Commit Graph

453 Commits

Author SHA1 Message Date
Jonas Nick
ebaa9a3f2e
Merge fort-nix/nix-bitcoin#484: Update RTL
3755b3ebea rtl: add option `extraConfig` for nodes (Erik Arvstedt)
ff228a604d rtl: change `nodes` options (Erik Arvstedt)
beae9f8df7 clightning-rest: 0.7.0 -> 0.7.2 (Erik Arvstedt)
4c2d908a38 rtl: 0.12.2-beta -> 0.12.3-beta (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 3755b3ebea

Tree-SHA512: 21b413473792802a49694427dd488d7ba0575bb79297b8cd3d3e09707f0389fa4a65ed18eea11af167e1f42154f43685a7afc0829b769dea4b8d64007dcd7be5
2022-05-25 19:48:42 +00:00
Erik Arvstedt
041162d1e3
clightning-plugins: update to latest rev 2022-05-22 15:57:15 +02:00
Erik Arvstedt
84fe731c94
treewide: curl: exit with error status on HTTP errors
This makes scripts fail early on request errors.
Previously, curl exited with status 0 when enountering HTTP error status
codes.
`-fsS` equals `--fail --silent --show-error`.
2022-05-17 13:19:38 +02:00
Erik Arvstedt
3755b3ebea
rtl: add option extraConfig for nodes
Also define rtl config as a Nix attrset that is converted to JSON
2022-05-15 21:25:32 +02:00
Erik Arvstedt
beae9f8df7
clightning-rest: 0.7.0 -> 0.7.2 2022-05-14 15:22:35 +02:00
Erik Arvstedt
4c2d908a38
rtl: 0.12.2-beta -> 0.12.3-beta 2022-05-14 15:22:35 +02:00
Erik Arvstedt
472bcf1565
pkgs-unstable: inherit system from stable pkgs
Previously, `builtins.defaultSystem` was implicitly used.
This fixes NixOS system builds for systems other than `defaultSystem`.
2022-05-11 10:04:55 +02:00
Erik Arvstedt
e6bb281a88
services: set systemd list options as list values
This makes our list definitions mergeable with custom list values
set by users.
Previously, a module error ("value is a string while a list
was expected") was thrown instead.

This commit was partly auto-generated with this script:

#!/usr/bin/env ruby
Dir["**/*.nix"].each do |file|
  src = File.read(file)
  fixed = src.gsub(/ReadWritePaths *= *(.*?);/) do
    "ReadWritePaths = [ #{$1} ];"
  end
  File.write(file, fixed) if fixed != src
end
2022-05-07 20:37:02 +02:00
Erik Arvstedt
c30aa33c15
cl-rest: rename pkg to clightning-rest 2022-05-06 16:24:59 +02:00
Erik Arvstedt
f234e59ca5
nbPython3Packages: fix clightning pkgs
Also enable tests for the pyln-* pkgs.
2022-05-06 13:36:06 +00:00
Jonas Nick
6bdf0ac3fb
update nixpkgs{,-unstable}
This commit does not pass the tests. Fixup is in the next commit.

bitcoin: 22.0 -> 23.0
bitcoind: 22.0 -> 23.0
btcpayserver: 1.4.7 -> 1.5.1
clightning: 0.10.2 -> 0.11.0.1
electrs: 0.9.6 -> 0.9.7
hwi: 2.0.2 -> 2.1.0
lightning-loop: 0.17.0-beta -> 0.18.0-beta
lnd: 0.14.2-beta -> 0.14.3-beta
nbxplorer: 2.2.20 -> 2.3.20
2022-05-06 13:35:32 +00:00
Erik Arvstedt
900836fe0d
joinmarket: add private python package set
This is a nonfunctional refactoring commit.

It's needed because pkg `pyln-proto`, which is introduced in the next commit,
requires a different, incompatible version of `cryptography`, which
must be placed in a different python package set.
2022-05-06 13:35:32 +00:00
Erik Arvstedt
ca834cce84
joinmarket: simplify pkgs
Remove unused dependencies.
2022-05-06 13:35:32 +00:00
Erik Arvstedt
29d2ffc111
defaultHardening: allow clone3 system call
clone3 is the latest version of the clone system call, which is already
allowed.
clone3 is required by nbxplorer 2.3.20.
2022-05-06 13:35:23 +00:00
Erik Arvstedt
dd2dcad3dc
clboss: 0.11E -> 0.12 2022-04-30 13:08:50 +02:00
Erik Arvstedt
3b4cf665e8
clboss: 0.11B -> 0.11E 2022-04-26 11:34:05 +02:00
Jonas Nick
06d4a22902
Merge fort-nix/nix-bitcoin#469: lnd: Use lndinit for wallet creation
a4a5c72b01 lnd: use `lndinit` for wallet creation (Erik Arvstedt)
e793a3470c lndinit: init at 0.1.3-beta (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK a4a5c72b01
  jonasnick:
    utACK a4a5c72b01

Tree-SHA512: 5295c1014a5b7bed4b7347b2d671fd877fd719323ea5156bd3bcff6ec94004949f22a9d0698fcc1de925855d36d81d9ea0148dbf0c079ab77e5437a9f53b2bb8
2022-04-11 04:33:16 +00:00
Erik Arvstedt
e793a3470c
lndinit: init at 0.1.3-beta 2022-04-04 13:59:36 +02:00
Jonas Nick
54f8f2d240
Merge fort-nix/nix-bitcoin#468: joinmarket: 0.9.4 -> 0.9.5
4f74690292 joinmarket: 0.9.4 -> 0.9.5 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 4f74690292

