Compare commits
10 Commits
744d8fe379
...
235a87946c
Author | SHA1 | Date | |
---|---|---|---|
|
235a87946c | ||
|
4b7e09e184 | ||
|
d9baa2e108 | ||
|
fcd81d486d | ||
|
946b42808b | ||
|
1d69c9c824 | ||
|
30c874de01 | ||
|
490146ff34 | ||
|
5df123f3a4 | ||
|
9f3daab64f |
Binary file not shown.
@ -367,9 +367,10 @@ in {
|
|||||||
proto.sam.enable = true;
|
proto.sam.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
# Commented out to avoid trying to chown the nfs-mounted directory
|
||||||
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
# systemd.tmpfiles.rules = [
|
||||||
];
|
# "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||||
|
# ];
|
||||||
|
|
||||||
systemd.services.bitcoind = {
|
systemd.services.bitcoind = {
|
||||||
# Use `wants` instead of `requires` so that bitcoind and all dependent services
|
# Use `wants` instead of `requires` so that bitcoind and all dependent services
|
||||||
@ -412,9 +413,9 @@ in {
|
|||||||
'';
|
'';
|
||||||
|
|
||||||
# Enable RPC access for group
|
# Enable RPC access for group
|
||||||
postStart = ''
|
# postStart = ''
|
||||||
chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
|
# chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
|
||||||
'';
|
# '';
|
||||||
|
|
||||||
serviceConfig = nbLib.defaultHardening // {
|
serviceConfig = nbLib.defaultHardening // {
|
||||||
Type = "notify";
|
Type = "notify";
|
||||||
|
@ -61,9 +61,10 @@ in {
|
|||||||
listenWhitelisted = true;
|
listenWhitelisted = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
# Commented out to allow nfs mounts
|
||||||
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
# systemd.tmpfiles.rules = [
|
||||||
];
|
# "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||||
|
# ];
|
||||||
|
|
||||||
systemd.services.electrs = {
|
systemd.services.electrs = {
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
@ -158,7 +158,7 @@ let
|
|||||||
onion_serving_host = ${cfg.messagingAddress}
|
onion_serving_host = ${cfg.messagingAddress}
|
||||||
onion_serving_port = ${toString cfg.messagingPort}
|
onion_serving_port = ${toString cfg.messagingPort}
|
||||||
hidden_service_dir =
|
hidden_service_dir =
|
||||||
directory_nodes = 3kxw6lf5vf6y26emzwgibzhrzhmhqiw6ekrek3nqfjjmhwznb2moonad.onion:5222,jmdirjmioywe2s5jad7ts6kgcqg66rj6wujj6q77n6wbdrgocqwexzid.onion:5222,bqlpq6ak24mwvuixixitift4yu42nxchlilrcqwk2ugn45tdclg42qid.onion:5222
|
directory_nodes = g3hv4uynnmynqqq2mchf3fcm3yd46kfzmcdogejuckgwknwyq5ya6iad.onion:5222,3kxw6lf5vf6y26emzwgibzhrzhmhqiw6ekrek3nqfjjmhwznb2moonad.onion:5222,bqlpq6ak24mwvuixixitift4yu42nxchlilrcqwk2ugn45tdclg42qid.onion:5222
|
||||||
|
|
||||||
# irc.darkscience.net
|
# irc.darkscience.net
|
||||||
[MESSAGING:server1]
|
[MESSAGING:server1]
|
||||||
|
@ -22,6 +22,11 @@ let self = {
|
|||||||
spark-wallet = pkgs.callPackage ./spark-wallet { };
|
spark-wallet = pkgs.callPackage ./spark-wallet { };
|
||||||
trustedcoin = pkgs.callPackage ./trustedcoin { };
|
trustedcoin = pkgs.callPackage ./trustedcoin { };
|
||||||
|
|
||||||
|
# TODO-EXTERNAL:
|
||||||
|
# Remove this when https://github.com/lightningnetwork/lnd/pull/7672
|
||||||
|
# has been resolved
|
||||||
|
lnd = pkgsUnstable.callPackage ./lnd { };
|
||||||
|
|
||||||
pyPkgs = import ./python-packages self pkgs.python3;
