f6b883a9ac
remove webindex
...
This module is outdated and incomplete. We can readd an improved version in
the future.
Move nanopos nginx proxy tests to the nanopos test.
2021-01-14 13:25:10 +01:00
2a240d6f4a
enable-tor: disable default onion services for clightning, lnd, btcpayserver
...
In case of btcpayserver the default onion service is a security risk
because any visitor can register an admin account on a freshly setup node.
2021-01-14 13:25:09 +01:00
18c7842e1a
modules: show warnings for obsolete options
2021-01-14 13:25:09 +01:00
45c40c4eb9
versioning: simplify assertion evaluation
2021-01-14 13:25:09 +01:00
bed00fe937
lnd: use onionServices for address announcing
2021-01-14 13:25:09 +01:00
3980cd5a41
clightning: use onionServices for address announcing
2021-01-14 13:25:08 +01:00
bd2a46cb73
spark-wallet: use onionServices
...
Also remove the unneeded definition of ReadWritePaths because the
service doesn't need write access to onion files.
2021-01-14 13:25:08 +01:00
87fb9f246b
add 'enable-tor' preset
...
Move 'enforceTor' and onion-service definitions from secure-node.nix.
Use the onionServices module to define onion services.
Onion services now automatically work for services that bind to an INADDR_ANY (`0.0.0.0`) address.
2021-01-14 13:25:08 +01:00
05b5402bb1
add nix-bitcoin.onionServices
2021-01-14 13:25:07 +01:00
fffe988248
onionAddresses: add readonly option 'dataDir'
...
Used by 'onionServices' in a later commit for services that announce
their onion address.
2021-01-14 13:25:07 +01:00
5f34b094d3
onionAddresses: improve script
...
- use -e to check for existence of /var/lib/tor/state, use shorter
polling interval
- clear existing dataDir contents to avoid accumulating obsolete data
- use concatMapStrings instead of foldl'
2021-01-14 13:25:07 +01:00
b266f23251
onionAddresses: use service 'script' option
...
This also makes the script stop on errors.
2021-01-14 13:25:07 +01:00
6d13b26d0a
onionAddresses: add more precise type for option 'access'
2021-01-14 13:25:06 +01:00
93562f76dd
onionAddresses: remove redundant option 'enable'
...
The service can be disabled via `onion-addresses.access = mkForce {};`
Also remove redundant description.
2021-01-14 13:25:06 +01:00
43c247e3fe
onionAddresses: use StateDirectory instead of tmpfiles
...
Simplifies the dataDir setup.
2021-01-14 13:25:06 +01:00
5c6977b006
rename onion-chef -> nix-bitcoin.onionAddresses
...
This clarifies its function.
2021-01-14 13:25:05 +01:00
55073eee70
remove nix-bitcoin.pkgs.lib
...
Type ipv4Address is not needed anymore because all services have
separate 'port' and 'address' options.
2021-01-14 13:25:05 +01:00
09e0042aa8
spark-wallet: add consistent address options
2021-01-14 13:25:05 +01:00
39f16c0b4a
liquidd: add consistent address options
2021-01-14 13:25:05 +01:00
b5d76ba1b3
electrs: add consistent address options
2021-01-14 13:25:04 +01:00
8fa32b7f91
btcpayserver: add consistent address options
2021-01-14 13:25:04 +01:00
e78a609687
clightning: add consistent address options
...
Also remove option 'autolisten'. This option has no effect because
option 'bind-addr' is always set.
2021-01-14 13:25:04 +01:00
b41a720c28
lnd: add consistent address options
...
Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
2021-01-14 13:25:03 +01:00
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc'
2021-01-14 13:25:03 +01:00
5b7e0d09b2
bitcoind: add consistent address options
2021-01-14 13:25:03 +01:00
0c6579b942
Merge #295 : Remove deprecated nanopos & lightning-charge
...
