Compare commits

..

16 Commits

Author SHA1 Message Date
Greg Shuflin
ed567d67f2 Patch electrs to avoid chmod 2023-02-05 03:00:49 -08:00
Greg Shuflin
9538c63a76 Patch to prevent chmod 2023-02-05 03:00:49 -08:00
Jonas Nick
479e21a122
Merge fort-nix/nix-bitcoin#587: Fulcrum: Fix available memory detection
86dc7e2669 fulcrum: allow access to `/proc/meminfo` (Erik Arvstedt)
c948af2e18 dev/dev-features: add `enter_service` helper (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 86dc7e2669

Tree-SHA512: 5c2b7bc5e2247a7fb45e6c805162c02d87b4c917e4a1306134d634f418534b03e3152e402d17e054c410d3d72f3f5eb3d270fcb53019b2f96ea6b27ecae53755
2023-02-03 13:21:56 +00:00
Jonas Nick
475af2d6cb
Merge fort-nix/nix-bitcoin#586: Misc. improvements
addfa8ec6b test: support `run`, `debug` commands in basic NixOS tests (Erik Arvstedt)
ae733d887e tests/clightning-replication: reuse `pkgs` instance (Erik Arvstedt)
6cbd0d93ae tests: rename `clightningReplication` -> `clightning-replication` (Erik Arvstedt)
85310b533a secrets: use type `lines` for `generateSecretsCmds` (Erik Arvstedt)
bc2f66d4f1 bitcoind, liquid: increase start/stop timeouts (Erik Arvstedt)
519ae31202 netns-isolation: improve formatting (Erik Arvstedt)
a1023696e6 netns-isolation: reserve netns id for mempool (Erik Arvstedt)
34fe8675bd add option `nix-bitcoin.pkgOverlays` (Erik Arvstedt)
a3bdecb10b helper: add start-bash-session.sh (Erik Arvstedt)
690a8f6256 nodeinfo: extract fn `mkInfoLong` (Erik Arvstedt)
2af642f56a improve comments (Erik Arvstedt)
5634f08873 rtl: make `extraConfig` recursively mergeable (Erik Arvstedt)
b76728a1ec treewide: use bool literals for systemd (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK addfa8ec6b

Tree-SHA512: 46f779f8477b566ffc6d0dfb024f2098757f509b2b3e0cbb509cf3308de7029e913f6e6c3d6d3d226cc72f8a5031fd5586b2efdf7c2d9d15f4bdd7ed08b27425
2023-02-03 13:11:41 +00:00
Erik Arvstedt
addfa8ec6b
test: support run, debug commands in basic NixOS tests
Currently, this only affects the basic NixOS test `clightning-replication`.
2023-02-02 10:51:41 +01:00
Erik Arvstedt
ae733d887e
tests/clightning-replication: reuse pkgs instance
This reduces eval time by 30%.
2023-02-02 10:51:41 +01:00
Erik Arvstedt
6cbd0d93ae
tests: rename clightningReplication -> clightning-replication
The test name now matches the file name.
2023-02-02 10:51:41 +01:00
Erik Arvstedt
85310b533a
secrets: use type lines for generateSecretsCmds
This allows users to amend secrets cmds.
2023-02-02 10:51:41 +01:00
Erik Arvstedt
bc2f66d4f1
bitcoind, liquid: increase start/stop timeouts 2023-02-02 10:51:41 +01:00
Erik Arvstedt
519ae31202
netns-isolation: improve formatting 2023-02-02 10:51:41 +01:00
Jonas Nick
397d2bab9b
Merge fort-nix/nix-bitcoin#589: rtl: 0.13.2 -> 0.13.4
6291d4fbea rtl: 0.13.2 -> 0.13.4 (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 6291d4fbea

Tree-SHA512: bc52cbdb12f311446eb79960c6500261c97ff5d12baaf1248056a1eb3507c64cb788db2ee25d05bf0bec6d4f78a544fdd037cf34fd3b56adcc6b0fe556e1158b
2023-01-28 22:42:48 +00:00
Jonas Nick
0e4af28df0
Merge fort-nix/nix-bitcoin#588: update nixpkgs
56c2abd91a update nixpkgs (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 56c2abd91a

Tree-SHA512: b2acbd4e944007448b821c4a02f2f8e925d006b3e92011497019db9fe247d6a130cf875203c2c2830a83042f87d1916163d2b1604077812edc7d11b073047a7f
2023-01-28 10:55:04 +00:00
Erik Arvstedt
6291d4fbea
rtl: 0.13.2 -> 0.13.4 2023-01-26 23:08:05 +01:00
Erik Arvstedt
56c2abd91a
update nixpkgs
btcpayserver: 1.7.2 -> 1.7.3
electrs: 0.9.10 -> 0.9.11
hwi: 2.1.1 -> 2.2.0
2023-01-25 23:57:29 +01:00
Erik Arvstedt
86dc7e2669
fulcrum: allow access to /proc/meminfo
This still hides the proc subdirectories for other processes.