|
pyPkgs = import ./python-packages self pkgs.python3;
|
||||||
inherit (self.pyPkgs)
|
inherit (self.pyPkgs)
|
||||||
nbPython3Packages
|
nbPython3Packages
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
{ stdenv, lib, fetchurl, python3, nbPython3PackagesJoinmarket }:
|
{ stdenv, lib, fetchFromGitHub, python3, nbPython3PackagesJoinmarket }:
|
||||||
|
|
||||||
let
|
let
|
||||||
version = "0.9.8";
|
version = "0.9.9";
|
||||||
src = fetchurl {
|
src = fetchFromGitHub {
|
||||||
url = "https://github.com/JoinMarket-Org/joinmarket-clientserver/archive/v${version}.tar.gz";
|
owner = "joinmarket-org";
|
||||||
sha256 = "1ab4smpyx966iiiip3g11bcslya37qhac1kgkbmsmlsdkpilw9di";
|
repo = "joinmarket-clientserver";
|
||||||
|
rev = "v${version}";
|
||||||
|
sha256 = "sha256-dkeSgAhjNl8o/ATKYAlQxxCrur5fLdXuMDXSnWaxYP8=";
|
||||||
};
|
};
|
||||||
|
|
||||||
runtimePackages = with nbPython3PackagesJoinmarket; [
|
runtimePackages = with nbPython3PackagesJoinmarket; [
|
||||||
|
@ -1,25 +1,23 @@
|
|||||||
#!/usr/bin/env bash
|
#!/usr/bin/env nix-shell
|
||||||
|
#!nix-shell -i bash -p git gnupg jq
|
||||||
|
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "git gnupg" "$@"
|
newVersion=$(curl -s "https://api.github.com/repos/joinmarket-org/joinmarket-clientserver/releases" | jq -r '.[0].tag_name')
|
||||||
|
|
||||||
TMPDIR="$(mktemp -d -p /tmp)"
|
# Fetch release and GPG-verify the content hash
|
||||||
trap 'rm -rf $TMPDIR' EXIT
|
tmpdir=$(mktemp -d /tmp/joinmarket-verify-gpg.XXX)
|
||||||
cd "$TMPDIR"
|
repo=$tmpdir/repo
|
||||||
|
git clone --depth 1 --branch "${newVersion}" -c advice.detachedHead=false https://github.com/joinmarket-org/joinmarket-clientserver "$repo"
|
||||||
echo "Fetching latest release"
|
export GNUPGHOME=$tmpdir
|
||||||
git clone https://github.com/joinmarket-org/joinmarket-clientserver 2> /dev/null
|
|
||||||
cd joinmarket-clientserver
|
|
||||||
latest=$(git describe --tags "$(git rev-list --tags --max-count=1)")
|
|
||||||
echo "Latest release is $latest"
|
|
||||||
|
|
||||||
# GPG verification
|
|
||||||
export GNUPGHOME=$TMPDIR
|
|
||||||
echo "Fetching Adam Gibson's key"
|
echo "Fetching Adam Gibson's key"
|
||||||
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 2B6FC204D9BF332D062B461A141001A1AF77F20B 2> /dev/null
|
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 2B6FC204D9BF332D062B461A141001A1AF77F20B 2> /dev/null
|
||||||
echo "Verifying latest release"
|
echo
|
||||||
git verify-tag "$latest"
|
echo "Verifying commit"
|
||||||
|
git -C "$repo" verify-commit HEAD
|
||||||
|
rm -rf "$repo"/.git
|
||||||
|
newHash=$(nix hash path "$repo")
|
||||||
|
rm -rf "$tmpdir"
|
||||||
|
echo
|
||||||
|
|
||||||
echo "tag: $latest"
|
echo "tag: $newVersion"
|
||||||
# The prefix option is necessary because GitHub prefixes the archive contents in this format
|
echo "hash: $newHash"
|
||||||
echo "sha256: $(nix-hash --type sha256 --flat --base32 \
|
|
||||||
<(git archive --format tar.gz --prefix=joinmarket-clientserver-"${latest//v}"/ "$latest"))"
|
|
||||||
|
12
pkgs/lnd/default.nix
Normal file
12
pkgs/lnd/default.nix
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
{ lnd, fetchpatch }:
|
||||||
|
|
||||||
|
lnd.overrideAttrs (_: {
|
||||||
|
patches = [
