secure-node: don't set nix-bitcoin.secretsDir

This simplifies the docs and the secure-node module.

This change doesn't affect users that deploy via krops.

docs/configuration.md

@@ -250,9 +250,4 @@ following default values:
 
 - If you're using the krops deployment method: `/var/src/secrets`
 
-- Otherwise:
+- Otherwise: `/etc/nix-bitcoin-secrets`
-  - `/secrets` (if you're using the `secure-node.nix` template)
-  - `/etc/nix-bitcoin-secrets` (otherwise)
-
-  `/secrets` only exists to provide backwards compatibility for users of the
-  `secure-node.nix` template.

docs/services.md

@@ -41,7 +41,8 @@ ssh -L 3000:169.254.1.29:3000 root@bitcoin-node
 
 Otherwise, you can access it via Tor Browser at `http://<onion-address>`.
 You can find the `<onion-address>` with command `nodeinfo`.
-The default password location is `/secrets/rtl-password`.
+The default password location is `$secretsDir/rtl-password`.
+See: [Secrets dir](./configuration.md#secrets-dir)
 
 # Connect to spark-wallet
 ### Requirements
@@ -305,9 +306,10 @@ If you want to manually initialize your wallet instead, follow these steps:
     Follow the on-screen instructions and write down your seed.
 
     In order to use nix-bitcoin's `joinmarket.yieldgenerator`, use the password
-    from `/secrets/jm-wallet-password` and use the suggested default wallet name
+    from `$secretsDir/jm-wallet-password` and use the suggested default wallet name
     `wallet.jmdat`. If you want to use your own `jm-wallet-password`, simply
     replace the password string in your local secrets directory.
+    See: [Secrets dir](./configuration.md#secrets-dir)
 
 ## Run the tumbler
 

examples/configuration.nix

@@ -266,5 +266,5 @@
   # The nix-bitcoin release version that your config is compatible with.
   # When upgrading to a backwards-incompatible release, nix-bitcoin will display an
   # an error and provide hints for migrating your config to the new release.
-  nix-bitcoin.configVersion = "0.0.57";
+  nix-bitcoin.configVersion = "0.0.65";
 }

modules/presets/secure-node.nix

@@ -18,9 +18,6 @@ in {
   };
 
   config =  {
-    # For backwards compatibility only
-    nix-bitcoin.secretsDir = mkDefault "/secrets";
-
     networking.firewall.enable = true;
 
     nix-bitcoin.security.dbusHideProcessInformation = true;

modules/versioning.nix

@@ -181,6 +181,27 @@ let
             once.
       '';
     }
+    {
+      version = "0.0.65";
+      condition = config.nix-bitcoin ? secure-node-preset-enabled &&
+                  config.nix-bitcoin.secretsDir == "/etc/nix-bitcoin-secrets";
+      message = ''
+        The `secure-node.nix` preset does not set the secrets directory
+        to "/secrets" anymore.
+        Instead, the default location "/etc/nix-bitcoin-secrets" is used.
+
+        To upgrade, choose one of the following:
+
+        - Continue using "/secrets":
+          Add `nix-bitcoin.secretsDir = "/secrets";` to your configuration.nix.
+
+        - Move your secrets to the default location:
+          Run the following command as root on your node:
+          `rsync -a /secrets/ /etc/nix-bitcoin-secrets`.
+          You can delete the old "/secrets" directory after deploying the new system
+          config to your node.
+      '';
+    }
   ];
 
   mkOnionServiceChange = service: {