Merge #171: Hardening DAC
b8e10afe18
recurring-donations: Run under recurring-donations user (nixbitcoin)5d01ea7101
nodeinfo: Convert to module and allow alternative operator username (nixbitcoin)95d230d1d6
Remove bitcoinrpc group remnants (nixbitcoin)563b210835
spark-wallet: Run under spark-wallet user (nixbitcoin)205fca3576
bitcoind: only make blocksdir group-readable when dataDirReadableByGroup (nixbitcoin)81a04a4ef1
lightning-charge: add dedicated user (nixbitcoin)e67a818297
lightning-charge: 0.4.14 -> 0.4.19 (nixbitcoin)0ba55757f8
clightning: allow group access to RPC socket (nixbitcoin)304dd297ba
clightning: remove config group read access (nixbitcoin)04c6936ce9
clightning: Remove clightning "bitcoinrpc" membership (nixbitcoin)393ab0fb3c
electrs: Remove electrs user from "bitcoinrpc" and "bitcoin" sometimes (nixbitcoin)7cfae66db4
electrs: Drop insecure TLS ciphers (nixbitcoin)4c139a6d77
electrs: Make TLSProxy truly optional (nixbitcoin) Pull request description: ACKs for top commit: jonasnick: ACKb8e10afe18
Tree-SHA512: d3828961b42b8730818b6f55bd9cb19a9c1a1fcecc426da903ba1304251bb4b3b38ff0e4d7b29945ae1bf3c7a42719431b8c91b74b01aeb8d3671026c3d6df75
This commit is contained in:
commit
0ac1e496b2
|
@ -268,7 +268,7 @@ in {
|
|||
mkdir -m 0770 -p '${cfg.dataDir}/blocks'
|
||||
fi
|
||||
chown -R '${cfg.user}:${cfg.group}' '${cfg.dataDir}'
|
||||
chmod -R g+rX '${cfg.dataDir}/blocks'
|
||||
${optionalString cfg.dataDirReadableByGroup "chmod -R g+rX '${cfg.dataDir}/blocks'"}
|
||||
|
||||
cfg=$(cat ${configFile}; printf "rpcpassword="; cat "${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword")
|
||||
confFile='${cfg.dataDir}/bitcoin.conf'
|
||||
|
@ -332,11 +332,9 @@ in {
|
|||
description = "Bitcoin daemon user";
|
||||
};
|
||||
users.groups.${cfg.group} = {};
|
||||
users.groups.bitcoinrpc = {};
|
||||
|
||||
nix-bitcoin.secrets.bitcoin-rpcpassword = {
|
||||
user = "bitcoin";
|
||||
group = "bitcoinrpc";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -13,6 +13,7 @@ let
|
|||
always-use-proxy=${if cfg.always-use-proxy then "true" else "false"}
|
||||
${optionalString (cfg.bind-addr != null) "bind-addr=${cfg.bind-addr}"}
|
||||
bitcoin-rpcuser=${cfg.bitcoin-rpcuser}
|
||||
rpc-file-mode=0660
|
||||
'';
|
||||
in {
|
||||
options.services.clightning = {
|
||||
|
@ -61,10 +62,8 @@ in {
|
|||
cli = mkOption {
|
||||
readOnly = true;
|
||||
default = pkgs.writeScriptBin "lightning-cli"
|
||||
# Switch user because c-lightning doesn't allow setting the permissions of the rpc socket
|
||||
# https://github.com/ElementsProject/lightning/issues/1366
|
||||
''
|
||||
exec sudo -u clightning ${pkgs.nix-bitcoin.clightning}/bin/lightning-cli --lightning-dir='${cfg.dataDir}' "$@"
|
||||
${pkgs.nix-bitcoin.clightning}/bin/lightning-cli --lightning-dir='${cfg.dataDir}' "$@"
|
||||
'';
|
||||
description = "Binary to connect with the clightning instance.";
|
||||
};
|
||||
|
@ -76,7 +75,6 @@ in {
|
|||
users.users.clightning = {
|
||||
description = "clightning User";
|
||||
group = "clightning";
|
||||
extraGroups = [ "bitcoinrpc" ];
|
||||
};
|
||||
users.groups.clightning = {};
|
||||
|
||||
|
@ -90,10 +88,9 @@ in {
|
|||
mkdir -m 0770 -p ${cfg.dataDir}
|
||||
cp ${configFile} ${cfg.dataDir}/config
