Compare commits
142 Commits
master
...
feature/nw
Author | SHA1 | Date | |
---|---|---|---|
e612529cd8 | |||
a94f875ba5 | |||
|
a2e1478a7c | ||
|
85bbdb857a | ||
|
1c07c5fa5c | ||
|
dc1033f1c8 | ||
|
de51f20ccb | ||
|
e82da35174 | ||
|
b110e2aea6 | ||
|
770a4354b4 | ||
|
9efcdaf8bb | ||
|
be2028f2e8 | ||
|
1676445a51 | ||
|
e4cb004905 | ||
|
1d73b21f10 | ||
|
457f066e08 | ||
|
f06ee98435 | ||
|
24151b63f8 | ||
|
bb17457bc0 | ||
|
a1eacce676 | ||
|
1090675516 | ||
|
e784e0ceb8 | ||
|
1de259485b | ||
|
f0bf94cc5a | ||
|
8cdedac046 | ||
|
8a8f32a4fa | ||
|
4c96a8deba | ||
|
a66c9992d3 | ||
|
742fd8fdd0 | ||
|
8e2010c1b3 | ||
|
2804d4ada0 | ||
|
89ea349312 | ||
|
1852305b13 | ||
|
1fad7c730b | ||
|
3e82a56a3b | ||
|
749901b923 | ||
|
aa169f4653 | ||
|
fc1466e743 | ||
|
b63798ff46 | ||
|
c14ebd230c | ||
|
90ce68cb16 | ||
|
29a32ac53b | ||
|
9f28720e45 | ||
|
d9f5c41025 | ||
|
358a0a0d99 | ||
7ddbc00f62 | |||
|
26cc9e4b60 | ||
|
eaea0f120d | ||
|
c1b370aaa6 | ||
|
19b997fde7 | ||
|
b6df5cb130 | ||
|
8db4a1ece5 | ||
|
73333d5e8f | ||
|
d5d3f064e6 | ||
|
b98c0292cd | ||
|
d85e7108d1 | ||
|
13a264105e | ||
|
ff30af6ed3 | ||
|
27e52fc565 | ||
|
7dcf307925 | ||
|
c22365d4a2 | ||
|
32ce2b567c | ||
|
8303a65f0c | ||
|
073161b044 | ||
|
e253b89858 | ||
|
b85aac9ba1 | ||
|
329fbac404 | ||
|
70bfb03e88 | ||
|
7ec5830169 | ||
|
9d9925621a | ||
|
4e8369705d | ||
|
ac59f93e63 | ||
|
aa418869b3 | ||
|
6de5029c49 | ||
|
53ea447ab7 | ||
|
31b76f1ffe | ||
|
f3e9c644e3 | ||
|
7640c69d79 | ||
|
57455eb897 | ||
|
dca6813d6b | ||
|
858ab1cfd6 | ||
|
2e53fd2e51 | ||
|
369ce1c60c | ||
|
14ca8b461b | ||
|
aca0b1e6ec | ||
|
d8954ec8dd | ||
|
8157cd4fe3 | ||
|
6eaddd970a | ||
|
e658209d56 | ||
|
bb2e88cec2 | ||
|
e31cc686f2 | ||
|
76dc7b92e1 | ||
|
6c2d1108a4 | ||
|
e2cce7daa8 | ||
|
55c64d8dff | ||
|
bd77b89fea | ||
|
48b360439c | ||
|
e504def824 | ||
|
5eaf104efe | ||
|
6510f269f6 | ||
|
dd532d4738 | ||
|
a2b45e00c7 | ||
|
0ce3fb1c94 | ||
|
40c5419a75 | ||
|
03fb70efa4 | ||
|
50aa13c3b4 | ||
|
01c6148056 | ||
|
71b4191095 | ||
|
f946ea4bb9 | ||
|
26b35120ad | ||
|
379b9a727a | ||
|
edcf39daf5 | ||
|
9a1ea4f0d8 | ||
|
640f8d5ded | ||
|
f2a970406b | ||
|
acab8667db | ||
|
47c1a482ef | ||
|
f3d6eaa12e | ||
|
bed10d1fca | ||
|
1b741c7cc1 | ||
|
e3190b244f | ||
|
af87d5958a | ||
|
9b575e4f3f | ||
|
8a791b754e | ||
|
3650d4befe | ||
|
75e54bbb90 | ||
|
29a95ea311 | ||
|
67475f768e | ||
|
fe76516790 | ||
|
9c59b96add | ||
|
9aea69e799 | ||
|
2166bfd1ee | ||
|
dcc5a543ae | ||
|
d9baa2e108 | ||
|
fcd81d486d | ||
|
946b42808b | ||
|
1d69c9c824 | ||
|
30c874de01 | ||
|
490146ff34 | ||
|
5df123f3a4 | ||
|
9f3daab64f | ||
|
744d8fe379 |
|
@ -9,7 +9,7 @@ task:
|
|||
|
||||
container:
|
||||
# Defined in https://github.com/nix-community/docker-nixpkgs
|
||||
image: nixpkgs/nix-flakes:nixos-22.11
|
||||
image: nixpkgs/nix-flakes:nixos-23.11
