Commit Graph

773 Commits

Author SHA1 Message Date
Erik Arvstedt
770a4354b4
btcpayserver: fix PostgreSQL 15 user permissions
Since PostgreSQL 15, DB users need to be DB owners to be able to create tables.

We can't use the new `ensureDBOwnerhip` NixOS option [1] to set this up,
because it requires the PostgreSQL user name and the database name to be
identical, which is not the case for btcpayserver.

Instead, we manually issue a PostgreSQL admin statement similar to the one
used by `ensureDBOwnerhip`.

This method of setting up the user is also compatible with older
PostgreSQL versions that come with older NixOS `system.stateVersion`s.

[1] https://github.com/NixOS/nixpkgs/pull/266270
2023-12-12 11:22:38 +01:00
Erik Arvstedt
be2028f2e8
mempool: use recommendedBrotliSettings 2023-12-12 11:22:38 +01:00
nixbitcoin
e4cb004905
joinmarket: 0.9.9 -> 0.9.10 2023-12-02 23:01:15 +01:00
Jonas Nick
a1eacce676
Merge fort-nix/nix-bitcoin#658: presets/wireguard: make compatible with secure-node preset
e784e0ceb8 presets/wireguard: make compatible with `secure-node` preset (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    utACK e784e0ceb8

Tree-SHA512: a5506e487b01b78f9c420314980bb837079c2960a076f1fbf665db26b5325d9e96cef0743a9f66ab681dfc42fe6fabcee736519013c4c4d164b7d0922ebe8edf
2023-11-05 09:50:42 +00:00
Erik Arvstedt
e784e0ceb8
presets/wireguard: make compatible with secure-node preset
Disable Tor enforcement set by the secure-node preset.
2023-11-01 18:29:32 +01:00
Erik Arvstedt
1de259485b
mempool: add module 2023-10-31 13:44:04 +01:00
Erik Arvstedt
8cdedac046
bitcoind-rpc-public-whitelist: add getindexinfo 2023-10-30 11:58:24 +01:00
Jonas Nick
749901b923
Merge fort-nix/nix-bitcoin#653: Revert "clightning: don't cleanup socket on startup"
fc1466e743 Revert "clightning: don't cleanup socket on startup" (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK fc1466e743

Tree-SHA512: e4139ef9163fe371964cb8ab668f70dc414ecc5169e3d5d7a0637ef61493d51f1416d878abd21b28d5763e089e00ff10a2e8f30103b488871470ad31dd387025
2023-10-09 07:59:33 +00:00
Erik Arvstedt
fc1466e743
Revert "clightning: don't cleanup socket on startup"
Also, add a detailed comment.

Without this commit, clightning client services may fail to start
due to clightning RPC connection failures.
2023-10-08 21:39:46 +02:00
Erik Arvstedt
90ce68cb16
treewide: ensure services are started after secrets setup
Now all services that access secrets only run after the secrets setup
has finished.

Previously, we assumed that the systemd `after` dependency is
transitive, i.e. that adding an `after = [ "bitcoind.service" ]`
to a service implicitly pulled in the `after` dependency to
`nix-bitcoin-secrets.target` (which is defined for `bitcoind`).
This is not the case. Services could start before secrets setup
had finished, leading to service failure.
2023-10-08 13:56:56 +02:00
Erik Arvstedt
b6df5cb130
clboss: 0.13A -> 0.13 2023-09-09 14:35:35 +02:00
Jonas Nick
b98c0292cd
Merge fort-nix/nix-bitcoin#637: Misc. improvements
27e52fc565 dev-scenarios: fix comment (Erik Arvstedt)
7dcf307925 flake-info-sandboxed: clarify that sandbox is offline (Erik Arvstedt)
c22365d4a2 minimal-vm.nix: improve login text (Erik Arvstedt)
32ce2b567c examples/README: make relative location of configuration.nix explicit (Erik Arvstedt)
8303a65f0c configuration.nix: add nodeinfo (Erik Arvstedt)
073161b044 secrets: add comment (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 27e52fc565