|
||||
chown -R 'clightning:clightning' '${cfg.dataDir}'
|
||||
# give group read access to allow using lightning-cli
|
||||
chmod u=rw,g=r,o= ${cfg.dataDir}/config
|
||||
# The RPC socket has to be removed otherwise we might have stale sockets
|
||||
rm -f ${cfg.dataDir}/bitcoin/lightning-rpc
|
||||
chmod 600 ${cfg.dataDir}/config
|
||||
echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword)" >> '${cfg.dataDir}/config'
|
||||
'';
|
||||
serviceConfig = {
|
||||
|
@ -112,6 +109,8 @@ in {
|
|||
while [[ ! -e ${cfg.dataDir}/bitcoin/lightning-rpc ]]; do
|
||||
sleep 0.1
|
||||
done
|
||||
# Needed to enable lightning-cli for users with group 'clightning'
|
||||
chmod g+x ${cfg.dataDir}/bitcoin
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -106,7 +106,7 @@ in {
|
|||
users.users.${cfg.user} = {
|
||||
description = "electrs User";
|
||||
group = cfg.group;
|
||||
extraGroups = [ "bitcoinrpc" "bitcoin"];
|
||||
extraGroups = optionals cfg.high-memory [ "bitcoin" ];
|
||||
};
|
||||
users.groups.${cfg.group} = {};
|
||||
}
|
||||
|
@ -136,7 +136,7 @@ in {
|
|||
ssl_certificate_key ${secretsDir}/nginx-key;
|
||||
ssl_session_cache shared:SSL:1m;
|
||||
ssl_session_timeout 4h;
|
||||
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_prefer_server_ciphers on;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -5,6 +5,8 @@ with lib;
|
|||
let
|
||||
cfg = config.services.lightning-charge;
|
||||
inherit (config) nix-bitcoin-services;
|
||||
user = config.users.users.lightning-charge.name;
|
||||
group = config.users.users.lightning-charge.group;
|
||||
in {
|
||||
options.services.lightning-charge = {
|
||||
enable = mkOption {
|
||||
|
@ -14,35 +16,51 @@ in {
|
|||
If enabled, the lightning-charge service will be installed.
|
||||
'';
|
||||
};
|
||||
clightning-datadir = mkOption {
|
||||
type = types.str;
|
||||
default = "/var/lib/clighting/";
|
||||
description = ''
|
||||
Data directory of the clightning service
|
||||
'';
|
||||
dataDir = mkOption {
|
||||
type = types.path;
|
||||
default = "/var/lib/lightning-charge";
|
||||
description = "The data directory for lightning-charge.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.users.lightning-charge = {
|
||||
description = "lightning-charge User";
|
||||
group = "lightning-charge";
|
||||
extraGroups = [ "clightning" ];
|
||||
};
|
||||
users.groups.lightning-charge = {};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.dataDir}' 0700 ${user} ${group} - -"
|
||||
];
|
||||
|
||||
environment.systemPackages = [ pkgs.nix-bitcoin.lightning-charge ];
|
||||
systemd.services.lightning-charge = {
|
||||
description = "Run lightning-charge";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "clightning.service" ];
|
||||
after = [ "clightning.service" ];
|
||||
preStart = ''
|
||||
# Move existing lightning-charge.db
|
||||
# TODO: Remove eventually
|
||||
if [[ -e ${config.services.clightning.dataDir}/lightning-charge.db ]]; then
|
||||
mv ${config.services.clightning.dataDir}/lightning-charge.db ${cfg.dataDir}/lightning-charge.db
|
||||
chown ${user}: ${cfg.dataDir}/lightning-charge.db
|
||||
chmod 600 ${cfg.dataDir}/lightning-charge.db
|
||||
fi
|
||||
'';
|
||||
serviceConfig = {
|
||||
PermissionsStartOnly = "true";
