Merge fort-nix/nix-bitcoin#560: Update nixpgks
c88acbb1bb
btcpayserver: use new option `certfilepath` for lnd (Erik Arvstedt)13a835e88f
Revert "pkgs: add lnd 0.15.2" (Erik Arvstedt)3549725b51
update nixpkgs (Erik Arvstedt)61c539d5b6
defaultHardening: allow syscall `set_mempolicy` (Erik Arvstedt) Pull request description: ACKs for top commit: jonasnick: ACKc88acbb1bb
Tree-SHA512: 450fc27bb738d7465be829bc6ceda0030cdfc6bb75d15001986450c8189d675fe0fd0a0e6875c0224a239be0aae3acbecb74fb3b970fb6a8dfedd1d463a93d55
This commit is contained in:
commit
9d074e1985
12
flake.lock
12
flake.lock
|
@ -17,11 +17,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1663760840,
|
||||
"narHash": "sha256-ym5Iycs5H4cOaLfE2/vC0tsLp8XuBJQIHGV8/uXSy8M=",
|
||||
"lastModified": 1666528161,
|
||||
"narHash": "sha256-PFOQSC0x4xPD1p/GZIbpKuoEBu6M8HnEOeNRiBUCELA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9bdbbaa634aa666eb6a27096bdcb991c59181244",
|
||||
"rev": "471d92178b978fcbad8db27c2e8a4e737d4e0e27",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -33,11 +33,11 @@
|
|||
},
|
||||
"nixpkgsUnstable": {
|
||||
"locked": {
|
||||
"lastModified": 1663757063,
|
||||
"narHash": "sha256-H+BPgoXuVcdi3g5BH4cact4osjfjntaTQTdA/HNiCYE=",
|
||||
"lastModified": 1666570118,
|
||||
"narHash": "sha256-MTXmIYowHM1wyIYyqPdBLia5SjGnxETv0YkIbDsbkx4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "a0e390471362e27349abc1090197e09fe8c59d16",
|
||||
"rev": "1e684b371cf05300bc2b432f958f285855bac8fb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -200,7 +200,7 @@ in {
|
|||
systemd.services.btcpayserver = let
|
||||
nbExplorerUrl = "http://${nbLib.addressWithPort cfg.nbxplorer.address cfg.nbxplorer.port}/";
|
||||
nbExplorerCookie = "${cfg.nbxplorer.dataDir}/${bitcoind.makeNetworkName "Main" "RegTest"}/.cookie";
|
||||
configFile = builtins.toFile "config" (''
|
||||
configFile = builtins.toFile "btcpayserver-config" (''
|
||||
network=${bitcoind.network}
|
||||
bind=${cfg.btcpayserver.address}
|
||||
port=${toString cfg.btcpayserver.port}
|
||||
|
@ -212,34 +212,27 @@ in {
|
|||
rootpath=${cfg.btcpayserver.rootpath}
|
||||
'' + optionalString (cfg.btcpayserver.lightningBackend == "clightning") ''
|
||||
btclightning=type=clightning;server=unix:///${cfg.clightning.dataDir}/${bitcoind.makeNetworkName "bitcoin" "regtest"}/lightning-rpc
|
||||
'' + optionalString cfg.btcpayserver.lbtc ''
|
||||
'' + optionalString (cfg.btcpayserver.lightningBackend == "lnd")
|
||||
(
|
||||
"btclightning=type=lnd-rest;" +
|
||||
"server=https://${cfg.lnd.restAddress}:${toString cfg.lnd.restPort}/;" +
|
||||
"macaroonfilepath=/run/lnd/btcpayserver.macaroon;" +
|
||||
"certfilepath=${config.services.lnd.certPath}" +
|
||||
"\n"
|
||||
)
|
||||
+ optionalString cfg.btcpayserver.lbtc ''
|
||||
chains=btc,lbtc
|
||||
lbtcexplorerurl=${nbExplorerUrl}
|
||||
lbtcexplorercookiefile=${nbExplorerCookie}
|
||||
'');
|
||||
lndConfig =
|
||||
"btclightning=type=lnd-rest;" +
|
||||
"server=https://${cfg.lnd.restAddress}:${toString cfg.lnd.restPort}/;" +
|
||||
"macaroonfilepath=/run/lnd/btcpayserver.macaroon;" +
|
||||
"certthumbprint=";
|
||||
in let self = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "nbxplorer.service" "postgresql.service" ]
|
||||
++ optional (cfg.btcpayserver.lightningBackend != null) "${cfg.btcpayserver.lightningBackend}.service";
|
||||
after = self.requires;
|
||||
preStart = ''
|
||||
install -m 600 ${configFile} '${cfg.btcpayserver.dataDir}/settings.config'
|
||||
${optionalString (cfg.btcpayserver.lightningBackend == "lnd") ''
|
||||
{
|
||||