Without this setting, fulcrum fails when the config value of
`fast-sync` is greater than 2^31 bytes.
2023-01-21 13:28:32 +01:00
Erik Arvstedt
c948af2e18
dev/dev-features: add enter_service helper 2023-01-21 13:20:49 +01:00
18 changed files with 70 additions and 47 deletions

View File

@ -53,6 +53,15 @@ ls -al /var/lib/nixos-containers/nb-test
# The container root filesystem on NixOS systems with stateVersion < 22.05
ls -al /var/lib/containers/nb-test
# Start a shell in the context of a service process.
# Must be run inside the container (enter with cmd `c`).
enter_service() {
local name=$1
nsenter --all -t "$(systemctl show -p MainPID --value "$name")" \
--setuid "$(id -u "$name")" --setgid "$(id -g "$name")" bash
}
enter_service clightning
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
# bitcoind
run-tests.sh -s bitcoind container

View File

@ -37,6 +37,9 @@ PATH=/tmp/nix-bitcoin-dev/nodejs/bin:"$PATH"
# Install
npm ci --omit=dev --omit=optional --no-update-notifier --ignore-scripts
# If the above fails, try: (details: https://github.com/Ride-The-Lightning/RTL/issues/1182)
npm ci --omit=dev --omit=optional --no-update-notifier --ignore-scripts --legacy-peer-deps
# Run
node rtl --help

View File

@ -40,11 +40,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1672844754,
"narHash": "sha256-o26WabuHABQsaHxxmIrR3AQRqDFUEdLckLXkVCpIjSU=",
"lastModified": 1674407282,
"narHash": "sha256-2qwc8mrPINSFdWffPK+ji6nQ9aGnnZyHSItVcYDZDlk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e9ade2c8240e00a4784fac282a502efff2786bdc",
"rev": "ab1254087f4cdf4af74b552d7fc95175d9bdbb49",
"type": "github"
},
"original": {
@ -56,11 +56,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1672756850,
"narHash": "sha256-Smbq3+fitwA13qsTMeaaurv09/KVbZfW7m7lINwzDGA=",
"lastModified": 1674487464,
"narHash": "sha256-Jgq50e4S4JVCYpWLqrabBzDp/1mfaxHCh8/OOorHTy0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "298add347c2bbce14020fcb54051f517c391196b",
"rev": "3954218cf613eba8e0dcefa9abe337d26bc48fd0",
"type": "github"
},
"original": {

View File

@ -367,9 +367,10 @@ in {
proto.sam.enable = true;
};
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
];
# Commented out to avoid trying to chown the nfs-mounted directory
# systemd.tmpfiles.rules = [
# "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
# ];
systemd.services.bitcoind = {
# Use `wants` instead of `requires` so that bitcoind and all dependent services
@ -412,17 +413,17 @@ in {
'';
# Enable RPC access for group
postStart = ''
chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
'';
# postStart = ''
# chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
# '';
serviceConfig = nbLib.defaultHardening // {
Type = "notify";
NotifyAccess = "all";
User = cfg.user;
Group = cfg.group;
TimeoutStartSec = "10min";
TimeoutStopSec = "10min";
TimeoutStartSec = "30min";
TimeoutStopSec = "30min";
ExecStart = "${cfg.package}/bin/bitcoind -datadir='${cfg.dataDir}'";
Restart = "on-failure";
UMask = mkIf cfg.dataDirReadableByGroup "0027";

View File

@ -61,9 +61,10 @@ in {
listenWhitelisted = true;
};
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
];
# Commented out to allow nfs mounts
# systemd.tmpfiles.rules = [
# "d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
# ];
systemd.services.electrs = {
wantedBy = [ "multi-user.target" ];

View File

@ -126,6 +126,7 @@ in {
Restart = "on-failure";
RestartSec = "10s";
ReadWritePaths = cfg.dataDir;
ProcSubset = "all"; # Fulcrum requires read access to /proc/meminfo
} // nbLib.allowedIPAddresses cfg.tor.enforce;
};

View File

@ -270,8 +270,8 @@ in {
NotifyAccess = "all";
User = cfg.user;
Group = cfg.group;
TimeoutStartSec = "10min";
TimeoutStopSec = "10min";
TimeoutStartSec = "2h";
TimeoutStopSec = "2h";
ExecStart = "${nbPkgs.elementsd}/bin/elementsd -datadir='${cfg.dataDir}'";
Restart = "on-failure";
ReadWritePaths = [ cfg.dataDir ];

View File

@ -215,9 +215,11 @@ in {
};
};
in foldl (services: n:
services // (makeNetnsServices n netns.${n})
) {} (builtins.attrNames netns));
in
foldl (services: n:
services // (makeNetnsServices n netns.${n})
) {} (builtins.attrNames netns)
);
}
# Service-specific config

View File

@ -28,7 +28,7 @@ let
};
generateSecretsCmds = mkOption {
type = types.attrsOf types.str;
type = types.attrsOf types.lines;
default = {};
description = mdDoc ''
Bash expressions for generating secrets.