|
||||
EnvironmentFile = "${config.nix-bitcoin.secretsDir}/lightning-charge-env";
|
||||
ExecStart = "${pkgs.nix-bitcoin.lightning-charge}/bin/charged -l ${config.services.clightning.dataDir}/bitcoin -d ${config.services.clightning.dataDir}/lightning-charge.db";
|
||||
# Unfortunately c-lightning doesn't allow setting the permissions of the rpc socket,
|
||||
# so this must run as the clightning user
|
||||
# https://github.com/ElementsProject/lightning/issues/1366
|
||||
User = "clightning";
|
||||
ExecStart = "${pkgs.nix-bitcoin.lightning-charge}/bin/charged -l ${config.services.clightning.dataDir}/bitcoin -d ${cfg.dataDir}/lightning-charge.db";
|
||||
User = user;
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
} // nix-bitcoin-services.defaultHardening
|
||||
// nix-bitcoin-services.nodejs
|
||||
// nix-bitcoin-services.allowTor;
|
||||
};
|
||||
nix-bitcoin.secrets.lightning-charge-env.user = "clightning";
|
||||
nix-bitcoin.secrets.lightning-charge-env.user = user;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -155,7 +155,6 @@ in {
|
|||
users.users.lnd = {
|
||||
description = "LND User";
|
||||
group = "lnd";
|
||||
extraGroups = [ "bitcoinrpc" ];
|
||||
home = cfg.dataDir; # lnd creates .lnd dir in HOME
|
||||
};
|
||||
users.groups.lnd = {};
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
./clightning.nix
|
||||
./lightning-charge.nix
|
||||
./nanopos.nix
|
||||
./nix-bitcoin-webindex.nix
|
||||
./liquid.nix
|
||||
./spark-wallet.nix
|
||||
./electrs.nix
|
||||
|
|
|
@ -75,7 +75,7 @@ in {
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "nodeinfo.service" ];
|
||||
path = with pkgs; [
|
||||
nix-bitcoin.nodeinfo
|
||||
config.programs.nodeinfo
|
||||
config.services.clightning.cli
|
||||
config.services.lnd.cli
|
||||
jq
|
||||
|
|
68
modules/nodeinfo.nix
Normal file
68
modules/nodeinfo.nix
Normal file
|
@ -0,0 +1,68 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
operatorName = config.nix-bitcoin.operatorName;
|
||||
script = pkgs.writeScriptBin "nodeinfo" ''
|
||||
set -eo pipefail
|
||||
|
||||
BITCOIND_ONION="$(cat /var/lib/onion-chef/${operatorName}/bitcoind)"
|
||||
echo BITCOIND_ONION="$BITCOIND_ONION"
|
||||
|
||||
if systemctl is-active --quiet clightning; then
|
||||
CLIGHTNING_NODEID=$(lightning-cli getinfo | jq -r '.id')
|
||||
CLIGHTNING_ONION="$(cat /var/lib/onion-chef/${operatorName}/clightning)"
|
||||
CLIGHTNING_ID="$CLIGHTNING_NODEID@$CLIGHTNING_ONION:9735"
|
||||
echo CLIGHTNING_NODEID="$CLIGHTNING_NODEID"
|
||||
echo CLIGHTNING_ONION="$CLIGHTNING_ONION"
|
||||
echo CLIGHTNING_ID="$CLIGHTNING_ID"
|
||||
fi
|
||||
|
||||
if systemctl is-active --quiet lnd; then
|
||||
LND_NODEID=$(lncli getinfo | jq -r '.uris[0]')
|
||||
echo LND_NODEID="$LND_NODEID"
|
||||
fi
|
||||
|
||||
NGINX_ONION_FILE=/var/lib/onion-chef/${operatorName}/nginx
|
||||
if [ -e "$NGINX_ONION_FILE" ]; then
|
||||
NGINX_ONION="$(cat $NGINX_ONION_FILE)"
|
||||
echo NGINX_ONION="$NGINX_ONION"
|
||||
fi
|
||||
|
||||
LIQUIDD_ONION_FILE=/var/lib/onion-chef/${operatorName}/liquidd
|
||||
if [ -e "$LIQUIDD_ONION_FILE" ]; then
|
||||
LIQUIDD_ONION="$(cat $LIQUIDD_ONION_FILE)"
|
||||
echo LIQUIDD_ONION="$LIQUIDD_ONION"
|
||||
fi
|
||||
|
||||
