greg/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nix-bitcoin/modules
History
Erik Arvstedt ec4a4dbe41
btcpayserver: fix whitelist security issue 
Whitelisting localhost implicitly whitelists all inbound onion
connections. This prevents banning misbehaving inbound onion peers
and enables message `mempool` which can cause privacy leaks.

Instead, grant `download` as the single bitcoind whitelist permission, which
should be safe for onion peers.
Remove liquidd whitelisting because it doesn't support fine-grained permissions.

After a cursory glance at the nbxplorer code I think that nbxplorer
requires none of the other default whitelist permissions (noban, mempool,
relay).
Details: https://github.com/dgarage/NBXplorer/issues/344
2021-10-21 11:40:40 +02:00
..
clightning-plugins
modules: move options to the top
2021-09-13 13:41:47 +02:00
deployment
examples: add krops deployment method
2021-03-15 18:53:07 +01:00
presets
electrs: adapt to version 0.9.0
2021-10-06 15:34:24 +02:00
secrets
secrets: fix setup-secrets in case of no secrets
2021-10-04 00:33:27 +02:00
backups.nix
backups: allow extraFiles to override default settings
2021-10-06 11:27:52 +02:00
banlist.cli.txt
banlist: update to newest version
2020-06-11 09:23:26 +00:00
bitcoind-rpc-public-whitelist.nix
electrs: adapt to version 0.9.0
2021-10-06 15:34:24 +02:00
bitcoind.nix
bitcoind: add separate p2p socket for tor connections
2021-10-21 11:40:40 +02:00
btcpayserver.nix
btcpayserver: fix whitelist security issue
2021-10-21 11:40:40 +02:00
charge-lnd.nix
services: support 0.0.0.0/:: in address options
2021-10-04 00:33:26 +02:00
clightning.nix
services: support 0.0.0.0/:: in address options
2021-10-04 00:33:26 +02:00
default.nix
charge-lnd: add module
2021-07-12 17:36:31 +02:00
electrs.nix
electrs: adapt to version 0.9.0
2021-10-06 15:34:24 +02:00
hardware-wallets.nix
electrs: adapt to version 0.9.0
2021-10-06 15:34:24 +02:00
joinmarket-ob-watcher.nix
joinmarket-ob-watcher: require nix-bitcoin.service
2021-10-06 11:27:47 +02:00
joinmarket.nix
services: support 0.0.0.0/:: in address options
2021-10-04 00:33:26 +02:00
lightning-loop.nix
services: support 0.0.0.0/:: in address options
2021-10-04 00:33:26 +02:00
lightning-pool.nix
services: support 0.0.0.0/:: in address options
2021-10-04 00:33:26 +02:00
liquid.nix
liquid: remove unused features
2021-10-04 00:33:26 +02:00
lnd-rest-onion-service.nix
services: support 0.0.0.0/:: in address options
2021-10-04 00:33:26 +02:00
lnd.nix
services: support 0.0.0.0/:: in address options
2021-10-04 00:33:26 +02:00
modules.nix
btcpayserver: minor improvements
2021-10-01 11:52:57 +02:00
netns-isolation.nix
netns: expose bridgeIp as an option
2021-10-04 00:33:26 +02:00
nix-bitcoin.nix
minor fixes
2021-10-01 11:52:56 +02:00
nodeinfo.nix
services: support 0.0.0.0/:: in address options
2021-10-04 00:33:26 +02:00
obsolete-options.nix
electrs: adapt to version 0.9.0
2021-10-06 15:34:24 +02:00
onion-addresses.nix
modules: move options to the top
2021-09-13 13:41:47 +02:00
onion-services.nix
bitcoind: add separate p2p socket for tor connections
2021-10-21 11:40:40 +02:00
operator.nix
modules: move options to the top
2021-09-13 13:41:47 +02:00
recurring-donations.nix
modules: move options to the top
2021-09-13 13:41:47 +02:00
security.nix
security: update /proc restriction mechanism
2021-08-14 10:46:41 +02:00
spark-wallet.nix
modules: use consistent service variables
2021-09-13 13:41:47 +02:00
versioning.nix
electrs: adapt to version 0.9.0
2021-10-06 15:34:24 +02:00