Commit Graph

1580 Commits

Author SHA1 Message Date
Erik Arvstedt
145961c2de
fix operator authorized keys setup
This fixes these flaws in `copy-root-authorized-keys`:
- When `.vbox-nixops-client-key` is missing, operator's authorized_keys
  file is always appended to, growing the file indefinitely.
- Service is always added and not restricted to nixops-vbox deployments.
2020-04-09 11:02:06 +02:00
Jonas Nick
d7d7070e8c
Merge #155: nixops: build with pinned nixpkgs
041ec55794 nixops: build with pinned nixpkgs (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 041ec55794

Tree-SHA512: dfe01993b2f8d6f135069dc59dc03e5902f5a36a7f9f63f3299453314cb2cec5da3be9ef66f0186f03c132d0828d30b53d2760aaf91b77f3e2b95555304c4269
2020-04-08 18:48:06 +00:00
Erik Arvstedt
37b2faf63c
move systemPackages definitions to services
These are generally useful and shouldn't be limited to secure-node.nix.

Also, only add the hardware-wallets group when hardware wallets are enabled.
2020-04-08 17:35:14 +02:00
Erik Arvstedt
6c22e13b7f
copy-root-authorized-keys: use inline script definition 2020-04-08 17:35:14 +02:00
Erik Arvstedt
63c6fe3213
fixup! use '' for multi-line string 2020-04-08 17:35:14 +02:00
Erik Arvstedt
ab617946a9
extract variable 'cfg' 2020-04-08 17:35:13 +02:00
Erik Arvstedt
36c84d8360
add option clightning.onionport
Analogous to electrs.onionport
2020-04-08 17:35:13 +02:00
Erik Arvstedt
681dbaf328
move electrs.onionport option
Only used in secure-node.nix
2020-04-08 17:35:13 +02:00
Erik Arvstedt
74fbfa3a5d
use lib.optionals 2020-04-08 17:35:13 +02:00
Erik Arvstedt
ec6d33fbb6
rearrange code sections
Move services to the top, operator account setup to the bottom.
2020-04-08 17:35:13 +02:00
Erik Arvstedt
e16ddc9c77
extract 'mkHiddenService'
toPort equals port by default.
2020-04-08 17:35:13 +02:00
Erik Arvstedt
89d3d58850
use mkIf 2020-04-08 17:35:13 +02:00
Erik Arvstedt
85e52a06cb
improve grouping of suboptions 2020-04-08 17:35:12 +02:00
Erik Arvstedt
1a63f0ca6a
remove option 'services.nix-bitcoin.enable'
Users can enable the node config just by importing secure-node.nix
2020-04-08 17:35:12 +02:00
Erik Arvstedt
0f8b2e91fd
add nix-bitcoin.nix for backwards compatibility 2020-04-08 17:35:12 +02:00
Erik Arvstedt
28792f79dc
rename nix-bitcoin.nix -> presets/secure-node.nix 2020-04-08 17:35:12 +02:00
Erik Arvstedt
041ec55794
nixops: build with pinned nixpkgs 2020-04-08 17:29:50 +02:00
Jonas Nick
0c4ba43ee8
Merge #149: docs: update nix installation instructions
0ac7b1660b docs: update nix installation instructions (Jonas Nick)

Pull request description:

Top commit has no ACKs.

Tree-SHA512: 34c4ef923d3893d1fb1245f6140bca844e44c1733edd781e88e848542360993658c70ae24519c9a49f7ffb64765c5353da5056f59d9d25a2b8d13fd02f9fe97a
2020-04-08 15:11:45 +00:00
Jonas Nick
0ac7b1660b
docs: update nix installation instructions 2020-04-08 15:10:34 +00:00
Jonas Nick
9239268ab6
Merge #136: Change the nix-bitcoin deployment from forking this repo to importing the module
b2e15c17b8 docs: Update to new deployment method (import instead of fork) (Jonas Nick)
5ed0284db9 Add fetch-release script (Jonas Nick)
c303cd47e4 Add push-release.sh helper (Jonas Nick)
705d187a35 examples/shell.nix: don't run shellHook on subsequent nix-shells (Erik Arvstedt)
65039be656 docs: Remove duplicate instructions (Jonas Nick)
455c5664c9 docs: Replace tabs with spaces (Jonas Nick)
8aa4714979 docs: Update NixOS version (Jonas Nick)
9df22a2764 add deploy-qemu-vm.sh example (Erik Arvstedt)
548ced1994 README: Add Example section (Jonas Nick)
44ccbb91d0 Clean up development shell.nix (Jonas Nick)
abcee651d3 add deploy-container.sh (Erik Arvstedt)
5dadea310c add deploy-nixops.sh (Erik Arvstedt)
0c74c365de mention performance loss with hardened kernel profile (Erik Arvstedt)
f3121892ef move main module import to configuration.nix (Erik Arvstedt)
0c0978c007 extract module 'deployment/nixops.nix', add option 'deployment.secretsDir' (Erik Arvstedt)
87d0286498 Change the nix-bitcoin deployment from forking this repo to importing the module (Jonas Nick)

Pull request description:

Top commit has no ACKs.