SPARKWALLET_ONION_FILE=/var/lib/onion-chef/${operatorName}/spark-wallet
|
||||
if [ -e "$SPARKWALLET_ONION_FILE" ]; then
|
||||
SPARKWALLET_ONION="$(cat $SPARKWALLET_ONION_FILE)"
|
||||
echo SPARKWALLET_ONION="http://$SPARKWALLET_ONION"
|
||||
fi
|
||||
|
||||
ELECTRS_ONION_FILE=/var/lib/onion-chef/${operatorName}/electrs
|
||||
if [ -e "$ELECTRS_ONION_FILE" ]; then
|
||||
ELECTRS_ONION="$(cat $ELECTRS_ONION_FILE)"
|
||||
echo ELECTRS_ONION="$ELECTRS_ONION"
|
||||
fi
|
||||
|
||||
SSHD_ONION_FILE=/var/lib/onion-chef/${operatorName}/sshd
|
||||
if [ -e "$SSHD_ONION_FILE" ]; then
|
||||
SSHD_ONION="$(cat $SSHD_ONION_FILE)"
|
||||
echo SSHD_ONION="$SSHD_ONION"
|
||||
fi
|
||||
'';
|
||||
in {
|
||||
options = {
|
||||
programs.nodeinfo = mkOption {
|
||||
readOnly = true;
|
||||
default = script;
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
environment.systemPackages = [ script ];
|
||||
};
|
||||
}
|
|
@ -5,12 +5,18 @@ with lib;
|
|||
let
|
||||
cfg = config.services;
|
||||
|
||||
operatorName = config.nix-bitcoin.operatorName;
|
||||
|
||||
mkHiddenService = map: {
|
||||
map = [ map ];
|
||||
version = 3;
|
||||
};
|
||||
in {
|
||||
imports = [ ../modules.nix ];
|
||||
imports = [
|
||||
../modules.nix
|
||||
../nodeinfo.nix
|
||||
../nix-bitcoin-webindex.nix
|
||||
];
|
||||
|
||||
options = {
|
||||
services.clightning.onionport = mkOption {
|
||||
|
@ -18,12 +24,16 @@ in {
|
|||
default = 9735;
|
||||
description = "Port on which to listen for tor client connections.";
|
||||
};
|
||||
|
||||
services.electrs.onionport = mkOption {
|
||||
type = types.ints.u16;
|
||||
default = 50002;
|
||||
description = "Port on which to listen for tor client connections.";
|
||||
};
|
||||
nix-bitcoin.operatorName = mkOption {
|
||||
type = types.str;
|
||||
default = "operator";
|
||||
description = "Less-privileged user's name.";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
|
@ -99,7 +109,7 @@ in {
|
|||
};
|
||||
services.tor.hiddenServices.electrs = mkHiddenService {
|
||||
port = cfg.electrs.onionport;
|
||||
toPort = cfg.electrs.TLSProxy.port;
|
||||
toPort = if cfg.electrs.TLSProxy.enable then cfg.electrs.TLSProxy.port else cfg.electrs.port;
|
||||
};
|
||||
|
||||
services.spark-wallet.onion-service = true;
|
||||
|
@ -111,11 +121,10 @@ in {
|
|||
tor
|
||||
jq
|
||||
qrencode
|
||||
nix-bitcoin.nodeinfo
|
||||
];
|
||||
|
||||
# Create user 'operator' which can access the node's services
|
||||
users.users.operator = {
|
||||
# Create operator user which can access the node's services
|
||||
users.users.${operatorName} = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"systemd-journal"
|
||||
|
@ -130,23 +139,18 @@ in {
|
|||
};
|
||||
# Give operator access to onion hostnames
|
||||
services.onion-chef.enable = true;
|
||||
services.onion-chef.access.operator = [ "bitcoind" "clightning" "nginx" "liquidd" "spark-wallet" "electrs" "sshd" ];
|
||||
services.onion-chef.access.${operatorName} = [ "bitcoind" "clightning" "nginx" "liquidd" "spark-wallet" "electrs" "sshd" ];
|
||||
|
||||
# Unfortunately c-lightning doesn't allow setting the permissions of the rpc socket
|
||||
# https://github.com/ElementsProject/lightning/issues/1366
|
||||
security.sudo.configFile =
|
||||
(optionalString cfg.clightning.enable ''