Tree-SHA512: a5015183db39fb1b32af08e187029db049f53e7df8ec00d8c3ee4393b20f1318e99cd4696ecd48ecacdfefca0f1200df5602ec14f7123291ac983ae382cac41d
2023-09-04 19:23:49 +00:00
Erik Arvstedt
073161b044
secrets: add comment 2023-08-20 10:54:45 +02:00
Erik Arvstedt
e253b89858
clightning: depend on actual bitcoind package 2023-08-20 10:52:50 +02:00
Erik Arvstedt
b85aac9ba1
clightning: don't cleanup socket on startup
This is now taken care of by clightning itself.
2023-08-19 12:24:31 +02:00
Erik Arvstedt
53ea447ab7
trustedcoin: add option tor.proxy
By disabling `trustedcoin.tor.proxy` and enabling `clightning.tor.proxy`,
`trustedcoin` can be used without Tor proxying, while clighting still
uses Tor for lightning layer connections.

Previously, disabling Tor for `trustedcoin` required to also disable
Tor for clightning.

Also fix the workaround in the docs for the trustedcoin Tor connection issues:
The previous config snippet only affected systemd hardening settings,
but didn't disable Tor for trustedcoin.
2023-08-03 18:40:12 +02:00
Erik Arvstedt
31b76f1ffe
clightning: add option useBcliPlugin
This decouples modules `clightning` and `trustedcoin`.
`clightning` no longer depends on `trustedcoin`, which restores
the acyclic dependency graph described in `modules.nix`
2023-08-03 18:40:12 +02:00
Erik Arvstedt
858ab1cfd6
clightning: revert whitespace changes 2023-08-03 01:20:04 +02:00
Erik Arvstedt
14ca8b461b
rtl: fix lnd, lightning-loop connection errors
lnd and lightning-loop resolve `localhost` to an IPv4 address when
creating RPC sockets.

Since NixOS 23.05, RTL (nodejs) resolves `localhost` to an IPv6
address when connecting to lnd and lightning-loop, which leads to
connection errors.

To fix these and other potential errors, replace all instances
of `localhost` with `127.0.0.1`.
2023-07-29 19:07:10 +02:00
Erik Arvstedt
5eaf104efe
secure-node: add sudo shell alias for doas
A convenience helper which allows running most `sudo` cmds while
`doas` is enabled.

This is safe because all args supported by both `sudo` and
`doas` that lead to command execution (like `-u <user>`)
have identical semantics.
2023-07-10 07:22:00 +02:00
JayDeLux
640f8d5ded
Typo 2023-06-13 22:49:46 +02:00
Erik Arvstedt
bed10d1fca
versioning: improve configVersion description 2023-06-09 21:51:20 +02:00
Erik Arvstedt
af87d5958a
obsolete-options: simplify removal of clightning plugin commando 2023-06-02 10:50:11 +00:00
Jonas Nick
75e54bbb90
spark-wallet: remove package and module 2023-06-02 10:50:11 +00:00
Erik Arvstedt
29a95ea311
clightning-rest: update module to v0.10.3 2023-06-02 10:49:35 +00:00
Erik Arvstedt
fe76516790
bitcoind: update module to v25.0 2023-06-02 10:49:25 +00:00
Erik Arvstedt
2166bfd1ee
clboss: deprecate, add clighting 23.05 compatibility 2023-05-29 06:41:38 +00:00
nixbitcoin
fcd81d486d
joinmarket: 0.9.8 -> 0.9.9 2023-05-08 19:05:43 +00:00
Otto Sabart
67f2eb2feb
trustedcoin: explicitly use the HTTPS_PROXY for external connections 2023-04-14 21:00:00 +02:00
Otto Sabart
8c00c26fa1
trustedcoin: update to v0.6.1 2023-04-11 21:00:00 +02:00
Otto Sabart
5b5e76931d
trustedcoin: fix shellcheck 2023-04-11 21:00:00 +02:00
neverupdate
3d26f72b7f
clightning-plugins: add trustedcoin 2023-04-11 21:00:00 +02:00
neverupdate
35fc3a2b44
trustedcoin: add module 2023-04-11 21:00:00 +02:00
Jonas Nick
294ebb5b1f
obsolete options: fix typo in removed lndconnectOnion option 2023-03-18 12:24:45 +00:00
Jonas Nick
282c45b746
Merge fort-nix/nix-bitcoin#575: Improve lndconnect, support WireGuard
cea69b73d2 nodeinfo: enable required option `nix-bitcoin.operator` (Erik Arvstedt)
27d95fda85 nodeinfo/lnd: add `onion_rest_address` (Erik Arvstedt)
54a21874ae nodeinfo/lnd: add `rest_address` (Erik Arvstedt)
a4bfefd562 add `presets/wireguard.nix` (Erik Arvstedt)
477e1709fb lndconnect: update to Zeus 0.7.1 (Erik Arvstedt)
f996ef37d9 lnd, clightning-rest: remove `lndconnectOnion`, add generic option `lndconnect` (Erik Arvstedt)
b4bc621b8c rename `lndconnect-onion.nix` -> `lndconnect.nix` (Erik Arvstedt)
907cfe4f4c docs/services: improve title, fix numbering (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK cea69b73d2

