 22:32:37 +02:00
4e5c1d7551
disable redundant logfile
2020-04-12 22:32:37 +02:00
a05551fd1c
improve config file formatting
2020-04-12 22:32:37 +02:00
5e81d60d63
improve formatting
2020-04-12 22:32:37 +02:00
d60a5aa4db
define rpc.users submodule inline
...
Improves readability.
2020-04-12 22:32:37 +02:00
1a2271fb14
remove unused variable 'hexStr'
2020-04-12 22:32:36 +02:00
4e92b1c818
remove redundant hardening options
...
These are already defined in nix-bitcoin-services.defaultHardening.
2020-04-12 22:32:36 +02:00
47fd6cd0f3
simplify ExecStart
2020-04-12 22:32:36 +02:00
64fc63cc40
remove pidFile
...
- service type "simple" is the default
- pidFile is not needed for service type "simple"
2020-04-12 22:32:36 +02:00
bceaa361ca
operator: allow reading systemd journal
2020-04-09 11:02:06 +02:00
145961c2de
fix operator authorized keys setup
...
This fixes these flaws in `copy-root-authorized-keys`:
- When `.vbox-nixops-client-key` is missing, operator's authorized_keys
file is always appended to, growing the file indefinitely.
- Service is always added and not restricted to nixops-vbox deployments.
2020-04-09 11:02:06 +02:00
37b2faf63c
move systemPackages definitions to services
...
These are generally useful and shouldn't be limited to secure-node.nix.
Also, only add the hardware-wallets group when hardware wallets are enabled.
2020-04-08 17:35:14 +02:00
6c22e13b7f
copy-root-authorized-keys: use inline script definition
2020-04-08 17:35:14 +02:00
63c6fe3213
fixup! use '' for multi-line string
2020-04-08 17:35:14 +02:00
ab617946a9
extract variable 'cfg'
2020-04-08 17:35:13 +02:00
36c84d8360
add option clightning.onionport
...
Analogous to electrs.onionport
2020-04-08 17:35:13 +02:00
681dbaf328
move electrs.onionport option
...
Only used in secure-node.nix
2020-04-08 17:35:13 +02:00
74fbfa3a5d
use lib.optionals
2020-04-08 17:35:13 +02:00
ec6d33fbb6
rearrange code sections
...
Move services to the top, operator account setup to the bottom.
2020-04-08 17:35:13 +02:00
e16ddc9c77
extract 'mkHiddenService'
...
toPort equals port by default.
2020-04-08 17:35:13 +02:00
89d3d58850
use mkIf
2020-04-08 17:35:13 +02:00
85e52a06cb
improve grouping of suboptions
2020-04-08 17:35:12 +02:00
1a63f0ca6a
remove option 'services.nix-bitcoin.enable'
...
Users can enable the node config just by importing secure-node.nix
2020-04-08 17:35:12 +02:00
0f8b2e91fd
add nix-bitcoin.nix for backwards compatibility
2020-04-08 17:35:12 +02:00
28792f79dc
rename nix-bitcoin.nix -> presets/secure-node.nix
2020-04-08 17:35:12 +02:00
9239268ab6
Merge #136 : Change the nix-bitcoin deployment from forking this repo to importing the module
...
b2e15c17b85ed0284db9c303cd47e4705d187a3565039be656455c5664c98aa47149799df22a2764548ced199444ccbb91d0abcee651d35dadea310c0c74c365def3121892ef0c0978c00787d0286498
2020-04-08 15:03:08 +00:00
b07c77f4a4
secrets.nix: remove obsolete comment
2020-03-29 18:51:34 +02:00
0c0978c007
extract module 'deployment/nixops.nix', add option 'deployment.secretsDir'
2020-03-24 21:43:21 +00:00
106dcacb61
lnd: add package option
2020-03-09 08:22:00 +00:00
5596bcf4fb
bitcoind: set default rpcuser
...
We're already setting a default rpcpassword, so we should set an
accompanying rpcuser so that rpc clients like electrs work out of the box.
2020-03-04 18:09:52 +01:00
c4cf323873
electrs: add option 'extraArgs'
...
Electrs allows defining settings multiple times via cmdline args, but
not via config files.
So 'extraArgs' is the only way to implement overridable settings,
'extraOptions' wouldn't work.
2020-03-04 18:09:52 +01:00
e731d71232
electrs: add option 'address'
2020-03-04 18:09:52 +01:00
0be67c325e
electrs: use cfg.user, cfg.group
2020-03-04 18:09:51 +01:00
48be5a79fa
electrs.enable: use mkEnableOption
2020-03-04 18:09:51 +01:00
b75b2a1626
electrs: improve description
2020-03-04 18:09:51 +01:00
fa3455d01f
electrs: don't leak bitcoinrpc secret through process ARGV
...
Supply secret via private config file instead.
2020-03-04 18:09:51 +01:00
47481b2642
electrs: quote dataDir in shell cmd
2020-03-04 18:09:50 +01:00
8fb33d1099
electrs: use bitcoind.dataDir option
2020-03-04 18:09:50 +01:00
45ba1f1fb3
electrs: don't print timestamps to log
...
Already provided by journald.
2020-03-04 18:09:49 +01:00
88080a58bf
electrs: wrap long lines in preStart
2020-03-04 18:09:49 +01:00
301bb91ae5
simplify setting high-memory options
2020-03-04 18:09:49 +01:00
93fd2329b8
electrs: make nginx TLS proxy optional
...
Electrs users shouldn't be forced to run a TLS proxy.
2020-03-04 18:09:48 +01:00
acde24ce43
electrs: move user/group definitions to bottom
...
Consistent with other service defs.
2020-03-04 18:09:48 +01:00
Erik Arvstedt
nixbitcoin
Jonas Nick