|
||||||
|
(fetchpatch {
|
||||||
|
# https://github.com/lightningnetwork/lnd/pull/7672
|
||||||
|
name = "fix-PKCS8-cert-key-support";
|
||||||
|
url = "https://github.com/lightningnetwork/lnd/commit/bfdd5db0d97a6d65489d980a917bbd2243dfe15c.patch";
|
||||||
|
hash = "sha256-j9EirxyNi48DGzLuHcZ36LrFlbJLXrE8L+1TYh5Yznk=";
|
||||||
|
})
|
||||||
|
];
|
||||||
|
})
|
@ -17,7 +17,6 @@ pkgs: pkgsUnstable:
|
|||||||
fulcrum
|
fulcrum
|
||||||
hwi
|
hwi
|
||||||
lightning-loop
|
lightning-loop
|
||||||
lnd
|
|
||||||
nbxplorer;
|
nbxplorer;
|
||||||
|
|
||||||
inherit pkgs pkgsUnstable;
|
inherit pkgs pkgsUnstable;
|
||||||
|
@ -2,11 +2,11 @@
|
|||||||
|
|
||||||
buildPythonPackage rec {
|
buildPythonPackage rec {
|
||||||
pname = "bencoder.pyx";
|
pname = "bencoder.pyx";
|
||||||
version = "2.0.1";
|
version = "3.0.1";
|
||||||
|
|
||||||
src = fetchurl {
|
src = fetchurl {
|
||||||
url = "https://github.com/whtsky/bencoder.pyx/archive/v${version}.tar.gz";
|
url = "https://github.com/whtsky/bencoder.pyx/archive/9a47768f3ceba9df9e6fbaa7c445f59960889009.tar.gz";
|
||||||
sha256 = "f3ff92ac706a7e4692bed5e6cbe205963327f3076f55e408eb948659923eac72";
|
sha256 = "1yh565xjbbhn49xjfms80ac8psjbzn66n8dcx0x8mn7zzjv06clz";
|
||||||
};
|
};
|
||||||
|
|
||||||
nativeBuildInputs = [ cython ];
|
nativeBuildInputs = [ cython ];
|
||||||
|
@ -22,7 +22,6 @@ rec {
|
|||||||
};
|
};
|
||||||
runes = callPackage ./runes {};
|
runes = callPackage ./runes {};
|
||||||
sha256 = callPackage ./sha256 {};
|
sha256 = callPackage ./sha256 {};
|
||||||
urldecode = callPackage ./urldecode {};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Joinmarket requires a custom package set because it uses older versions of Python pkgs
|
# Joinmarket requires a custom package set because it uses older versions of Python pkgs
|
||||||
@ -47,12 +46,10 @@ rec {
|
|||||||
# autobahn 20.12.3, required by joinmarketclient
|
# autobahn 20.12.3, required by joinmarketclient
|
||||||
autobahn = callPackage ./specific-versions/autobahn.nix {};
|
autobahn = callPackage ./specific-versions/autobahn.nix {};
|
||||||
|
|
||||||
# pyopenssl 20.0.1, required by joinmarketdaemon
|
# pyopenssl 21.0.0, required by joinmarketdaemon
|
||||||
pyopenssl = callPackage ./specific-versions/pyopenssl.nix {
|
pyopenssl = callPackage ./specific-versions/pyopenssl.nix {};
|
||||||
openssl = super.pkgs.openssl_1_1;
|
|
||||||
};
|
|
||||||
|
|
||||||
# twisted 22.4.0, compatible with pyopenssl 20.0.1
|
# twisted 22.4.0, required by joinmarketbase
|
||||||
twisted = callPackage ./specific-versions/twisted.nix {};
|
twisted = callPackage ./specific-versions/twisted.nix {};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ version, src, lib, buildPythonPackage, fetchurl, urldecode, pyaes, python-bitcointx, joinmarketbase }:
|
{ version, src, lib, buildPythonPackage, fetchurl, pyaes, python-bitcointx, joinmarketbase }:
|
||||||
|
|
||||||
buildPythonPackage rec {
|
buildPythonPackage rec {
|
||||||
pname = "joinmarketbitcoin";
|
pname = "joinmarketbitcoin";
|
||||||
@ -6,7 +6,7 @@ buildPythonPackage rec {
|
|||||||
|
|
||||||
postUnpack = "sourceRoot=$sourceRoot/jmbitcoin";
|
postUnpack = "sourceRoot=$sourceRoot/jmbitcoin";
|
||||||
|
|
||||||
propagatedBuildInputs = [ urldecode pyaes python-bitcointx ];