|
||||
|
||||
matrix:
|
||||
- name: modules_test
|
||||
|
@ -27,7 +27,6 @@ task:
|
|||
- scenario: default
|
||||
- scenario: netns
|
||||
- scenario: netnsRegtest
|
||||
- scenario: trustedcoin
|
||||
# This script is run as root
|
||||
build_script:
|
||||
- echo "sandbox = true" >> /etc/nix/nix.conf
|
||||
|
|
10
README.md
10
README.md
|
@ -79,7 +79,7 @@ NixOS modules ([src](modules/modules.nix))
|
|||
* [prometheus](https://github.com/lightningd/plugins/tree/master/prometheus): lightning node exporter for the prometheus timeseries server
|
||||
* [rebalance](https://github.com/lightningd/plugins/tree/master/rebalance): keeps your channels balanced
|
||||
* [summary](https://github.com/lightningd/plugins/tree/master/summary): print a nice summary of the node status
|
||||
* [trustedcoin](https://github.com/nbd-wtf/trustedcoin) [[experimental](docs/services.md#trustedcoin-hints)]: replaces bitcoind with trusted public explorers
|
||||
* [trustedcoin](https://github.com/nbd-wtf/trustedcoin) ([experimental](docs/services.md#trustedcoin)): replaces bitcoind with trusted public explorers
|
||||
* [zmq](https://github.com/lightningd/plugins/tree/master/zmq): publishes notifications via ZeroMQ to configured endpoints
|
||||
* [clightning-rest](https://github.com/Ride-The-Lightning/c-lightning-REST): REST server for clightning
|
||||
* [lnd](https://github.com/lightningnetwork/lnd) with support for announcing an onion service and [static channel backups](https://github.com/lightningnetwork/lnd/blob/master/docs/recovery.md)
|
||||
|
@ -90,7 +90,7 @@ NixOS modules ([src](modules/modules.nix))
|
|||
clightning [via WireGuard](./docs/services.md#use-zeus-mobile-lightning-wallet-via-wireguard) or
|
||||
[Tor](./docs/services.md#use-zeus-mobile-lightning-wallet-via-tor)
|
||||
* [Ride The Lightning](https://github.com/Ride-The-Lightning/RTL): web interface for `lnd` and `clightning`
|
||||
* [spark-wallet](https://github.com/shesek/spark-wallet)
|
||||
* [mempool](https://github.com/mempool/mempool): Bitcoin visualizer, explorer, and API service
|
||||
* [electrs](https://github.com/romanz/electrs): Electrum server
|
||||
* [fulcrum](https://github.com/cculianu/Fulcrum): Electrum server (see [the module](modules/fulcrum.nix) for a comparison with electrs)
|
||||
* [btcpayserver](https://github.com/btcpayserver/btcpayserver)
|
||||
|
@ -104,12 +104,6 @@ NixOS modules ([src](modules/modules.nix))
|
|||
* [backups](modules/backups.nix): duplicity backups of all your node's important files
|
||||
* [operator](modules/operator.nix): configures a non-root user who has access to client tools (e.g. `bitcoin-cli`, `lightning-cli`)
|
||||
|
||||
### Extension modules
|
||||
Extension modules are maintained in separate repositories and have their own review
|
||||
and release process.
