nix-bitcoin/modules
Erik Arvstedt ec4a4dbe41
btcpayserver: fix whitelist security issue
Whitelisting localhost implicitly whitelists all inbound onion
connections. This prevents banning misbehaving inbound onion peers
and enables message `mempool` which can cause privacy leaks.

Instead, grant `download` as the single bitcoind whitelist permission, which
should be safe for onion peers.
Remove liquidd whitelisting because it doesn't support fine-grained permissions.

After a cursory glance at the nbxplorer code I think that nbxplorer
requires none of the other default whitelist permissions (noban, mempool,
relay).
Details: https://github.com/dgarage/NBXplorer/issues/344
2021-10-21 11:40:40 +02:00
..
clightning-plugins modules: move options to the top 2021-09-13 13:41:47 +02:00
deployment examples: add krops deployment method 2021-03-15 18:53:07 +01:00
presets electrs: adapt to version 0.9.0 2021-10-06 15:34:24 +02:00
secrets secrets: fix setup-secrets in case of no secrets 2021-10-04 00:33:27 +02:00
backups.nix backups: allow extraFiles to override default settings 2021-10-06 11:27:52 +02:00
banlist.cli.txt banlist: update to newest version 2020-06-11 09:23:26 +00:00
bitcoind-rpc-public-whitelist.nix electrs: adapt to version 0.9.0 2021-10-06 15:34:24 +02:00
bitcoind.nix bitcoind: add separate p2p socket for tor connections 2021-10-21 11:40:40 +02:00
btcpayserver.nix btcpayserver: fix whitelist security issue 2021-10-21 11:40:40 +02:00
charge-lnd.nix services: support 0.0.0.0/:: in address options 2021-10-04 00:33:26 +02:00
clightning.nix services: support 0.0.0.0/:: in address options 2021-10-04 00:33:26 +02:00
default.nix charge-lnd: add module 2021-07-12 17:36:31 +02:00
electrs.nix electrs: adapt to version 0.9.0 2021-10-06 15:34:24 +02:00
hardware-wallets.nix electrs: adapt to version 0.9.0 2021-10-06 15:34:24 +02:00
joinmarket-ob-watcher.nix joinmarket-ob-watcher: require nix-bitcoin.service 2021-10-06 11:27:47 +02:00
joinmarket.nix services: support 0.0.0.0/:: in address options 2021-10-04 00:33:26 +02:00
lightning-loop.nix services: support 0.0.0.0/:: in address options 2021-10-04 00:33:26 +02:00
lightning-pool.nix services: support 0.0.0.0/:: in address options 2021-10-04 00:33:26 +02:00
liquid.nix liquid: remove unused features 2021-10-04 00:33:26 +02:00
lnd-rest-onion-service.nix services: support 0.0.0.0/:: in address options 2021-10-04 00:33:26 +02:00
lnd.nix services: support 0.0.0.0/:: in address options 2021-10-04 00:33:26 +02:00
modules.nix btcpayserver: minor improvements 2021-10-01 11:52:57 +02:00
netns-isolation.nix netns: expose bridgeIp as an option 2021-10-04 00:33:26 +02:00
nix-bitcoin.nix minor fixes 2021-10-01 11:52:56 +02:00
nodeinfo.nix services: support 0.0.0.0/:: in address options 2021-10-04 00:33:26 +02:00
obsolete-options.nix electrs: adapt to version 0.9.0 2021-10-06 15:34:24 +02:00
onion-addresses.nix modules: move options to the top 2021-09-13 13:41:47 +02:00
onion-services.nix bitcoind: add separate p2p socket for tor connections 2021-10-21 11:40:40 +02:00
operator.nix modules: move options to the top 2021-09-13 13:41:47 +02:00
recurring-donations.nix modules: move options to the top 2021-09-13 13:41:47 +02:00
security.nix security: update /proc restriction mechanism 2021-08-14 10:46:41 +02:00
spark-wallet.nix modules: use consistent service variables 2021-09-13 13:41:47 +02:00
versioning.nix electrs: adapt to version 0.9.0 2021-10-06 15:34:24 +02:00