|
propagatedBuildInputs = [ pyaes python-bitcointx ];
|
||||||
|
|
||||||
checkInputs = [ joinmarketbase ];
|
checkInputs = [ joinmarketbase ];
|
||||||
|
|
||||||
|
@ -8,6 +8,12 @@ buildPythonPackage rec {
|
|||||||
|
|
||||||
propagatedBuildInputs = [ txtorcon cryptography pyopenssl libnacl joinmarketbase ];
|
propagatedBuildInputs = [ txtorcon cryptography pyopenssl libnacl joinmarketbase ];
|
||||||
|
|
||||||
|
# libnacl 1.8.0 is not on github
|
||||||
|
patchPhase = ''
|
||||||
|
substituteInPlace setup.py \
|
||||||
|
--replace "'libnacl==1.8.0'" "'libnacl==1.7.2'"
|
||||||
|
'';
|
||||||
|
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
description = "Client library for Bitcoin coinjoins";
|
description = "Client library for Bitcoin coinjoins";
|
||||||
homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver";
|
homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver";
|
||||||
|
@ -6,17 +6,50 @@
|
|||||||
, cryptography
|
, cryptography
|
||||||
, pyasn1
|
, pyasn1
|
||||||
, idna
|
, idna
|
||||||
, pytest
|
, pytestCheckHook
|
||||||
, pretend
|
, pretend
|
||||||
, flaky
|
, flaky
|
||||||
, glibcLocales
|
, glibcLocales
|
||||||
, six
|
, six
|
||||||
}:
|
}:
|
||||||
|
|
||||||
let
|
buildPythonPackage rec {
|
||||||
|
pname = "pyopenssl";
|
||||||
|
version = "21.0.0";
|
||||||
|
|
||||||
|
src = fetchPypi {
|
||||||
|
pname = "pyOpenSSL";
|
||||||
|
inherit version;
|
||||||
|
sha256 = "5e2d8c5e46d0d865ae933bef5230090bdaf5506281e9eec60fa250ee80600cb3";
|
||||||
|
};
|
||||||
|
|
||||||
|
outputs = [ "out" "dev" ];
|
||||||
|
|
||||||
|
# Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1
|
||||||
|
# for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
|
||||||
|
doCheck = !stdenv.isDarwin;
|
||||||
|
|
||||||
|
nativeBuildInputs = [ openssl ];
|
||||||
|
propagatedBuildInputs = [ cryptography pyasn1 idna six ];
|
||||||
|
|
||||||
|
checkInputs = [ pytestCheckHook pretend flaky glibcLocales ];
|
||||||
|
|
||||||
|
preCheck = ''
|
||||||
|
export LANG="en_US.UTF-8"
|
||||||
|
'';
|
||||||
|
|
||||||
|
disabledTests = [
|
||||||
|
# https://github.com/pyca/pyopenssl/issues/692
|
||||||
|
# These tests, we disable always.
|
||||||
|
"test_set_default_verify_paths"
|
||||||
|
"test_fallback_default_verify_paths"
|
||||||
|
# https://github.com/pyca/pyopenssl/issues/768
|
||||||
|
"test_wantWriteError"
|
||||||
|
# https://github.com/pyca/pyopenssl/issues/1043
|
||||||
|
"test_alpn_call_failure"
|
||||||
|
] ++ lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) [
|
||||||
# https://github.com/pyca/pyopenssl/issues/791
|
# https://github.com/pyca/pyopenssl/issues/791
|
||||||
# These tests, we disable in the case that libressl is passed in as openssl.
|
# These tests, we disable in the case that libressl is passed in as openssl.
|
||||||
failingLibresslTests = [
|
|
||||||
"test_op_no_compression"
|
"test_op_no_compression"
|
||||||
"test_npn_advertise_error"
|
"test_npn_advertise_error"
|
||||||
"test_npn_select_error"
|
"test_npn_select_error"
|
||||||
@ -29,64 +62,21 @@ let
|
|||||||
"test_verify_with_revoked"
|
"test_verify_with_revoked"
|
||||||
"test_set_notAfter"
|
"test_set_notAfter"
|
||||||
"test_set_notBefore"
|
"test_set_notBefore"
|
||||||
];