|
||||
operator ALL=(clightning) NOPASSWD: ALL
|
||||
'') +
|
||||
(optionalString cfg.lnd.enable ''
|
||||
operator ALL=(lnd) NOPASSWD: ALL
|
||||
${operatorName} ALL=(lnd) NOPASSWD: ALL
|
||||
'');
|
||||
|
||||
# Enable nixops ssh for operator (`nixops ssh operator@mynode`) on nixops-vbox deployments
|
||||
systemd.services.get-vbox-nixops-client-key =
|
||||
mkIf (builtins.elem ".vbox-nixops-client-key" config.services.openssh.authorizedKeysFiles) {
|
||||
postStart = ''
|
||||
cp "${config.users.users.root.home}/.vbox-nixops-client-key" "${config.users.users.operator.home}"
|
||||
cp "${config.users.users.root.home}/.vbox-nixops-client-key" "${config.users.users.${operatorName}.home}"
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -78,6 +78,13 @@ in {
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
users.users.recurring-donations = {
|
||||
description = "recurring-donations User";
|
||||
group = "recurring-donations";
|
||||
extraGroups = [ "clightning" ];
|
||||
};
|
||||
users.groups.recurring-donations = {};
|
||||
|
||||
systemd.services.recurring-donations = {
|
||||
description = "Run recurring-donations";
|
||||
requires = [ "clightning.service" ];
|
||||
|
@ -85,9 +92,7 @@ in {
|
|||
path = with pkgs; [ nix-bitcoin.clightning curl torsocks sudo jq ];
|
||||
serviceConfig = {
|
||||
ExecStart = "${pkgs.bash}/bin/bash ${recurring-donations-script}";
|
||||
# TODO: would be better if this was operator, but I don't get sudo
|
||||
# working inside the shell script
|
||||
User = "clightning";
|
||||
User = "recurring-donations";
|
||||
Type = "oneshot";
|
||||
} // nix-bitcoin-services.defaultHardening
|
||||
// nix-bitcoin-services.allowTor;
|
||||
|
|
|
@ -12,7 +12,7 @@ let
|
|||
${optionalString cfg.onion-service
|
||||
''
|
||||
echo Getting onion hostname
|
||||
CMD="$CMD --public-url http://$(cat /var/lib/onion-chef/clightning/spark-wallet)"
|
||||
CMD="$CMD --public-url http://$(cat /var/lib/onion-chef/spark-wallet/spark-wallet)"
|
||||
''
|
||||
}
|
||||
# Use rate provide wasabi because default (bitstamp) doesn't accept
|
||||
|
@ -48,6 +48,13 @@ in {
|
|||
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.nix-bitcoin.spark-wallet ];
|
||||
users.users.spark-wallet = {
|
||||
description = "spark-wallet User";
|
||||
group = "spark-wallet";
|
||||
extraGroups = [ "clightning" ];
|
||||
};
|
||||
users.groups.spark-wallet = {};
|
||||
|
||||
services.tor.enable = cfg.onion-service;
|
||||
# requires client functionality for Bitcoin rate lookup
|
||||
services.tor.client.enable = true;
|
||||
|
@ -58,7 +65,7 @@ in {
|
|||
version = 3;
|
||||
};
|
||||
services.onion-chef.enable = cfg.onion-service;
|
||||
services.onion-chef.access.clightning = if cfg.onion-service then [ "spark-wallet" ] else [];
|
||||
services.onion-chef.access.spark-wallet = if cfg.onion-service then [ "spark-wallet" ] else [];
|
||||
systemd.services.spark-wallet = {
|
||||
description = "Run spark-wallet";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -67,13 +74,13 @@ in {
|
|||
serviceConfig = {
|
||||
PermissionsStartOnly = "true";
|
||||
ExecStart = "${pkgs.bash}/bin/bash ${run-spark-wallet}";
|
||||
User = "clightning";
|
||||
User = "spark-wallet";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