Tree-SHA512: 69bb194682d57ec0f1852c13d89d86c479459d32860106746b7bcbf26de7f4d94bf01a6d2852884e02cba5ebd53569f1beb96410c6de12355ec2739a05925998
2022-04-03 23:53:13 +00:00
nixbitcoin
4f74690292
joinmarket: 0.9.4 -> 0.9.5
Notes
- We can no longer test for `unknown error in JSON-RPC`. `jm-ob-watcher`
  now simply outputs `Starting ob-watcher`. Tested working on
  https://nixbitcoin.org/orderbook.
- Removed Agora IRC server since it is offline semi-permanently. Should
  probably also be removed upstream.
- Includes patch for
  https://github.com/JoinMarket-Org/joinmarket-clientserver/issues/1193
2022-03-30 11:25:45 +00:00
Erik Arvstedt
77b34954ef
cl-rest: 0.6.1 -> 0.7.0 2022-03-29 16:30:47 +02:00
nixbitcoin
4f45266524
rtl: 0.12.1 -> 0.12.2 2022-03-09 12:23:20 +00:00
nixbitcoin
6629e9a66f
joinmarket: bump secp256k1 to version used upstream
Also incorporate improvements from upstream nixpkgs expression. Except,
`enable-tests` line which is already enabled by default upstream.

Add comment explaining the reason for having a custom secp256k1 pkg in
nix-bitcoin.
2022-03-06 14:28:02 +00:00
Jonas Nick
19abacc41c
Merge fort-nix/nix-bitcoin#458: liquidd: add service timeouts like in bitcoind
2493c8c201 liquidd: add service timeouts like in bitcoind (Erik Arvstedt)
59bf0274c0 pkgs: add groups, sort alphabetically (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 2493c8c201

Tree-SHA512: 229f57a4093b996d500f95f81992b7f0314596828639179ed57936a4bc5d0f556498bf29e1acd9aabd3cbee97f034ccabd9dad2fde01deddc5e226c6c46c7bb2
2022-03-01 14:21:39 +00:00
Erik Arvstedt
59bf0274c0
pkgs: add groups, sort alphabetically 2022-02-28 14:00:23 +01:00
Jonas Nick
2618af74e4
Merge fort-nix/nix-bitcoin#445: clightning-plugins: add commando plugin
ee4cdb0586 pyln-proto: relax pycparser constraint (William Casarin)
2d6c4e829e readme: fix monitor c-lightning plugin link (William Casarin)
0bede274a8 clightning-plugins/commando: add module (Erik Arvstedt)
380ec3bb78 clightning-plugins: add commando (William Casarin)
80312ba9d7 python-packages/sha256: init at 0.1 (William Casarin)
71eccb73d6 python-packages/runes: init at 0.4.0 (William Casarin)
570e271695 clightning-plugins: bump to latest git (William Casarin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK ee4cdb0586

Tree-SHA512: 2db97ee758f061ce72f8e049299c453cc4e9947d9af55c68745aa15bcd9529cb47defb52366ca216249441fb8e113c3b3b048a5381f41fd1ef80e677dae0fe37
2022-02-27 18:38:18 +00:00
William Casarin
ee4cdb0586 pyln-proto: relax pycparser constraint
This is a bit hostile to different nixpkgs versions

Signed-off-by: William Casarin <jb55@jb55.com>
2022-02-27 08:42:08 -08:00
William Casarin
380ec3bb78
clightning-plugins: add commando
Signed-off-by: William Casarin <jb55@jb55.com>
2022-02-23 20:48:57 +01:00
William Casarin
80312ba9d7
python-packages/sha256: init at 0.1
Signed-off-by: William Casarin <jb55@jb55.com>
2022-02-23 20:48:57 +01:00
William Casarin
71eccb73d6
python-packages/runes: init at 0.4.0
Signed-off-by: William Casarin <jb55@jb55.com>
2022-02-23 20:43:12 +01:00
nixbitcoin
2ca90961e3
rtl: 0.12.0 -> 0.12.1 2022-01-24 11:54:52 +00:00
William Casarin
570e271695 clightning-plugins: bump to latest git
Signed-off-by: William Casarin <jb55@jb55.com>
2022-01-22 17:01:38 -08:00
Jonas Nick
5b7bc2d6ff
update nixpkgs{-unstable}
electrs: 0.9.3 -> 0.9.4
2022-01-20 21:59:13 +00:00
Jonas Nick
ffabad225b
spark-wallet: switch from nodejs 10 to 12
nixpkgs starts marking nodejs 10 as insecure because it is end of life.
2022-01-20 21:59:01 +00:00
Jonas Nick
1f45f7351e
update nixpkgs{,-unstable}
btcpayserver: 1.3.6 -> 1.3.7
elementsd: 0.21.0 -> 0.21.0.1
lightning-loop: 0.15.0-beta -> 0.16.0-beta
lightning-pool: 0.5.1-alpha -> 0.5.3-alpha
2022-01-01 20:15:10 +00:00
Erik Arvstedt
53a9f136b9
lib: allow syscall get_mempolicy in default seccomp filter
This syscall is required by an upcoming version of btcpayserver.
Because it is generally safe, we can allow it for all services.
2022-01-01 20:13:42 +00:00
nixbitcoin
bb9f0b54ca
spark-wallet: use HTTPS instead of SSH for Github 2022-01-01 19:12:20 +01:00
nixbitcoin
906b7f83ff
rtl: 0.11.2 -> 0.12.0 2021-12-30 14:29:29 +00:00
nixbitcoin
2a7630e6f4
cl-rest: 0.6.0 -> 0.6.1 2021-12-30 14:29:22 +00:00
Erik Arvstedt
5ab85cb2a5
pkgs: add meta attr
Also add more detailed `enable` option descriptions.
2021-12-15 14:39:31 +01:00
Erik Arvstedt
602281b132
rtl, cl-rest: add /bin to pkg output 2021-12-15 10:58:04 +01:00
Erik Arvstedt
f4872f3334
spark-wallet: use node package lockfile 2021-12-15 10:58:04 +01:00
Erik Arvstedt
3091b0a4fb
cl-rest: use node package lockfile 2021-12-15 10:58:04 +01:00
Erik Arvstedt
fbfb61210a
rtl: use node package lockfile 2021-12-15 10:58:04 +01:00
Erik Arvstedt
2069f62abc
krops: -> 1.26.2
Includes 9fc8cbf8e8