echo -n "${lndConfig}"
|
||||
${pkgs.openssl}/bin/openssl x509 -noout -fingerprint -sha256 -in ${config.services.lnd.certPath} \
|
||||
| sed -e 's/.*=//;s/://g'
|
||||
} >> '${cfg.btcpayserver.dataDir}/settings.config'
|
||||
''}
|
||||
'';
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
ExecStart = ''
|
||||
${cfg.btcpayserver.package}/bin/btcpayserver --conf='${cfg.btcpayserver.dataDir}/settings.config' \
|
||||
${cfg.btcpayserver.package}/bin/btcpayserver --conf=${configFile} \
|
||||
--datadir='${cfg.btcpayserver.dataDir}'
|
||||
'';
|
||||
User = cfg.btcpayserver.user;
|
||||
|
|
|
@ -37,10 +37,5 @@ let self = {
|
|||
|
||||
pinned = import ./pinned.nix pkgs pkgsUnstable;
|
||||
|
||||
# TODO-EXTERNAL:
|
||||
# Remove this when https://github.com/NixOS/nixpkgs/pull/195337 is available in the
|
||||
# nixpkgs-unstable channel
|
||||
lnd = pkgsUnstable.callPackage ./lnd-0.15.2.nix {};
|
||||
|
||||
modulesPkgs = self // self.pinned;
|
||||
}; in self
|
||||
|
|
|
@ -33,7 +33,7 @@ let self = {
|
|||
# @system-service whitelist and docker seccomp blacklist (except for "clone"
|
||||
# which is a core requirement for systemd services)
|
||||
# @system-service is defined in src/shared/seccomp-util.c (systemd source)
|
||||
SystemCallFilter = [ "@system-service" "~add_key kcmp keyctl mbind move_pages name_to_handle_at personality process_vm_readv process_vm_writev request_key set_mempolicy setns unshare userfaultfd" ];
|
||||
SystemCallFilter = [ "@system-service" "~add_key kcmp keyctl mbind move_pages name_to_handle_at personality process_vm_readv process_vm_writev request_key setns unshare userfaultfd" ];
|
||||
SystemCallArchitectures = "native";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
{ buildGoModule
|
||||
, fetchFromGitHub
|
||||
, lib
|
||||
, tags ? [ "autopilotrpc" "signrpc" "walletrpc" "chainrpc" "invoicesrpc" "watchtowerrpc" "routerrpc" "monitoring" "kvdb_postgres" "kvdb_etcd" ]
|
||||
}:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "lnd";
|
||||
version = "0.15.2-beta";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "lightningnetwork";
|
||||
repo = "lnd";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-C7BZ6awY2v5Uvvh12YEosoEQyJoetWzH/1wIQSVjtEk=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-rCdcPkgrFcDfLfF8wipFws7YTKEgotuVqVIJYLMOxbs=";
|
||||
|
||||
subPackages = [ "cmd/lncli" "cmd/lnd" ];
|
||||
|
||||
preBuild = let
|
||||
buildVars = {
|
||||
RawTags = lib.concatStringsSep "," tags;
|
||||
GoVersion = "$(go version | egrep -o 'go[0-9]+[.][^ ]*')";
|
||||
};
|
||||
buildVarsFlags = lib.concatStringsSep " " (lib.mapAttrsToList (k: v: "-X github.com/lightningnetwork/lnd/build.${k}=${v}") buildVars);
|
||||
in
|
||||
lib.optionalString (tags != []) ''
|
||||
buildFlagsArray+=("-tags=${lib.concatStringsSep " " tags}")
|
||||
buildFlagsArray+=("-ldflags=${buildVarsFlags}")
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Lightning Network Daemon";
|
||||
homepage = "https://github.com/lightningnetwork/lnd";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ cypherpunk2140 prusnak ];
|
||||
};
|
||||
}
|
|
@ -6,8 +6,8 @@ pkgs: pkgsUnstable:
|
|||
bitcoind
|
||||
extra-container
|
||||
lightning-pool
|
||||
lndconnect
|
||||
nbxplorer;
|
||||
lnd
|
||||
lndconnect;
|
||||
|
||||
inherit (pkgsUnstable)
|
||||
btcpayserver
|
||||
|
@ -17,7 +17,8 @@ pkgs: pkgsUnstable:
|
|||
elementsd
|
||||
fulcrum
|
||||
hwi
|
||||
lightning-loop;
|
||||
lightning-loop
|
||||
nbxplorer;
|
||||
|
||||
inherit pkgs pkgsUnstable;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user