View File

@ -4,20 +4,20 @@ pkgs: pkgsUnstable:
inherit (pkgs)
bitcoin
bitcoind
btcpayserver
electrs
elementsd
extra-container
hwi
lightning-loop
lightning-pool
lndconnect
nbxplorer;
inherit (pkgsUnstable)
btcpayserver
charge-lnd
clightning
electrs
fulcrum
hwi
lnd;
inherit pkgs pkgsUnstable;

View File

@ -10,11 +10,11 @@
}:
let self = stdenvNoCC.mkDerivation {
pname = "rtl";
version = "0.13.2";
version = "0.13.4";
src = fetchurl {
url = "https://github.com/Ride-The-Lightning/RTL/archive/refs/tags/v${self.version}.tar.gz";
hash = "sha256-7VrLxmE+xPCipx7UOG1mja2pSBrj+swk55afcvBQeDU=";
hash = "sha256-WVldNnmCB7Gi/U3dUDTYF58i480eXkstRnEg+1QCeMM=";
};
passthru = {
@ -23,7 +23,10 @@ let self = stdenvNoCC.mkDerivation {
nodeModules = fetchNodeModules {
inherit (self) src nodejs;
hash = "sha256-ohS6gVX0M1Ir1QE9SjibbCrBpkXYIv5jV1Bkv0czRw4=";
# TODO-EXTERNAL: Remove `npmFlags` when no longer required
# See: https://github.com/Ride-The-Lightning/RTL/issues/1182
npmFlags = "--legacy-peer-deps";
hash = "sha256-AG7930RGLxbPp1ErTGuYvUvPur9ppEmg91Taz7Ube6w=";
};
};

View File

@ -2,7 +2,7 @@
set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "gnupg wget gnused" "$@"
version="0.13.2"
version="0.13.4"
repo=https://github.com/Ride-The-Lightning/RTL
scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)

View File

@ -1,4 +1,4 @@
# You can run this test via `run-tests.sh -s clightningReplication`
# You can run this test via `run-tests.sh -s clightning-replication`
makeTestVM: pkgs:
with pkgs.lib;
@ -14,6 +14,8 @@ let
clientBaseConfig = {
imports = [ ../modules/modules.nix ];
nixpkgs.pkgs = pkgs;
nix-bitcoin.generateSecrets = true;
services.clightning = {
@ -54,7 +56,9 @@ makeTestVM {
services.clightning.replication.encrypt = true;
};
server = { ... }: {
server = {
nixpkgs.pkgs = pkgs;
environment.etc."ssh-host-key" = {
source = keys.server;
mode = "400";

View File

@ -27,4 +27,9 @@ let
inherit (test) meta passthru;
} // test;
in
runTest
runTest // {
# A VM runner for interactive use
run = pkgs.writers.writeBashBin "run-vm" ''
. ${./run-vm.sh} ${runTest.driver} "$@"
'';
}

View File

@ -52,11 +52,6 @@ let
];
};
# A VM runner for interactive use
run = pkgs.writers.writeBashBin "run-vm" ''
. ${./run-vm.sh} ${test.driver} "$@"
'';
mkContainer = legacyInstallDirs:
extra-container.lib.buildContainers {
inherit system legacyInstallDirs;
@ -139,7 +134,6 @@ let
in
test // {
inherit
run
vm
container
# For NixOS with `system.stateVersion` <22.05

View File

@ -18,11 +18,11 @@
"nixos-org-configurations": {
"flake": false,
"locked": {
"lastModified": 1669836977,
"narHash": "sha256-21+3DkUXbWmIhXnQmJ9Tp/+QnyQnSiWuW8UDjjvPX2w=",
"lastModified": 1674564797,
"narHash": "sha256-MgGsFleE8Wzhu8XX3ulcBojkHzFLkII+D9sxkTHg7OU=",
"owner": "NixOS",
"repo": "nixos-org-configurations",
"rev": "241f12bc9218ee081dc12b6c1b4a10e5e78ffeb3",
"rev": "3ce43a1fb5181a0e33b1f67d36fa0f3affa6bc6c",
"type": "github"
},
"original": {
@ -39,11 +39,11 @@
"npmlock2nix": "npmlock2nix"
},
"locked": {
"lastModified": 1673019806,
"narHash": "sha256-iZousPg/4eDv2c9MTRo9RP8jjjp7luP7JYWU71MXCds=",
"lastModified": 1674593115,
"narHash": "sha256-P4bjLR/8tJ/jVBBeHDzNS2BgVUdB6vS7Udfh30kULJs=",
"owner": "nixos",
"repo": "nixos-search",
"rev": "1d9fac3a575623c79c1f56c771360b049888447b",
"rev": "be9a717b8032c7410337139f9dcfd6227b7407a4",
"type": "github"
},
"original": {

View File

@ -272,7 +272,7 @@ buildable=(
full
regtest
hardened
clightningReplication
clightning-replication
lndPruned
)
buildable() { buildTests buildable "$@"; }

View File

@ -404,7 +404,7 @@ in {
) scenarios;
in
{
clightningReplication = import ./clightning-replication.nix makeTestVM pkgs;
clightning-replication = import ./clightning-replication.nix makeTestVM pkgs;
} // mainTests;
tests = makeTests scenarios;