Add krops/fetch-release.sh
2021-12-14 19:52:17 +01:00
nixbitcoin
88fa33479f
clightning-plugins: update prometheus-client version pin 2021-12-10 12:15:16 +00:00
nixbitcoin
c9c2104009
klein: use from upstream, update jmclient version pin
klein 20.6.0 was failing Twisted 21.7.0 tests.
2021-12-10 12:14:47 +00:00
nixbitcoin
048b49edae
pyln-proto: add copy of base58 2.1.0 2021-12-08 12:38:35 +00:00
nixbitcoin
b5984a603c
joinmarket: 0.9.3 -> 0.9.4
Ilita IRC server & use upstream twisted again
2021-12-08 12:38:28 +00:00
nixbitcoin
8433933251
node2nix composition: add writeShellScript 2021-12-08 12:38:22 +00:00
nixbitcoin
6b725157e1
clboss: sslSupport -> opensslSupport 2021-12-08 12:38:15 +00:00
nixbitcoin
16f5aa0561
update to NixOS 21.11 2021-12-08 12:38:00 +00:00
Jonas Nick
8a7ec27e6d
Merge fort-nix/nix-bitcoin#427: cl-rest: 0.5.2 -> 0.6.0
d3788e141d cl-rest: 0.5.2 -> 0.6.0 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK d3788e141d

Tree-SHA512: 48acb8c7dbabf15c6b0c595a9a5e6210ebd0314c219eb5e229045d794e01eb0fa4f0f5882b9d4a7c2170b6adb85463fa66fbfe828a39dcca0cc6c73ecd894ccf
2021-11-29 18:08:01 +00:00
Erik Arvstedt
def64a73b8
treewide: use TODO-EXTERNAL
Use TODO-EXTERNAL for TODOs that depend on external factors like
upstream fixes.
2021-11-29 13:47:48 +01:00
Erik Arvstedt
9bda7305fd
services: add tor.* options
Split `enforceTor` into `tor.proxy` and `tor.enforce`.
By enabling `tor.proxy` without `tor.enforce`, a service can accept
incoming clearnet connections.
E.g., this allows setting up a Tor-proxied bitcoind node that accepts
RPC connections from LAN.
2021-11-29 13:22:43 +01:00
nixbitcoin
d3788e141d
cl-rest: 0.5.2 -> 0.6.0 2021-11-29 11:39:47 +00:00
Jonas Nick
9a31cc7d5a
Merge fort-nix/nix-bitcoin#424: spark-wallet: 0.2.17 -> 0.3.1
f739bc5174 spark-wallet: 0.2.17 -> 0.3.1 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK f739bc5174

Tree-SHA512: bfcc5bc076f90037d76757a23f26936f5a1c7331695a0ad31f5e4f69ee3b2cf8f46c984aa8a79926cafc6f195d81e6bd457e88768bd0e657e7300c2614ec556f
2021-11-10 21:58:40 +00:00
Jonas Nick
6673c8245c
Merge fort-nix/nix-bitcoin#423: Misc. improvements
4a74b7de08 clightning: work around unsupported seccomp syscall (Erik Arvstedt)
38a843d005 clightning: update python pkgs to new version (Erik Arvstedt)
6ad7107ddb update nixpkgs (Erik Arvstedt)
f58d67677e netns-isolation: separate host and netns setup (Erik Arvstedt)
cb6e5ef702 netns-isolation: fix routing issues due to netns restarting (Erik Arvstedt)
7f77147b60 makeShell: minor improvements (Erik Arvstedt)
a5730eb736 makeShell: make the help msg a shell derivation variable (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 4a74b7de08