Tree-SHA512: 747d95b49f5c1b63dfaa2c6bc302fb102e3788c36e279cc28266ea230e8daae54973d8bdb51f2a81e7e84eb86b6b1e504fbe8af85c2318525c54d901678b3f55
2023-03-13 12:55:59 +00:00
Erik Arvstedt
cea69b73d2
nodeinfo: enable required option nix-bitcoin.operator 2023-03-11 20:15:14 +01:00
Erik Arvstedt
27d95fda85
nodeinfo/lnd: add onion_rest_address 2023-03-11 20:10:55 +01:00
Erik Arvstedt
54a21874ae
nodeinfo/lnd: add rest_address 2023-03-11 20:10:55 +01:00
Erik Arvstedt
a4bfefd562
add presets/wireguard.nix
This allows using `lndconnect` via a direct WireGuard connection.
2023-03-11 20:10:54 +01:00
Erik Arvstedt
477e1709fb
lndconnect: update to Zeus 0.7.1
- Generate lndconnect URLs with protocol `c-lightning-rest` for clightning.
  (Zeus now auto-detects the lightning implementation by the URL protocol.)
- Use improved QR code format (via qrencode)  .
2023-02-27 14:39:29 +01:00
Erik Arvstedt
f996ef37d9
lnd, clightning-rest: remove lndconnectOnion, add generic option lndconnect
For both lnd and clightning-rest, `lndconnectOnion` is replaced by
options `lndconnect.enable` and `lndconnect.onion`.

This allows using lndconnect without Tor.
2023-02-27 14:39:29 +01:00
Erik Arvstedt
b4bc621b8c
rename lndconnect-onion.nix -> lndconnect.nix 2023-02-27 14:39:29 +01:00
Jonas Nick
58c7e5519b
rtl: set DB_DIRECTORY_PATH
This prevents RTL from trying to create a database in the directory that
contains the RTL executable.
2023-02-27 13:30:56 +00:00
Erik Arvstedt
3a2730d287
btcpayserver: support restarting from the web interface
This is required since version 1.7.4.
See: https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.4
2023-02-27 12:44:08 +00:00
Jonas Nick
479e21a122
Merge fort-nix/nix-bitcoin#587: Fulcrum: Fix available memory detection
86dc7e2669 fulcrum: allow access to `/proc/meminfo` (Erik Arvstedt)
c948af2e18 dev/dev-features: add `enter_service` helper (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 86dc7e2669

Tree-SHA512: 5c2b7bc5e2247a7fb45e6c805162c02d87b4c917e4a1306134d634f418534b03e3152e402d17e054c410d3d72f3f5eb3d270fcb53019b2f96ea6b27ecae53755
2023-02-03 13:21:56 +00:00
Erik Arvstedt
85310b533a
secrets: use type lines for generateSecretsCmds
This allows users to amend secrets cmds.
2023-02-02 10:51:41 +01:00
Erik Arvstedt
bc2f66d4f1
bitcoind, liquid: increase start/stop timeouts 2023-02-02 10:51:41 +01:00
Erik Arvstedt
519ae31202
netns-isolation: improve formatting 2023-02-02 10:51:41 +01:00
Erik Arvstedt
a1023696e6
netns-isolation: reserve netns id for mempool
This allows using the old id in the extension flake, so that
existing configs are not changed.
2023-02-02 10:51:41 +01:00
Erik Arvstedt
34fe8675bd
add option nix-bitcoin.pkgOverlays
This simplifies extending `nix-bitcoin.pkgs` and is required for
extension flakes.
For now, mark this as `internal`.
2023-02-02 10:51:40 +01:00