79f4723cda58de79d40179f4723cda
2021-01-01 20:47:16 +00:00
79f4723cda
lightning-charge: remove package and module
2021-01-01 19:16:46 +00:00
58de79d401
nanopos: remove package and module
2021-01-01 17:37:30 +00:00
da674d1ccf
Merge #292 : joinmarket: always synchronize secrets.jm-wallet-password
...
ed636dd070ed636dd070
2020-12-30 19:18:56 +00:00
ef28768221
Merge #291 : btcpayserver: add rootpath option
...
edc657d138edc657d138
2020-12-30 19:05:38 +00:00
656c6a1d67
Merge #289 : readme: update and split into various parts
...
bcedf69549bcedf69549
2020-12-30 19:02:55 +00:00
ed636dd070
joinmarket: always synchronize secrets.jm-wallet-password
...
secrets.jm-wallet-password is always needed by joinmarket, not just when
joinmarket.yieldgenerator.enable
2020-12-30 16:49:50 +00:00
edc657d138
btcpayserver: add rootpath option
2020-12-30 16:47:50 +00:00
bcedf69549
readme: update and split into various parts
2020-12-30 15:59:22 +00:00
37caf814a7
Merge #286 : Fix boot loader reference for UEFI
...
792962bb32792962bb32
2020-12-23 14:27:21 +00:00
792962bb32
Fix boot loader reference for UEFI
2020-12-23 12:55:45 +01:00
4d1150a671
Merge #285 : Add CLBOSS
...
196e3c9dbbf89498d4fc9423eadcee196e3c9dbb196e3c9dbb
2020-12-22 21:32:09 +00:00
196e3c9dbb
clboss: add test todo
2020-12-22 09:54:11 +00:00
f89498d4fc
clboss: add module
2020-12-22 09:40:00 +00:00
9423eadcee
clboss: add pkg
2020-12-22 09:39:37 +00:00
7b32a78de2
Merge #284 : Fix containers
...
2bfb4efbd83403795c86ff94985b8bc8e73c959e44b06aea5aa359cdfb66a5a2fc72742bfb4efbd82bfb4efbd8
2020-12-21 12:24:14 +00:00
4195541976
Merge #283 : joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
...
fdfafb2f40c9657305e7fdfafb2f40
2020-12-20 19:31:43 +00:00
2bfb4efbd8
make-container: fix usage comment
2020-12-19 13:18:50 +01:00
3403795c86
tests: add example scripts
2020-12-18 19:56:56 +01:00
ff94985b8b
tests: add test 'hardened'
2020-12-18 19:56:56 +01:00
c8e73c959e
fix 'hardened' profile for NixOS 20.09
...
The 'scudo' memory allocator set by the 'hardened' profile breaks some
services on 20.09.
The fix for NixOS unstable (https://github.com/NixOS/nixpkgs/pull/104052 )
is ineffective on 20.09.
As a workaround, add a custom 'hardened' preset that uses the default allocator.
2020-12-18 19:56:56 +01:00
44b06aea5a
extra-container: 0.5-pre -> 0.5
2020-12-18 19:56:56 +01:00
a359cdfb66
generate-secrets: use pwgen
...
Password length and alphabet is unchanged, but the restriction to
include at least one numeric and one capital char has been removed.
This restriction is not needed by client applications,
adds code complexity, and even (insignificantly) reduces entropy.
Reason for switching to pwgen:
apg uses /dev/random instead of /dev/urandom which brings no security
benefits but can stall the generate-secrets script on low-entropy
devices due to blocking.
Since `security.rngd` has been disabled in NixOS 20.09, blocking
in generate-secrets can also appear on regular NixOS desktop systems.
2020-12-18 19:56:56 +01:00
fdfafb2f40
joinmarket: 0.7.4 -> 0.8.0-bcfa7eb
...
Update to 0.8.0 with hotfix for genwallet script
Includes module versioning error with migration instructions
2020-12-17 11:12:58 +00:00
a5a2fc7274
make-container: fix renamed variable
...
The variable was only renamed in run-tests.sh, which broke containers.
2020-12-16 01:29:12 +01:00
Erik Arvstedt
Jonas Nick
nixbitcoin
Galder Zamarreño