Tree-SHA512: 75454b51db6d7ab41590d8579e0a5136e5ac1be78d5c2f547c6ef1982c0de679968879bb9bac57dd66413f59a4659236601ab75414486b0137c7c43d73d22759
2021-11-10 21:57:16 +00:00
Erik Arvstedt
38a843d005
clightning: update python pkgs to new version 2021-11-10 21:26:11 +01:00
nixbitcoin
f739bc5174
spark-wallet: 0.2.17 -> 0.3.1 2021-11-09 15:19:14 +00:00
nixbitcoin
0e1e2a1b3c
cl-rest: init at 0.5.2 2021-11-09 13:07:27 +00:00
nixbitcoin
83196f5545
rtl: init at 0.11.2 2021-11-09 13:07:16 +00:00
nixbitcoin
852c112603
Use HTTPS URL for spark-wallet GitHub node packages
Manually patch spark-wallet until
https://github.com/svanderburg/node2nix/pull/269 is merged
2021-11-02 14:07:28 +00:00
nixbitcoin
a10aa21c69
joinmarket: 0.9.2 -> 0.9.3 2021-10-27 16:02:59 +02:00
Erik Arvstedt
721ba1aeba
python-packages: separate specific-versions pkgs
This simplifies maintenance.
2021-10-24 21:18:56 +02:00
nixbitcoin
59fc003ebd
joinmarket: 0.9.1 -> 0.9.2
Remove "improve-genwallet" patch
2021-10-13 11:52:42 +00:00
Erik Arvstedt
265fc1911d
extra-container: pin to nixpkgs-unstable
extra-container is now part of nixpkgs.
2021-10-06 15:34:24 +02:00
Erik Arvstedt
f61e928139
services: support 0.0.0.0/:: in address options
Previously, client services didn't decode these special INADDR_ANY
addresses and failed to connect.
2021-10-04 00:33:26 +02:00
Jonas Nick
e94e071ad6
update nixpkgs
bitcoin: 0.21.1 -> 22.0
bitcoind: 0.21.1 -> 22.0
electrs: 0.8.10 -> 0.8.11
2021-09-19 20:07:55 +00:00
Erik Arvstedt
0186b2a764
examples/shell.nix: Add upgrade note for NixOps users 2021-09-15 12:01:37 +02:00
nixbitcoin
3e146512d7
joinmarket: add copy of twisted 20.3.0 2021-09-14 20:06:35 +00:00
Erik Arvstedt
a2466b1127
secrets: allow extending generate-secrets
`generate-secrets` is no longer a monolithic script. Instead, it's
composed of the values of option `nix-bitcoin.generateSecretsCmds`.

This has the following advantages:
- generate-secrets is now extensible by users
- Only secrets of enabled services are generated
- RPC IPs in the `lnd` and `loop` certs are no longer hardcoded.

Secrets are no longer automatically generated when entering nix-shell.
Instead, they are generated before deployment (via `krops-deploy`)
because secrets generation is now dependant on the node configuration.
2021-09-12 11:29:54 +02:00
Erik Arvstedt
24fd1e9bdc
improve examples/shell.nix
The user's local node configuration directory usually contains a copy of
examples/shell.nix.

1. Move the shell implementation from shell.nix to nix-bitcoin/helper/makeShell.nix
   Because the shell is no longer defined locally in the user's config
   directory, we can now ship new shell features via nix-bitcoin updates.

2. Simplify examples/nix-bitcoin-release.nix
   nix-bitcoin-release.nix, as generated via `fetch-release`, now
   contains a simple fetchTarball statement which can be directly imported.
   This allows us to get rid of the extra `nix-bitcoin-unpacked` derivation
   which adds a dependency on the user's local nixpkgs.

   To keep `fetch-release` as simple as possible for easy auditing, we just
   fetch and verify a `nar-hash.txt` file that is now uploaded
   via `push-release.sh`.

A migration guide for updating the user's local `shell.nix` is
automatically printed when the user starts a new shell after updating
nix-bitcoin.
This is achieved by throwing an error in `generate-secrets`, which is called
on shell startup.

This commit is required to deploy the new extensible `generate-secrets`
mechanism introduced in the next commit.
2021-09-12 11:29:54 +02:00
Erik Arvstedt
e1e3d8a92b
secrets: simplify cert generation
- Remove openssl.cnf which includes many unused settings.
- Generate the key and cert files with a single call to openssl.
  - Option `-nodes` ("no DES") disables encryption of the key file.
  - Option `-addext` is used to specify `subjectAltName` settings
    that were previously defined by openssl.cnf.

The key type is unchanged.
Certificate changes:
- Certificate duration is now 10 years
- Organization (subj 'O') is now 'loop' instead of 'loopd' for
  lightning-loop to simplify the code.
  For reference, the org. name in auto-generated loop certs is
  "loop autogenerated cert".
- The certificate now includes all default x509v3 extensions.
  These were previously restricted to just `subjectAltName` by openssl.cnf.
  We now use the openssl defaults for simplicity.
2021-09-11 15:07:24 +02:00
Erik Arvstedt
5087ce245f
minor cleanups
- btcpayserver: remove unneeded trailing semicolons

- krops/get-sha256:
  `tail` is unneeded because `nix-prefetch-url` just outputs a single
  line containing the hash.
2021-09-11 15:07:23 +02:00
Jonas Nick
faa7831708
Merge fort-nix/nix-bitcoin#384: joinmarket: Update patch hash
c35e96a553 joinmarket: update patch hash (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK c35e96a553