|
] ++ lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") [
|
||||||
|
# these tests are extremely tightly wed to the exact output of the openssl cli tool, including exact punctuation.
|
||||||
# these tests are extremely tightly wed to the exact output of the openssl cli tool,
|
|
||||||
# including exact punctuation.
|
|
||||||
failingOpenSSL_1_1Tests = [
|
|
||||||
"test_dump_certificate"
|
"test_dump_certificate"
|
||||||
"test_dump_privatekey_text"
|
"test_dump_privatekey_text"
|
||||||
"test_dump_certificate_request"
|
"test_dump_certificate_request"
|
||||||
"test_export_text"
|
"test_export_text"
|
||||||
|
] ++ lib.optionals stdenv.is32bit [
|
||||||
|
# https://github.com/pyca/pyopenssl/issues/974
|
||||||
|
"test_verify_with_time"
|
||||||
];
|
];
|
||||||
|
|
||||||
disabledTests = [
|
meta = with lib; {
|
||||||
# https://github.com/pyca/pyopenssl/issues/692
|
description = "Python wrapper around the OpenSSL library";
|
||||||
# These tests, we disable always.
|
homepage = "https://github.com/pyca/pyopenssl";
|
||||||
"test_set_default_verify_paths"
|
license = licenses.asl20;
|
||||||
"test_fallback_default_verify_paths"
|
maintainers = with maintainers; [ SuperSandro2000 ];
|
||||||
# https://github.com/pyca/pyopenssl/issues/768
|
|
||||||
"test_wantWriteError"
|
|
||||||
] ++ (
|
|
||||||
lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) failingLibresslTests
|
|
||||||
) ++ (
|
|
||||||
lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") failingOpenSSL_1_1Tests
|
|
||||||
) ++ (
|
|
||||||
# https://github.com/pyca/pyopenssl/issues/974
|
|
||||||
lib.optionals stdenv.is32bit [ "test_verify_with_time" ]
|
|
||||||
);
|
|
||||||
|
|
||||||
# Compose the final string expression, including the "-k" and the single quotes.
|
|
||||||
testExpression = lib.optionalString (disabledTests != [])
|
|
||||||
"-k 'not ${lib.concatStringsSep " and not " disabledTests}'";
|
|
||||||
|
|
||||||
in
|
|
||||||
|
|
||||||
buildPythonPackage rec {
|
|
||||||
pname = "pyopenssl";
|
|
||||||
version = "20.0.1";
|
|
||||||
|
|
||||||
src = fetchPypi {
|
|
||||||
pname = "pyOpenSSL";
|
|
||||||
inherit version;
|
|
||||||
sha256 = "4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = [ "out" "dev" ];
|
|
||||||
|
|
||||||
checkPhase = ''
|
|
||||||
runHook preCheck
|
|
||||||
export LANG="en_US.UTF-8"
|
|
||||||
py.test tests ${testExpression}
|
|
||||||
runHook postCheck
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1
|
|
||||||
# for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
|
|
||||||
doCheck = !stdenv.isDarwin;
|
|
||||||
|
|
||||||
nativeBuildInputs = [ openssl ];
|
|
||||||
propagatedBuildInputs = [ cryptography pyasn1 idna six ];
|
|
||||||
|
|
||||||
checkInputs = [ pytest pretend flaky glibcLocales ];
|
|
||||||
}
|
}
|
||||||
|
@ -1,16 +0,0 @@
|
|||||||
{ lib, buildPythonPackage, fetchPypi }:
|
|
||||||
buildPythonPackage rec {
|
|
||||||
pname = "urldecode";
|
|
||||||
version = "0.1";
|
|
||||||
|
|
||||||
src = fetchPypi {
|
|
||||||
inherit pname version;
|
|
||||||
sha256 = "0w8my7kdwxppsfzzi1b2cxhypm6r1fsrnb2hnd752axq4gfsddjj";
|
|
||||||
};
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
description = "A simple function to decode an encoded url";
|
|
||||||
homepage = "https://github.com/jennyq/urldecode";
|
|
||||||
maintainers = with maintainers; [ nixbitcoin ];
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user