} // nix-bitcoin-services.defaultHardening
|
||||
// nix-bitcoin-services.nodejs
|
||||
// nix-bitcoin-services.allowTor;
|
||||
};
|
||||
nix-bitcoin.secrets.spark-wallet-login.user = "clightning";
|
||||
nix-bitcoin.secrets.spark-wallet-login.user = "spark-wallet";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
{ pkgs ? import <nixpkgs> {} }:
|
||||
{
|
||||
nodeinfo = pkgs.callPackage ./nodeinfo { };
|
||||
lightning-charge = pkgs.callPackage ./lightning-charge { };
|
||||
nanopos = pkgs.callPackage ./nanopos { };
|
||||
spark-wallet = pkgs.callPackage ./spark-wallet { };
|
||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -1,3 +1,3 @@
|
|||
[
|
||||
{ "lightning-charge": "^0.4.14" }
|
||||
{ "lightning-charge": "^0.4.19" }
|
||||
]
|
||||
|
|
|
@ -58,13 +58,13 @@ let
|
|||
sha512 = "iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==";
|
||||
};
|
||||
};
|
||||
"chownr-1.1.3" = {
|
||||
"chownr-1.1.4" = {
|
||||
name = "chownr";
|
||||
packageName = "chownr";
|
||||
version = "1.1.3";
|
||||
version = "1.1.4";
|
||||
src = fetchurl {
|
||||
url = "https://registry.npmjs.org/chownr/-/chownr-1.1.3.tgz";
|
||||
sha512 = "i70fVHhmV3DtTl6nqvZOnIjbY0Pe4kAUjwHj8z0zAdgBtYrJyYwLKCCuRBQ5ppkyL0AkN7HKRnETdmdp1zqNXw==";
|
||||
url = "https://registry.npmjs.org/chownr/-/chownr-1.1.4.tgz";
|
||||
sha512 = "jJ0bqzaylmJtVnNgzTeSOs8DPavpbYgEr/b0YL8/2GO3xJEhInFmhKMUnEJQjZumK7KXGFhUy89PrsJWlakBVg==";
|
||||
};
|
||||
};
|
||||
"code-point-at-1.1.0" = {
|
||||
|
@ -256,22 +256,13 @@ let
|
|||
sha512 = "yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==";
|
||||
};
|
||||
};
|
||||
"minimist-0.0.8" = {
|
||||
"minimist-1.2.5" = {
|
||||
name = "minimist";
|
||||
packageName = "minimist";
|
||||
version = "0.0.8";
|
||||
version = "1.2.5";
|
||||
src = fetchurl {
|
||||
url = "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz";
|
||||
sha1 = "857fcabfc3397d2625b8228262e86aa7a011b05d";
|
||||
};
|
||||
};
|
||||
"minimist-1.2.0" = {
|
||||
name = "minimist";
|
||||
packageName = "minimist";
|
||||
version = "1.2.0";
|
||||
src = fetchurl {
|
||||
url = "https://registry.npmjs.org/minimist/-/minimist-1.2.0.tgz";
|
||||
sha1 = "a35008b20f41383eec1fb914f4cd5df79a264284";
|
||||
url = "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz";
|
||||
sha512 = "FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==";
|
||||
};
|
||||
};
|
||||
"minipass-2.9.0" = {
|
||||
|
@ -292,13 +283,13 @@ let
|
|||
sha512 = "6ZYMOEnmVsdCeTJVE0W9ZD+pVnE8h9Hma/iOwwRDsdQoePpoX56/8B6z3P9VNwppJuBKNRuFDRNRqRWexT9G9Q==";
|
||||
};
|
||||
};
|
||||
"mkdirp-0.5.1" = {
|
||||
"mkdirp-0.5.5" = {
|
||||
name = "mkdirp";
|
||||
packageName = "mkdirp";
|
||||
version = "0.5.1";
|
||||
version = "0.5.5";
|
||||
src = fetchurl {
|
||||
url = "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz";
|
||||
sha1 = "30057438eac6cf7f8c4767f38648d6697d75c903";
|
||||
url = "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz";
|
||||
sha512 = "NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==";
|
||||
};
|
||||
};
|
||||
"ms-2.1.2" = {
|
||||
|
@ -310,22 +301,22 @@ let
|
|||
sha512 = "sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==";
|
||||
};
|
||||
};
|
||||
"needle-2.4.0" = {