Tree-SHA512: 40f1bbe6990fa940c0153e00719d2e56e20ce9dc01a5975c48e0da070544b873cafa6cb9aeb860498aad8c104c379f3e368496c96cc569966963a707f478178c
2021-09-06 11:39:40 +00:00
Erik Arvstedt
c35e96a553
joinmarket: update patch hash
The patch hash has changed due to an update of the PR branch.
The PR has now been merged.
2021-09-05 22:33:17 +02:00
Erik Arvstedt
926f1febb7
make-container: update extra-container version
Keep this file in sync with the latest extra-container update.
2021-09-04 08:17:38 +02:00
Erik Arvstedt
179b86d19c
joinmarket: allow recreating wallet from seed
This allows users to easily upgrade their wallets to use Fidelity Bonds.
2021-08-30 13:37:05 +02:00
nixbitcoin
00a0759884
joinmarket-ob-watcher: extra permissions & functionality for fidelity bonds 2021-08-30 13:37:04 +02:00
Erik Arvstedt
d7f9e33e1c
joinmarket-ob-watcher: move resource files to extra dir
Don't clutter joinmarket/bin with ob-watcher resource files.
2021-08-30 13:37:04 +02:00
nixbitcoin
e95abf6c7e
joinmarket: 0.8.3 -> 0.9.1 2021-08-30 09:02:26 +00:00
Erik Arvstedt
dde04f8cbe
update nixpkgs-unstable
Includes:
btcpayserver: 1.1.2 -> 1.2.0
lightning-loop: 0.14.2-beta -> 0.15.0-beta
nbxplorer: 2.1.52 -> 2.1.58
2021-08-26 12:45:10 +02:00
Erik Arvstedt
f7c2133250
add flake support
This change is fully backwards compatible.

We continue to use the standard non-flake evaluation mode in our
examples and internal tooling until the flakes design has stabilized.

'clightning-plugins = pkgs.recurseIntoAttrs' in pkgs/default.nix is
needed by flake-utils.lib.flattenTree in flake.nix.
It transforms the packages in `clightning-plugins` to top-level packages
named like `clightning-plugins/summary`. (The flake attr `packages`
must be a non-nested attrset of derivations.)
2021-08-26 12:45:10 +02:00
Erik Arvstedt
de77281cba
pkgs: import pinned nixpkgs in default.nix
pkgs/default.nix now explicitly specifies all its dependencies as arguments.
This is required for flake support.

Also simplify pinned.nix and python-packages by removing unused attrs.
2021-08-16 10:43:07 +02:00
Erik Arvstedt
fdc278a0b8
lib: fix comment 2021-08-15 11:29:36 +02:00
Erik Arvstedt
c758d68ea4
lib: rename privileged -> rootScript
The naming is now analogous the related function `script`.
2021-08-15 11:29:34 +02:00
Jonas Nick
8a49b41bb4
update nixpkgs-{stable,unstable}
Includes
- clightning 0.10.1
- lightning-loop 0.14.2
2021-08-14 17:57:49 +00:00
Erik Arvstedt
c4c2b03e19
extra-container: 0.6 -> 0.7
Version 0.7 adds support for NixOS 21.05.
2021-08-14 10:46:41 +02:00
Erik Arvstedt
ca64a4a64f
clightning-plugins.prometheus: use current nixpkgs version of prometheus-client 2021-08-14 10:46:41 +02:00
Erik Arvstedt
3aab1fc267
spark-wallet: update to new node-env 2021-08-14 10:46:41 +02:00
Erik Arvstedt
35fe939cf8
security: update /proc restriction mechanism
NixOS option `security.hideProcessInformation` for globally restricting
access to /proc has been removed.
Use per-service restrictions via 'ProtectProc' instead.

Rename
`nix-bitcoin.security.hideProcessInformation` to
`nix-bitcoin.security.dbusHideProcessInformation`
because this option now only implements the dbus restriction.
2021-08-14 10:46:41 +02:00
Erik Arvstedt
178a0dcf8f
services: use new 'tor' options 2021-08-14 10:46:41 +02:00
Erik Arvstedt
a25ceecca5
update to NixOS 21.05 2021-08-12 11:18:26 +02:00
Erik Arvstedt
b758150c9e
pinned: expose nixpkgsStable, nixpkgsUnstable
This allows accessing the pinned nixpkgs.
E.g., this is useful for comparing package versions between stable
and unstable.
2021-08-12 11:18:08 +02:00
Jonas Nick
1ecd9756f6
Merge fort-nix/nix-bitcoin#369: BTCPayServer L-BTC Support
54810ce1bf btcpayserver: add L-BTC support (nixbitcoin)
b24c14ec61 liquidd: make regtest capable (nixbitcoin)
b7225f5d11 update nixpkgs-unstable (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 54810ce1bf

Tree-SHA512: 363165d3b977cd4425191bce4246dd9e83daf914bf2adcaf3cf42d0c170f5730e7e79934a97e5f9c071d0f52bf9ee75a3aa710c4c52135ea58bcdd898babcc74
2021-08-10 12:23:46 +00:00
nixbitcoin
ed480a35af
joinmarket: 0.8.2 -> 0.8.3
Includes
- coincurve: 13.0.0 -> 15.0.0
- Update Darkscience Tor onion address
2021-08-10 10:12:29 +00:00
nixbitcoin
b7225f5d11
update nixpkgs-unstable
Includes
- btcpayserver: optional altcoin support
- lnd 0.13.1-beta
2021-08-10 10:00:13 +00:00
Jonas Nick
650e50b409
clightning-plugins: update to latest rev
This is necessary in preparation for clightning 0.10.1 which requires an update
to the rebalance plugin.
2021-08-10 08:37:14 +00:00
Pavol Rusnak
2f4d7b866c
elementsd: replace local version with nixpkgs 2021-07-16 23:32:58 +02:00
Jonas Nick
676a4beb81
Merge fort-nix/nix-bitcoin#359: charge-lnd: add module
b666bb2903 charge-lnd: add module (Martin Milata)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK b666bb2903