|
||||
|
||||
* [Mempool](https://github.com/fort-nix/nix-bitcoin-mempool): Bitcoin visualizer, explorer and API service
|
||||
|
||||
Security
|
||||
---
|
||||
See [SECURITY.md](SECURITY.md) for the security policy and how to report a vulnerability.
|
||||
|
|
|
@ -45,7 +45,7 @@ all other security vulnerabilities.
|
|||
| Type | Description | Examples |
|
||||
| :-: | :-: | :-: |
|
||||
| Outright Vulnerabilities | Vulnerabilities in nix-bitcoin specific tooling (except CI tooling) | privilege escalation in SUID binary `netns-exec`, improper release signature verification through `fetch-release` |
|
||||
| Violations of [PoLP](https://en.wikipedia.org/wiki/Principle_of_least_privilege) | nix-bitcoin services are given too much privilege over the system or unnecessary access to other nix-bitcoin services, or one of the nix-bitcoin isolation measures is incorrectly implemented | `netns-isolation` doesn't work, spark-wallet has access to bitcoin RPC interface or files |
|
||||
| Violations of [PoLP](https://en.wikipedia.org/wiki/Principle_of_least_privilege) | nix-bitcoin services are given too much privilege over the system or unnecessary access to other nix-bitcoin services, or one of the nix-bitcoin isolation measures is incorrectly implemented | `netns-isolation` doesn't work, RTL has access to bitcoin RPC interface or files |
|
||||
| Vulnerabilities in Dependencies | A vulnerability in any dependency of a nix-bitcoin installation with a configuration consisting of any combination of the following services: bitcoind, clightning, lnd, electrs, joinmarket, btcpayserver, liquidd.<br />**Note:** The vulnerability must first be reported to and handled by the maintainers of the dependency before it qualifies for a reward| Compromised NixOS expression pulls in malicious package, JoinMarket pulls in a python dependency with a known severe vulnerability |
|
||||
| Bad Documentation | Our documentation suggests blatantly insecure things | `install.md` tells you to add our SSH keys to your root user |
|
||||
| Compromise of Signing Key | Compromise of the nix-bitcoin signing key, i.e., `0xB1A70E4F8DCD0366` | Leaking the key, managing to sign something with it |
|
||||
|
|
|
@ -101,4 +101,5 @@ It's easiest to use an existing service as a template:
|
|||
- [flake.nix](../flake.nix): update `nixpkgs.url`
|
||||
- [cirrus.yml](../.cirrus.yml): update toplevel container -> image attribute
|
||||
- [examples/configuration.nix](../examples/configuration.nix): update `system.stateVersion`
|
||||
- [examples/flakes/flake.nix](../examples/flakes/flake.nix): update `inputs.nix-bitcoin.url`
|
||||
- Treewide: check if any `TODO-EXTERNAL` comments can be resolved
|
||||
|
|
|
@ -127,22 +127,6 @@ c systemctl status clightning-rest
|
|||
c journalctl -u clightning-rest
|
||||
c systemctl status clightning-rest-migrate-datadir
|
||||
|
||||
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
|
||||
# spark-wallet
|
||||
|
||||
run-tests.sh -s "{
|
||||
services.spark-wallet.enable = true;
|
||||
test.container.exposeLocalhost = true;
|
||||
}" container
|
||||
|
||||
c systemctl status spark-wallet
|
||||
c journalctl -u spark-wallet
|
||||
|
||||
sparkAuth=$(c cat /secrets/spark-wallet-login | grep -ohP '(?<=login=).*')
|
||||
curl -v http://$sparkAuth@$ip:9737
|
||||
# Open in browser
|
||||
runuser -u "$(logname)" -- xdg-open http://$sparkAuth@$ip:9737
|
||||
|
||||
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
|
||||
# electrs
|
||||
|
||||
|
@ -291,9 +275,18 @@ c journalctl -u joinmarket-ob-watcher
|
|||
c journalctl -f -u joinmarket-ob-watcher
|
||||
|
||||
# Check webinterface
|
||||
c curl localhost:62601