|
||||
"needle-2.4.1" = {
|
||||
name = "needle";
|
||||
packageName = "needle";
|
||||
version = "2.4.0";
|
||||
version = "2.4.1";
|
||||
src = fetchurl {
|
||||
url = "https://registry.npmjs.org/needle/-/needle-2.4.0.tgz";
|
||||
sha512 = "4Hnwzr3mi5L97hMYeNl8wRW/Onhy4nUKR/lVemJ8gJedxxUyBLm9kkrDColJvoSfwi0jCNhD+xCdOtiGDQiRZg==";
|
||||
url = "https://registry.npmjs.org/needle/-/needle-2.4.1.tgz";
|
||||
sha512 = "x/gi6ijr4B7fwl6WYL9FwlCvRQKGlUNvnceho8wxkwXqN8jvVmmmATTmZPRRG7b/yC1eode26C2HO9jl78Du9g==";
|
||||
};
|
||||
};
|
||||
"nopt-4.0.1" = {
|
||||
"nopt-4.0.3" = {
|
||||
name = "nopt";
|
||||
packageName = "nopt";
|
||||
version = "4.0.1";
|
||||
version = "4.0.3";
|
||||
src = fetchurl {
|
||||
url = "https://registry.npmjs.org/nopt/-/nopt-4.0.1.tgz";
|
||||
sha1 = "d0d4685afd5415193c8c7505602d0d17cd64474d";
|
||||
url = "https://registry.npmjs.org/nopt/-/nopt-4.0.3.tgz";
|
||||
sha512 = "CvaGwVMztSMJLOeXPrez7fyfObdZqNUK1cPAEzLHrTybIua9pMdmmPR5YwtfNftIOMv3DPUhFaxsZMNTQO20Kg==";
|
||||
};
|
||||
};
|
||||
"npm-bundled-1.1.1" = {
|
||||
|
@ -346,13 +337,13 @@ let
|
|||
sha512 = "EPfafl6JL5/rU+ot6P3gRSCpPDW5VmIzX959Ob1+ySFUuuYHWHekXpwdUZcKP5C+DS4GEtdJluwBjnsNDl+fSA==";
|
||||
};
|
||||
};
|
||||
"npm-packlist-1.4.7" = {
|
||||
"npm-packlist-1.4.8" = {
|
||||
name = "npm-packlist";
|
||||
packageName = "npm-packlist";
|
||||
version = "1.4.7";
|
||||
version = "1.4.8";
|
||||
src = fetchurl {
|
||||
url = "https://registry.npmjs.org/npm-packlist/-/npm-packlist-1.4.7.tgz";
|
||||
sha512 = "vAj7dIkp5NhieaGZxBJB8fF4R0078rqsmhJcAfXZ6O7JJhjhPK96n5Ry1oZcfLXgfun0GWTZPOxaEyqv8GBykQ==";
|
||||
url = "https://registry.npmjs.org/npm-packlist/-/npm-packlist-1.4.8.tgz";
|
||||
sha512 = "5+AZgwru5IevF5ZdnFglB5wNlHG1AOOuw28WhUq8/8emhBmLv6jX5by4WJCh7lW0uSYZYS6DXqIsyZVIXRZU9A==";
|
||||
};
|
||||
};
|
||||
"npmlog-4.1.2" = {
|
||||
|
@ -508,13 +499,13 @@ let
|
|||
sha1 = "045f9782d011ae9a6803ddd382b24392b3d890f7";
|
||||
};
|
||||
};
|
||||
"signal-exit-3.0.2" = {
|
||||
"signal-exit-3.0.3" = {
|
||||
name = "signal-exit";
|
||||
packageName = "signal-exit";
|
||||
version = "3.0.2";
|
||||
version = "3.0.3";
|
||||
src = fetchurl {
|
||||
url = "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.2.tgz";
|
||||
sha1 = "b5fdc08f1287ea1178628e415e25132b73646c6d";
|
||||
url = "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.3.tgz";
|
||||
sha512 = "VUJ49FC8U1OxwZLxIbTTrDvLnf/6TDgxZcK8wxR8zs13xpx7xbG60ndBlhNrFi2EMuFRoeDoJO7wthSLq42EjA==";
|
||||
};
|
||||
};
|
||||
"string-width-1.0.2" = {
|
||||
|
@ -616,7 +607,7 @@ in
|
|||
sources."are-we-there-yet-1.1.5"
|
||||
sources."balanced-match-1.0.0"
|
||||
sources."brace-expansion-1.1.11"
|
||||
sources."chownr-1.1.3"
|
||||
sources."chownr-1.1.4"
|
||||
sources."code-point-at-1.1.0"
|
||||
sources."concat-map-0.0.1"
|
||||
sources."console-control-strings-1.1.0"
|
||||
|
@ -638,16 +629,16 @@ in
|
|||
sources."is-fullwidth-code-point-1.0.0"
|
||||
sources."isarray-1.0.0"
|
||||
sources."minimatch-3.0.4"
|
||||
sources."minimist-0.0.8"
|
||||
sources."minimist-1.2.5"
|
||||
sources."minipass-2.9.0"
|
||||
sources."minizlib-1.3.3"
|
||||
sources."mkdirp-0.5.1"
|
||||
sources."mkdirp-0.5.5"
|
||||
sources."ms-2.1.2"
|
||||
sources."needle-2.4.0"
|
||||