Tree-SHA512: c5e1edeefbd68ec4ba0e12c57922fb21ae3d1b3d54e403087e5bb7f6285db0a011404125c516bd7739741609d21fef6e7d86ad613c364aca6010652118faffff
2021-07-15 22:15:28 +00:00
Martin Milata
b666bb2903 charge-lnd: add module 2021-07-12 17:36:31 +02:00
nixbitcoin
ffbbdab999
lightning-loop & lightning-pool: replace local versions with nixpkgs 2021-07-12 11:20:32 +00:00
Jonas Nick
842ed44292
Merge fort-nix/nix-bitcoin#366: Update nixpkgs
ce10003747 lnd: allow curl to retry in the create-wallet script (Jonas Nick)
a23b9d1c2d lnd: check that state is RPC_ACTIVE after unlocking (Jonas Nick)
c75347027b lnd: don't wait until the RPC port is open after unlocking (Jonas Nick)
bc9199a386 Update nixpkgs (Jonas Nick)
8fbba87c0f Update nixpkgs (Martin Milata)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK ce10003747

Tree-SHA512: 658d74caec7849ff173ce58c7807d5342f39ff159bc40e617e9f28de7696b91e2801f920b183deefea141f9de2db9a9423ce13d31e6b96ff991ab07032522b55
2021-07-09 21:44:47 +00:00
Jonas Nick
bc9199a386
Update nixpkgs 2021-07-07 13:12:46 +00:00
nixbitcoin
c0a0d03006
elementsd: 0.18.1.11 -> 0.18.1.12 2021-07-07 10:40:47 +00:00
Martin Milata
8fbba87c0f Update nixpkgs
nixos-unstable:
a76f6b02852a724059a7b7cfe73ac5b7a2a81831 lnd: 0.12.1-beta -> 0.13.0-beta
e2dc2b859674411f5ed5b81781926afc7fde5260 btcpayserver: 1.0.7.2 -> 1.1.1
074b608d01e60fbef9bffe0ac7e25e72d20f4866 nbxplorer: 2.1.49 -> 2.1.51
60c6153ab12229fa3d067460614131da5e67f6da btcpayserver/update.sh: auto-update nbxplorer
1608efae17a36cc6206d929801cf2bd887d157b2 btcpayserver, nbxplorer: gpg verify upstream sources
c0693eae1e9cb28ad148ebb49f8200d340432079 hwi: 2.0.1 -> 2.0.2
43031a05d2e2b08ed5f98b3f5255e7d76ef4e403 charge-lnd: init at 0.1.2
5fd4f796b4210d691b1f89e1f29043d635cd20e0 charge-lnd: 0.1.2 -> 0.1.3
2021-06-20 23:28:46 +02:00
Jonas Nick
bdd00bff6c
Merge #358: lightning-loop: 0.12.1 -> 0.12.2
e6f2646ea7 lightning-loop: 0.12.1 -> 0.12.2 (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK e6f2646ea7

Tree-SHA512: 64c7a826abd8c3fa4f3bbae338e2971f2155860cd9ebfb1fda43dd59cfb543acb0f726ba84631142fec6d70a26d59fc8e3519c8a863b7a7fc74c3d75dcddb552
2021-05-05 21:53:48 +00:00
nixbitcoin
e6f2646ea7
lightning-loop: 0.12.1 -> 0.12.2 2021-05-05 09:12:15 +00:00
nixbitcoin
3963d04209
clboss: 0.11A -> 0.11B 2021-05-05 09:04:18 +00:00
Erik Arvstedt
7ae0a38701
electrs: replace local version with nixpkgs 2021-05-04 11:31:35 +00:00
Jonas Nick
9588b0af08
update nixpkgs
Includes
bitcoin: 0.21.0 -> 0.21.1
2021-05-03 18:15:21 +00:00
nixbitcoin
a71f69cb3a
hwi: replace local version with upstream 2021-04-23 11:17:18 +00:00
Jonas Nick
e93a861b92
Update nixpkgs (stable only) 2021-04-19 19:49:08 +00:00
Jonas Nick
4875314b6f
clboss: 0.10 -> 0.11A 2021-04-11 12:39:08 +00:00
nixbitcoin
daeedda825
clightning-plugins: update rev and dependencies 2021-04-09 16:10:33 +02:00
Erik Arvstedt
c5f67629e6
joinmarket: add copy of cryptography 3.3.2 2021-04-07 19:05:40 +02:00
nixbitcoin
ca0c6289d7
update nixpkgs-unstable
btcpayserver: 1.0.7.0 -> 1.0.7.2
clightning: 0.9.3 -> 0.10.0
2021-04-07 10:02:19 +00:00
Jonas Nick
ca71eb01d2
Merge #349: elementsd: 0.18.1.9 -> 0.18.1.11
9bb2c02978 elementsd: 0.18.1.9 -> 0.18.1.11 (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 9bb2c02978