|
||||
c curl 127.0.0.1:62601
|
||||
nix run --inputs-from . nixpkgs#lynx -- --dump $ip:62601
|
||||
c curl -s localhost:62601 | grep -i "orders found"
|
||||
c curl -s 127.0.0.1:62601 | grep -i "orders found"
|
||||
|
||||
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
|
||||
# trustedcoin
|
||||
run-tests.sh -s trustedcoin-online container
|
||||
|
||||
c systemctl start clightning
|
||||
c journalctl -u clightning -f
|
||||
# This should show log msgs like
|
||||
# plugin-trustedcoin returning block 801409, 0000000000000000000482ddc4…, 1483968 bytes
|
||||
|
||||
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
|
||||
# rtl
|
||||
|
|
|
@ -37,7 +37,7 @@ with lib;
|
|||
extraConfig.Settings.themeColor = "INDIGO";
|
||||
};
|
||||
# nodes.lnd.enable = false;
|
||||
# services.rtl.nodes.reverseOrder = true;
|
||||
# nodes.reverseOrder = true;
|
||||
nightTheme = true;
|
||||
extraCurrency = "CHF";
|
||||
};
|
||||
|
@ -75,4 +75,34 @@ with lib;
|
|||
};
|
||||
nix-bitcoin.nodeinfo.enable = true;
|
||||
};
|
||||
|
||||
trustedcoin-online = {
|
||||
services.clightning = {
|
||||
enable = true;
|
||||
tor.proxy = true;
|
||||
plugins.trustedcoin.enable = true;
|
||||
plugins.trustedcoin.tor.proxy = false;
|
||||
};
|
||||
|
||||
# Don't run clightning on startup.
|
||||
# This breaks the follwing dependency cycle:
|
||||
# clightning
|
||||
# -> network (trustedcoin fails and exits clightning without network access)
|
||||
# -> multi-user.target (NixOS containers only gain network access after multi-user.target has completed)
|
||||
# -> clightning
|
||||
systemd.services.clightning.wantedBy = mkForce [];
|
||||
|
||||
test.container.enableWAN = true;
|
||||
};
|
||||
|
||||
mempool-regtest = {
|
||||
imports = [
|
||||
scenarios.regtestBase
|
||||
];
|
||||
services.mempool = {
|
||||
enable = true;
|
||||
frontend.address = "0.0.0.0";
|
||||
};
|
||||
nix-bitcoin.nodeinfo.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
22
dev/topics/mempool.sh
Normal file
22
dev/topics/mempool.sh
Normal file
|
@ -0,0 +1,22 @@
|
|||
# Start mempool container
|
||||
run-tests.sh -s mempool-regtest container
|
||||
|
||||
c systemctl status mempool
|
||||
c systemctl status mysql
|
||||
c nodeinfo
|
||||
|
||||
# Check backend
|
||||
c curl -fsS localhost:8999/api/v1/blocks/1 | jq
|
||||
c curl -fsS localhost:8999/api/v1/blocks/tip/height | jq
|
||||
c curl -fsS localhost:8999/api/v1/address/1CGG9qVq2P6F7fo6sZExvNq99Jv2GDpaLE | jq
|
||||
|
||||
# Check frontend
|
||||
c curl -fsS localhost:60845
|
||||
c curl -fsS localhost:60845/api/mempool | jq
|
||||
c curl -fsS localhost:60845/api/blocks/1 | jq
|
||||
c curl -fsS localhost:60845/api/v1/blocks/1 | jq
|
||||
c curl -fsS localhost:60845/api/blocks/tip/height | jq
|
||||
|
||||
# Open frontend
|
||||
# shellcheck disable=SC2154
|
||||
runuser -u "$(logname)" -- xdg-open "http://$ip:60845/"
|
|
@ -30,7 +30,7 @@ runuser -u "$(logname)" -- xdg-open "http://$ip:3000"
|
|||
rtl_src=~/s/RTL
|
||||
git clone https://github.com/Ride-The-Lightning/RTL "$rtl_src"
|
||||
|
||||
nix build -o /tmp/nix-bitcoin-dev/nodejs --inputs-from . nixpkgs#nodejs-16_x
|
||||
nix build -o /tmp/nix-bitcoin-dev/nodejs --inputs-from . nixpkgs#nodejs-18_x
|
||||
# Start a shell in a sandbox
|
||||
env --chdir "$rtl_src" nix-bitcoin-firejail --whitelist="$rtl_src" --whitelist=/tmp/nix-bitcoin-dev/nodejs
|
||||
PATH=/tmp/nix-bitcoin-dev/nodejs/bin:"$PATH"
|
||||
|
|
|
@ -2,7 +2,7 @@ Hardware requirements
|
|||
---
|
||||
* RAM: 2GB. ECC memory is better. Additionally, it's recommended to use DDR4 memory with
|
||||
targeted row refresh (TRR) enabled (https://rambleed.com/).
