Commit Graph

33 Commits

Author SHA1 Message Date
Erik Arvstedt
14ca8b461b
rtl: fix lnd, lightning-loop connection errors
lnd and lightning-loop resolve `localhost` to an IPv4 address when
creating RPC sockets.

Since NixOS 23.05, RTL (nodejs) resolves `localhost` to an IPv6
address when connecting to lnd and lightning-loop, which leads to
connection errors.

To fix these and other potential errors, replace all instances
of `localhost` with `127.0.0.1`.
2023-07-29 19:07:10 +02:00
Erik Arvstedt
109dccca27
treewide: use mdDoc for descriptions
Enable markdown syntax (instead of docbook) for descriptions.
This only affects external doc tooling that renders the descriptions.
2022-12-18 20:01:52 +01:00
Erik Arvstedt
0447c5bacb
treewide: set shebang for bash scripts
These scripts previously failed when called with syscalls like
`execve` (used by, e.g., Python's `subprocess.run`) that use no default
interpreter for scripts without a shebang.
2022-11-08 23:04:56 +01:00
Erik Arvstedt
c853f380d4
lightning-loop: add certificate options extraIPs and extraDomains
This is useful for non-local access to the lightning-loop REST server.
2022-07-07 16:09:26 +02:00
Erik Arvstedt
60a27d58a6
lnd, lightning-loop: improve extraConfig option description 2022-07-07 16:09:26 +02:00
Erik Arvstedt
e6bb281a88
services: set systemd list options as list values
This makes our list definitions mergeable with custom list values
set by users.
Previously, a module error ("value is a string while a list
was expected") was thrown instead.

This commit was partly auto-generated with this script:

#!/usr/bin/env ruby
Dir["**/*.nix"].each do |file|
  src = File.read(file)
  fixed = src.gsub(/ReadWritePaths *= *(.*?);/) do
    "ReadWritePaths = [ #{$1} ];"
  end
  File.write(file, fixed) if fixed != src
end
2022-05-07 20:37:02 +02:00
Erik Arvstedt
5ab85cb2a5
pkgs: add meta attr
Also add more detailed `enable` option descriptions.
2021-12-15 14:39:31 +01:00
Erik Arvstedt
3681f118f7
nix-bitcoin.nix: add defaultText (automatic)
This enables generating module option documentation.

This commit was genereated by running the following script inside the
repo root dir:

def add_default_text(file)
  src = File.read(file)
  src2 = src.gsub(/( = mkOption\s+\{[^{]*?)(\n\s+default = )(.*?);$(.*?\})/m) do |str|
    pre, defaultVar, default, post = Regexp.last_match.captures
    replacement =
      if !post.include?('defaultText =')
        if default =~ /\bpkgs\b/
          defaultText = default.lines.length == 1 ? default : "(See source)"
          "#{pre}#{defaultVar}#{default};#{defaultVar.sub('default', 'defaultText')}#{defaultText.inspect};#{post}"
        end
      end
    replacement or str
  end
  File.write(file, src2) if src2 != src
end

Dir["modules/**/*.nix"].each do |f|
  next if File.basename(f) == "nix-bitcoin.nix"
  add_default_text f
end
2021-12-12 16:20:39 +01:00
Erik Arvstedt
9bda7305fd
services: add tor.* options
Split `enforceTor` into `tor.proxy` and `tor.enforce`.
By enabling `tor.proxy` without `tor.enforce`, a service can accept
incoming clearnet connections.
E.g., this allows setting up a Tor-proxied bitcoind node that accepts
RPC connections from LAN.
2021-11-29 13:22:43 +01:00
Erik Arvstedt
f61e928139
services: support 0.0.0.0/:: in address options
Previously, client services didn't decode these special INADDR_ANY
addresses and failed to connect.
2021-10-04 00:33:26 +02:00
Erik Arvstedt
27c45b82cc
modules: move options to the top
This greatly improves readability and makes it easier to discover options.

This commit was genereated by running the following script inside the
repo root dir:

#!/usr/bin/env ruby

def transform(src)
  return false if src.include?('inherit options;')

  success = false

  options = nil
  src.sub!(/^  options.*?^  }.*?;/m) do |match|
    options = match
    "  inherit options;"
  end
  return false if !options

  src.sub!(/^with lib;\s*let\n+/m) do |match|
    success = true
    <<~EOF
      with lib;
      let
      #{options}

    EOF
  end

  success
end

Dir['modules/**/*.nix'].each do |f|
  src = File.read(f)
  if transform(src)
    puts "Changed file #{f}"
    File.write(f, src)
  end
end
2021-09-13 13:41:47 +02:00
Erik Arvstedt
a2466b1127
secrets: allow extending generate-secrets
`generate-secrets` is no longer a monolithic script. Instead, it's
composed of the values of option `nix-bitcoin.generateSecretsCmds`.