Tree-SHA512: c9ab3588eee0fd19ca23ebcf50b70547614ad6a67958e23cf5b1779c795505166b168a45cc8d6a8e2863aa4ded1cc81d795d495cd551e557592d052ecccf16d6
2021-04-02 13:00:31 +00:00
nixbitcoin
9bb2c02978
elementsd: 0.18.1.9 -> 0.18.1.11 2021-04-02 11:03:03 +00:00
nixbitcoin
d56a363d3d
services: improve default hardening 2021-04-02 10:59:17 +00:00
nixbitcoin
cde9597fc4
lightning-loop: 0.12.0 -> 0.12.1 2021-03-26 09:31:11 +00:00
Jonas Nick
aea1706e49
Merge #345: electrs: 0.8.8 -> 0.8.9
d5c53e1510 electrs: 0.8.8 -> 0.8.9 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK d5c53e1510

Tree-SHA512: f57bd85e2c9ca592774d1e5aaa13042cdf6f3887715e99ed6a0aa9a4d5f5e3c9b32200c616ba2a51b7d50ab414297ea79cca0a0be5002c3cf1b1c92023a6e9c5
2021-03-22 19:58:28 +00:00
Erik Arvstedt
4cddf284e9
treewide: remove use of deprecated stdenv.lib 2021-03-22 14:39:32 +01:00
Erik Arvstedt
08fe9ba84a
services: add finer-grained address family restrictions
Due to a possible NixOS bug, this commit has no effect on NixOS 20.09
where `RestrictAddressFamilies` is a no-op.
It's only relevant for NixOS unstable with cgroups v2.

bitcoind+zmq: instead of allowing all address families, only add the required
AF_NETLINK family.

lnd: lnd only runs a zmq client, not a server, therefore it requires
no additional address families.

lightning-pool, clightning-plugin-zmq: add AF_NETLINK.
2021-03-22 14:35:29 +01:00
Erik Arvstedt
020433cec6
services: add helper fn setAllowedIPAddresses
Also use 'allowLocalIPAddresses' instead of 'allowTor' in bitcoind-import-banlist
which doesn't use Tor.
2021-03-22 13:20:45 +01:00
nixbitcoin
d5c53e1510
electrs: 0.8.8 -> 0.8.9 2021-03-22 11:54:28 +00:00
Erik Arvstedt
d214605b32
spark-wallet: add flakes compatibility
Pure flakes can't use NIX_PATH.
2021-03-16 12:46:19 +01:00
Erik Arvstedt
81db927f66
spark-wallet/generate: remove supplement.json
This file is empty and has no effect.
2021-03-16 12:46:19 +01:00
Jonas Nick
e017675d5e
krops: add package 2021-03-15 18:53:07 +01:00
Jonas Nick
b07185915a
Merge #331: nixops: remove libvirtd plugin
f1064761d7 nixops: remove libvirtd plugin (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK f1064761d7
  erikarvstedt:
    ACK f1064761d7

Tree-SHA512: 66c8fc20c2f210d5d37025cc1772330354a6a8ecbdb1fb9e8fcd1391030485c936ab28647f739bd90b083d627602ade39a5575114d69db8e8d1375989d5cdd0e
2021-03-14 14:42:43 +00:00
Jonas Nick
1377cf5147
Merge #337: joinmarket: 0.8.1 -> 0.8.2
5ead2a7075 joinmarket: 0.8.1 -> 0.8.2 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 5ead2a7075

Tree-SHA512: 2ac87f74a1008c058adef81d11049d985a64f435d75ef61584e8debdcc985f78c1d43430c09ee71c247a93908a5ba3a1efdcf91b0666a84b3269509a99685343
2021-03-10 21:24:12 +00:00
nixbitcoin
5ead2a7075
joinmarket: 0.8.1 -> 0.8.2
- add SNICKER to default config
- update package
- ob-watcher: copy vendorized js and css dependencies
- add missing dependency to jmbase
- use cryptography from pinned.nixpkgs-unstable
2021-03-10 13:33:49 +00:00
nixbitcoin
6c9c820862
lightning-loop: 0.11.3-beta -> 0.12.0-beta 2021-03-07 18:28:08 +00:00
kon
eb21012745 pool: add pkg, module & tests 2021-03-01 10:59:35 +01:00
Jonas Nick
f214a703a5
Merge #332: update nixpkgs-unstable
32acaa5f48 update nixpkgs-unstable (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 32acaa5f48
  jonasnick:
    ACK 32acaa5f48

Tree-SHA512: b688c81da82ef5166fc8074471187f72188b3fb5dc455a9b24c5e3497e3406898185acd2e551356af3300578b2b98eeabf22edcbb7614f02f6ca34afa05b05b0
2021-02-25 08:03:24 +00:00
nixbitcoin
32acaa5f48
update nixpkgs-unstable
btcpayserver: 1.0.5.9 -> 1.0.6.8
nbxplorer: 2.1.46 -> 2.1.49
2021-02-23 10:57:55 +00:00
nixbitcoin
eaa58505a7
electrs: v0.8.7 -> v0.8.8 2021-02-23 10:51:43 +00:00
nixbitcoin
f1064761d7
nixops: remove libvirtd plugin
Fix "Package 'libvirt-5.9.0' is marked as insecure, refusing to
evaluate."
2021-02-23 10:36:30 +00:00
nixbitcoin
42f7e9f874
joinmarket: 0.8.0-a5e8879 -> 0.8.1
- Update joinmarket package
- Revert unofficial release settings
- Move Yield Generator config to configFile
- Add new config option max_sweep_fee_change
2021-02-14 16:23:53 +00:00
Jonas Nick
1302f87c70
Merge #321: Update nixpkgs
47e5442910 Update nixpkgs (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 47e5442910