Tree-SHA512: 18e8b71f42715c5e82e2dafde9dcc965594d76aacc6be7ee2ec746a9510065749cc65331687a57d7140f45779c3b7867f6260ec224d361fb5a477062a27d6e4c
2020-04-08 15:03:08 +00:00
Jonas Nick
b2e15c17b8
docs: Update to new deployment method (import instead of fork)
Now you clone nix-bitcoin and start out from the examples.
2020-04-08 07:01:39 +00:00
Jonas Nick
5ed0284db9
Add fetch-release script
This allows getting the hash of the latest (or some other) release
using github releases and gpg verification.
2020-04-08 07:01:35 +00:00
Jonas Nick
b9fbb144ca
Merge #151: readme: add travis badge
334e30a291 readme: add travis badge (William Casarin)

Pull request description:

ACKs for top commit:
  jonasnick:
    Neat, thanks. ACK 334e30a291

Tree-SHA512: 1cad880c4a147f9f2c68c377a872e48fc5ce01db8cfd3d3d78e23ee3e6336fdb69f0cff9f9e1fe9d4efb079675ead7a05a975ebf5d963403c78be3e6f9e5ed76
2020-04-06 20:03:12 +00:00
William Casarin
334e30a291 readme: add travis badge
Signed-off-by: William Casarin <jb55@jb55.com>
2020-04-04 15:00:11 -07:00
Jonas Nick
6ec8b1d2a3
Merge #148: Misc. fixes
e398674964 run-tests.sh: fix leaking tmp files outside TMPDIR (Erik Arvstedt)
b07c77f4a4 secrets.nix: remove obsolete comment (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK e398674964

Tree-SHA512: 08b61e40fc80d5d1af1d736dd5f27ff3785b07e481f179e525fec4d78d89795c6d572a3a4b9b5ad9afd47656530cbfb8cdc1da9204571eff41767cad7ae1276e
2020-03-30 20:33:12 +00:00
Jonas Nick
83e2437399
Merge #147: remove custom no-upnp bitcoind builds
3a606608fb remove custom no-upnp bitcoind builds (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 3a606608fb

Tree-SHA512: 4a3c1baadd6a8c6e31c0b7bf492548e4af4de753dc677d61f27f7bc35de53fd7013ae0c041a4b32ed015b9b91ece5664491356251e8792ab804724e9ca71bd81
2020-03-30 20:28:46 +00:00
Jonas Nick
c303cd47e4
Add push-release.sh helper
Prepares, signs and pushes a release to github.
2020-03-30 11:01:31 +02:00
Erik Arvstedt
705d187a35
examples/shell.nix: don't run shellHook on subsequent nix-shells
This avoids an extra delay and the unexpected creation of secrets when
run in another dir.

Needed for the 'fetch-release' script introduced in a later commit.
2020-03-30 11:00:31 +02:00
Jonas Nick
65039be656
docs: Remove duplicate instructions 2020-03-30 10:57:01 +02:00
Jonas Nick
455c5664c9
docs: Replace tabs with spaces 2020-03-30 10:57:01 +02:00
Jonas Nick
8aa4714979
docs: Update NixOS version 2020-03-30 10:57:00 +02:00
Erik Arvstedt
9df22a2764
add deploy-qemu-vm.sh example 2020-03-30 10:56:57 +02:00
Jonas Nick
548ced1994
README: Add Example section 2020-03-30 10:55:50 +02:00
Jonas Nick
44ccbb91d0
Clean up development shell.nix 2020-03-30 10:49:15 +02:00
Erik Arvstedt
abcee651d3
add deploy-container.sh 2020-03-30 10:49:15 +02:00
Erik Arvstedt
e398674964
run-tests.sh: fix leaking tmp files outside TMPDIR
- Move vm image (NIX_DISK_IMAGE) from $TMP to $TMPDIR
- Set $PWD

Also:
- Simplify mktemp command
- USE_TMPDIR=1: Don't create extra dir inside $TMPDIR
2020-03-29 18:51:35 +02:00
Erik Arvstedt
b07c77f4a4
secrets.nix: remove obsolete comment 2020-03-29 18:51:34 +02:00
Erik Arvstedt
3a606608fb
remove custom no-upnp bitcoind builds
Disabling upnp via compilation brings no substantial security benefits.
There's no way to inadvertently enable upnp, it must be set explicitly
via bitcoind.extraConfig.

But it's a huge hassle for new users who have to recompile bitcoind
before being able to use nix-bitcoin.