This has the following advantages:
- generate-secrets is now extensible by users
- Only secrets of enabled services are generated
- RPC IPs in the `lnd` and `loop` certs are no longer hardcoded.

Secrets are no longer automatically generated when entering nix-shell.
Instead, they are generated before deployment (via `krops-deploy`)
because secrets generation is now dependant on the node configuration.
2021-09-12 11:29:54 +02:00
Erik Arvstedt
2c8e29b35b
lnd: extract option certPath
Improves service encapsulation.
2021-09-11 15:07:24 +02:00
Erik Arvstedt
be12a49933
lightning-pool/loop: extract lnd variable 2021-09-11 15:07:24 +02:00
Erik Arvstedt
178a0dcf8f
services: use new 'tor' options 2021-08-14 10:46:41 +02:00
Erik Arvstedt
020433cec6
services: add helper fn setAllowedIPAddresses
Also use 'allowLocalIPAddresses' instead of 'allowTor' in bitcoind-import-banlist
which doesn't use Tor.
2021-03-22 13:20:45 +01:00
nixbitcoin
6c9c820862
lightning-loop: 0.11.3-beta -> 0.12.0-beta 2021-03-07 18:28:08 +00:00
nixbitcoin
e873326bfe
modules: use user & group options
I've tried my best to locate all uses of hardcoded usernames, but its
not guaranteed that all have been found/fixed.
2021-02-17 11:50:25 +00:00
Erik Arvstedt
4f6ff408ef
treewide: remove unneeded string literals 2021-02-07 22:41:29 +01:00
Erik Arvstedt
a26ed03d77
rename nix-bitcoin-services.nix -> lib.nix 2021-02-04 12:39:48 +00:00
Erik Arvstedt
b41a720c28
lnd: add consistent address options
Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
2021-01-14 13:25:03 +01:00
Erik Arvstedt
f1681f5b45
add option nix-bitcoin.pkgs, remove overlay
This works around a nixpkgs bug where overlays are ignored in containers.
2020-11-09 22:10:07 +01:00
Erik Arvstedt
8da01fe8a6
lightning-loop: allow RPC access from main netns
Note that this also exposes the REST server, which is secured by
macaroon auth like the RPC server.
2020-10-29 21:21:29 +01:00
Erik Arvstedt
d76b080b74
lightning-loop: add RPC and REST server options 2020-10-29 21:21:29 +01:00
Erik Arvstedt
de23fdd377
lnd: use type str for rpclisten, restlisten 2020-10-29 21:21:28 +01:00
Erik Arvstedt
e0675cb256
move enforceTor logic to service modules
This enables tor support for services without using secure-node.nix
2020-10-29 21:21:27 +01:00
Jonas Nick
6933b0ef47
Merge #251: Services: Auto-enable dependencies
67e49fe415 services: auto-enable dependencies (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 67e49fe415

Tree-SHA512: 6e0f2e2ca4acdb7c5edd41eb3b56a9e95fc6d2ea9cfd08c1142429f88455c9d771f2f2be6339336448a289632f9768c4ae8f6c307038c5aa69c48b303043dda0
2020-10-20 11:17:10 +00:00
Erik Arvstedt
67e49fe415
services: auto-enable dependencies 2020-10-19 14:55:59 +02:00
nixbitcoin
486f385fdd
lightning-loop: 0.9.0 -> 0.10.0
Includes macaroon authentication
2020-10-19 08:59:14 +00:00
Erik Arvstedt
46efd141a1
lightning-loop: add regtest support 2020-10-16 18:01:51 +02:00
nixbitcoin
e7c5f956ea
lightning-loop: update module
* commandlineArgs -> configFile
* introduce tls certs
* loop dataDir
* fix formatting and descriptions

Warning: Manual migration of existing loop data directory necessary
2020-09-24 16:40:11 +00:00
Erik Arvstedt
9715134f06
netns: don't repeat cli definitions
1. Saves some code.
2. Guarantees that the netns and no-netns cli defs are always in sync.
2020-08-25 11:40:27 +02:00
nixbitcoin
491d83a658
lightning-loop: add module 2020-07-28 15:55:52 +00:00