Tree-SHA512: 4bbcd7711ca3fdf3b8cca36c22b60ceed79a965b3d844dffd44299357ddedd0522c1b5835c53ac0d07b8c0c9456b390d3414017b6d98c8eff469c0039114b471
2021-02-12 22:24:39 +00:00
nixbitcoin
47e5442910
Update nixpkgs
Includes CVE-2019-25016 patch
2021-02-12 09:59:55 +00:00
nixbitcoin
b6f6b5e372
lightning-loop: 0.11.2-beta -> 0.11.3-beta 2021-02-10 15:37:29 +00:00
Jonas Nick
f9683889d9
Merge #312: Refactorings, cleanups
0a2c8e4864 run-tests: add option --copy-src (Erik Arvstedt)
803584a288 backups: don't use hardcoded secrets dir (Erik Arvstedt)
c29d44b49a ci: use 'cachix watch-exec' (Erik Arvstedt)
6a32812412 services: add names for systemd helper scripts (Erik Arvstedt)
6982699613 services: use consistent layout (Erik Arvstedt)
a43534dda0 services: improve config file setup (Erik Arvstedt)
18f2002cf0 joinmarket-yieldgenerator: improve systemd journal output (Erik Arvstedt)
9d0b8c8f6f joinmarket-ob-watcher: use DynamicUser (Erik Arvstedt)
e9c98f415c joinmarket: explain need for tor control socket (Erik Arvstedt)
d9c87b6a8f joinmarket: fix wallet creation (Erik Arvstedt)
7458350108 treewide: remove deprecated types.loaOf (Erik Arvstedt)
9cf038939c treewide: use mkEnableOption (Erik Arvstedt)
7a97304f13 treewide: remove unit descriptions (Erik Arvstedt)
a942177ecf treewide: remove user descriptions (Erik Arvstedt)
4f6ff408ef treewide: remove unneeded string literals (Erik Arvstedt)
e6a6c721c1 treewide: streamline 'extraConfig' descriptions (Erik Arvstedt)
e774c045de treewide: fix formatting (Erik Arvstedt)
0b5b29a2a3 netns-isolation: simplify permission definition for netns-exec (Erik Arvstedt)
a587a2b02a defaultHardening: explain where @system-service is defined (Erik Arvstedt)
bb3a69797e README: minor improvements (Erik Arvstedt)
13fc9dfabf examples: improve introductory comments (Erik Arvstedt)
af2040f4c4 netns-isolation: use 'true' for systemd option (Erik Arvstedt)
c246bbb36e bitcoind, clightning, lnd: improve descriptions (Erik Arvstedt)
7533f12ef1 bitcoind, clightning, run-tests: minor refactoring (Erik Arvstedt)
41fe9b0c1d elementsd: minor refactoring (Erik Arvstedt)
f0850d3f23 btcpayserver: reorder config settings (Erik Arvstedt)
d1c0ea9f85 btcpayserver: add missing systemd postgresql dependency (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 0a2c8e4864

Tree-SHA512: 5c81b36042fbb2f016c8e58ba9e05ef3389d5376b8df713d3258d2cd0b6a9239904531171aca8e49bea7039341d5fa91aa9474c6d98de849c25ede52deccc5a3
2021-02-08 20:32:03 +00:00
Erik Arvstedt
6a32812412
services: add names for systemd helper scripts
The systemd journal now shows a specific script name instead of
the generic name "script" before script output.
2021-02-07 22:45:36 +01:00
Jonas Nick
2ebd1129a5
Merge #317: Pkg updates
a0f48c9de9 examples: fix deploy-container interactive flag (nixbitcoin)
a2f265cd35 secp256k1: move to top-level packages (Erik Arvstedt)
d41a843167 jmbitcoin: remove secp256k1 from propagatedBuildInputs (Erik Arvstedt)
c22adb03af extra-container: 0.5 -> 0.6 (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK a0f48c9de9
  jonasnick:
    ACK a0f48c9de9

Tree-SHA512: 29fa58a960673df407831dd41594c66b26dad1de1e792f4fcc8e35641f39dd873d77b725651be5e01c875bf42284fa78903bab0ea677ec5a0e7eccf98816845d
2021-02-07 21:44:10 +00:00
Erik Arvstedt
4f6ff408ef
treewide: remove unneeded string literals 2021-02-07 22:41:29 +01:00
Erik Arvstedt
e774c045de
treewide: fix formatting 2021-02-07 22:40:10 +01:00
Erik Arvstedt
a587a2b02a
defaultHardening: explain where @system-service is defined 2021-02-07 22:39:06 +01:00
Erik Arvstedt
41fe9b0c1d
elementsd: minor refactoring
- Use pname
- urls -> url
2021-02-07 22:39:05 +01:00