Also, elementsd is currently built with upnp support by default.
2020-03-26 10:14:03 +01:00
Erik Arvstedt
5dadea310c
add deploy-nixops.sh 2020-03-24 21:43:22 +00:00
Erik Arvstedt
0c74c365de
mention performance loss with hardened kernel profile 2020-03-24 21:43:22 +00:00
Erik Arvstedt
f3121892ef
move main module import to configuration.nix 2020-03-24 21:43:21 +00:00
Erik Arvstedt
0c0978c007
extract module 'deployment/nixops.nix', add option 'deployment.secretsDir' 2020-03-24 21:43:21 +00:00
Jonas Nick
87d0286498
Change the nix-bitcoin deployment from forking this repo to importing the module
Instead of forking this repo, it is now recommended that users simply import the
nix-bitcoin module. This commit adds an example directory that contains the
network/ examples and a shell.nix for deployment with nixops.
2020-03-24 21:43:17 +00:00
Jonas Nick
2d51c722cc
Merge #146: lnd: add package option
106dcacb61 lnd: add package option (Jonas Nick)

Pull request description:

Top commit has no ACKs.

Tree-SHA512: 95f4fa40c34421872ca8940c6ad87775a8c7e75e8b3d5df2ed3a348c1f6212ae7b090b889831bc9ee6ddbcb26e9e237bfbd08542a0a5b7f92b06f2591182710f
2020-03-09 09:04:17 +00:00
Jonas Nick
106dcacb61
lnd: add package option 2020-03-09 08:22:00 +00:00
Jonas Nick
3158e39009
Merge #137: Add nixops19_09 to default pkgs.
28cf7ebe74 Add nixops19_09 to default pkgs. (Jonas Nick)

Pull request description:

Top commit has no ACKs.

Tree-SHA512: e10f7d8d94df506cc5848477956da6cd3cc1c7ee87950df8c09da27e2fcac87b97c7dff1facafde5b114a9d7f6076f492956c2b684a7776b2566e86ba78a9d1d
2020-03-08 14:07:04 +00:00
Jonas Nick
28cf7ebe74
Add nixops19_09 to default pkgs.
It's helpful to be able to use this packages when importing nix-bitcoin.
2020-03-08 14:00:23 +00:00
Jonas Nick
d62dac450a
Merge #144: Electrs fixes
5596bcf4fb bitcoind: set default rpcuser (Erik Arvstedt)
c4cf323873 electrs: add option 'extraArgs' (Erik Arvstedt)
e731d71232 electrs: add option 'address' (Erik Arvstedt)
1e62456ed1 electrs: test RPC connection to bitcoind (Erik Arvstedt)
0be67c325e electrs: use cfg.user, cfg.group (Erik Arvstedt)
48be5a79fa electrs.enable: use mkEnableOption (Erik Arvstedt)
b75b2a1626 electrs: improve description (Erik Arvstedt)
fa3455d01f electrs: don't leak bitcoinrpc secret through process ARGV (Erik Arvstedt)
f30aadbef2 electrs: enable unstable build, pin pkg to unstable (Erik Arvstedt)
5c6571654e electrs: 0.7.1 -> 0.8.3 (Erik Arvstedt)
47481b2642 electrs: quote dataDir in shell cmd (Erik Arvstedt)
8fb33d1099 electrs: use bitcoind.dataDir option (Erik Arvstedt)
45ba1f1fb3 electrs: don't print timestamps to log (Erik Arvstedt)
88080a58bf electrs: wrap long lines in preStart (Erik Arvstedt)
301bb91ae5 simplify setting high-memory options (Erik Arvstedt)
93fd2329b8 electrs: make nginx TLS proxy optional (Erik Arvstedt)
acde24ce43 electrs: move user/group definitions to bottom (Erik Arvstedt)
148327326b electrs: formatting (Erik Arvstedt)
cce9932b62 make pinned pkgs accessible through pkgs/default.nix (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 5596bcf4fb

Tree-SHA512: 2064b352839a1787ccb05930ac2cf1f0d3596aaea81135086e8a91b9eebf319868087a27cdf9f2fd0152ab652d338680cdf9e866185e86777fcdd87931651b39
2020-03-04 21:03:48 +00:00
Erik Arvstedt
5596bcf4fb
bitcoind: set default rpcuser
We're already setting a default rpcpassword, so we should set an
accompanying rpcuser so that rpc clients like electrs work out of the box.
2020-03-04 18:09:52 +01:00
Erik Arvstedt
c4cf323873
electrs: add option 'extraArgs'
Electrs allows defining settings multiple times via cmdline args, but
not via config files.
So 'extraArgs' is the only way to implement overridable settings,
'extraOptions' wouldn't work.
2020-03-04 18:09:52 +01:00