sources."nopt-4.0.1"
|
||||
sources."needle-2.4.1"
|
||||
sources."nopt-4.0.3"
|
||||
sources."npm-bundled-1.1.1"
|
||||
sources."npm-normalize-package-bin-1.0.1"
|
||||
sources."npm-packlist-1.4.7"
|
||||
sources."npm-packlist-1.4.8"
|
||||
sources."npmlog-4.1.2"
|
||||
sources."number-is-nan-1.0.1"
|
||||
sources."object-assign-4.1.1"
|
||||
|
@ -657,11 +648,7 @@ in
|
|||
sources."osenv-0.1.5"
|
||||
sources."path-is-absolute-1.0.1"
|
||||
sources."process-nextick-args-2.0.1"
|
||||
(sources."rc-1.2.8" // {
|
||||
dependencies = [
|
||||
sources."minimist-1.2.0"
|
||||
];
|
||||
})
|
||||
sources."rc-1.2.8"
|
||||
sources."readable-stream-2.3.7"
|
||||
sources."rimraf-2.7.1"
|
||||
sources."safe-buffer-5.1.2"
|
||||
|
@ -669,7 +656,7 @@ in
|
|||
sources."sax-1.2.4"
|
||||
sources."semver-5.7.1"
|
||||
sources."set-blocking-2.0.0"
|
||||
sources."signal-exit-3.0.2"
|
||||
sources."signal-exit-3.0.3"
|
||||
sources."string-width-1.0.2"
|
||||
sources."string_decoder-1.1.1"
|
||||
sources."strip-ansi-3.0.1"
|
||||
|
|
|
@ -1,15 +0,0 @@
|
|||
{pkgs}:
|
||||
|
||||
with pkgs;
|
||||
stdenv.mkDerivation {
|
||||
name = "nodeinfo";
|
||||
src = ./nodeinfo.sh;
|
||||
|
||||
unpackPhase = "true";
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
mkdir -p $out/bin
|
||||
cp $src $out/bin/nodeinfo
|
||||
chmod +x $out/bin/nodeinfo
|
||||
'';
|
||||
}
|
|
@ -1,49 +0,0 @@
|
|||
set -e
|
||||
set -o pipefail
|
||||
|
||||
BITCOIND_ONION="$(cat /var/lib/onion-chef/operator/bitcoind)"
|
||||
echo BITCOIND_ONION="$BITCOIND_ONION"
|
||||
|
||||
if systemctl is-active --quiet clightning; then
|
||||
CLIGHTNING_NODEID=$(lightning-cli getinfo | jq -r '.id')
|
||||
CLIGHTNING_ONION="$(cat /var/lib/onion-chef/operator/clightning)"
|
||||
CLIGHTNING_ID="$CLIGHTNING_NODEID@$CLIGHTNING_ONION:9735"
|
||||
echo CLIGHTNING_NODEID="$CLIGHTNING_NODEID"
|
||||
echo CLIGHTNING_ONION="$CLIGHTNING_ONION"
|
||||
echo CLIGHTNING_ID="$CLIGHTNING_ID"
|
||||
fi
|
||||
|
||||
if systemctl is-active --quiet lnd; then
|
||||
LND_NODEID=$(lncli getinfo | jq -r '.uris[0]')
|
||||
echo LND_NODEID="$LND_NODEID"
|
||||
fi
|
||||
|
||||
NGINX_ONION_FILE=/var/lib/onion-chef/operator/nginx
|
||||
if [ -e "$NGINX_ONION_FILE" ]; then
|
||||
NGINX_ONION="$(cat $NGINX_ONION_FILE)"
|
||||
echo NGINX_ONION="$NGINX_ONION"
|
||||
fi
|
||||
|
||||
LIQUIDD_ONION_FILE=/var/lib/onion-chef/operator/liquidd
|
||||
if [ -e "$LIQUIDD_ONION_FILE" ]; then
|
||||
LIQUIDD_ONION="$(cat $LIQUIDD_ONION_FILE)"
|
||||
echo LIQUIDD_ONION="$LIQUIDD_ONION"
|
||||
fi
|
||||
|
||||
SPARKWALLET_ONION_FILE=/var/lib/onion-chef/operator/spark-wallet
|
||||
if [ -e "$SPARKWALLET_ONION_FILE" ]; then
|
||||
SPARKWALLET_ONION="$(cat $SPARKWALLET_ONION_FILE)"
|
||||
echo SPARKWALLET_ONION="http://$SPARKWALLET_ONION"
|
||||
fi
|
||||
|
||||
ELECTRS_ONION_FILE=/var/lib/onion-chef/operator/electrs
|
||||
if [ -e "$ELECTRS_ONION_FILE" ]; then
|
||||
ELECTRS_ONION="$(cat $ELECTRS_ONION_FILE)"
|
||||
echo ELECTRS_ONION="$ELECTRS_ONION"
|
||||
fi
|
||||
|
||||
SSHD_ONION_FILE=/var/lib/onion-chef/operator/sshd
|
||||
if [ -e "$SSHD_ONION_FILE" ]; then
|
||||
SSHD_ONION="$(cat $SSHD_ONION_FILE)"
|
||||
echo SSHD_ONION="$SSHD_ONION"
|
||||
fi
|
Loading…
Reference in New Issue
Block a user