|
||||
* Disk space: 500 GB (400GB for Bitcoin blockchain + some room) for an unpruned
|
||||
* Disk space: 1 TB for an unpruned
|
||||
instance of Bitcoin Core.
|
||||
* This can be significantly lowered by enabling pruning.
|
||||
Note: Pruning is not supported by `electrs` and `fulcrum`.
|
||||
|
|
|
@ -20,16 +20,16 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht
|
|||
1. Obtain latest [NixOS](https://nixos.org/nixos/download.html). For example:
|
||||
|
||||
```
|
||||
wget https://releases.nixos.org/nixos/20.09/nixos-20.09.2405.e065200fc90/nixos-minimal-20.09.2405.e065200fc90-i686-linux.iso
|
||||
sha256sum nixos-minimal-20.09.2405.e065200fc90-x86_64-linux.iso
|
||||
# output: 5fc182e27a71a297b041b5c287558b21bdabde7068d4fc049752dad3025df867
|
||||
wget https://releases.nixos.org/nixos/23.11/nixos-23.11.1494.b4372c4924d9/nixos-minimal-23.11.1494.b4372c4924d9-x86_64-linux.iso
|
||||
sha256sum nixos-minimal-23.11.1494.b4372c4924d9-x86_64-linux.iso
|
||||
# output: f48cf810432c1f04b291c947b36f824823dfef8ebfa0e1906602a516450189d8
|
||||
```
|
||||
Alternatively you can build NixOS from source by following the instructions at https://nixos.org/nixos/manual/index.html#sec-building-cd.
|
||||
|
||||
2. Write NixOS iso to install media (USB/CD). For example:
|
||||
|
||||
```
|
||||
cp nixos-minimal-20.09.2405.e065200fc90-x86_64-linux.iso /dev/sdX
|
||||
cp nixos-minimal-23.05.3701.e9b4b56e5a20-x86_64-linux.iso /dev/sdX
|
||||
```
|
||||
|
||||
Replace /dev/sdX with the correct device name. You can find this using `sudo fdisk -l`
|
||||
|
@ -210,31 +210,21 @@ You can also build Nix from source by following the instructions at https://nixo
|
|||
1. Clone this project
|
||||
|
||||
```
|
||||
cd
|
||||
git clone https://github.com/fort-nix/nix-bitcoin
|
||||
```
|
||||
|
||||
2. Obtain the hash of the latest nix-bitcoin release
|
||||
2. Create a new directory for your nix-bitcoin node config and copy initial files from nix-bitcoin
|
||||
|
||||
```
|
||||
cd nix-bitcoin/examples
|
||||
nix-shell
|
||||
```
|
||||
|
||||
This will download the nix-bitcoin dependencies and might take a while without giving an output.
|
||||
Now in the nix-shell run
|
||||
|
||||
```
|
||||
fetch-release > nix-bitcoin-release.nix
|
||||
```
|
||||
|
||||
3. Create a new directory for your nix-bitcoin deployment and copy initial files from nix-bitcoin
|
||||
|
||||
```
|
||||
cd ../../
|
||||
mkdir nix-bitcoin-node
|
||||
cd nix-bitcoin-node
|
||||
cp -r ../nix-bitcoin/examples/{nix-bitcoin-release.nix,configuration.nix,shell.nix,krops,.gitignore} .
|
||||
cp -r ../nix-bitcoin/examples/{configuration.nix,shell.nix,krops,.gitignore} .
|
||||
```
|
||||
|
||||
3. Obtain the hash of the latest nix-bitcoin release
|
||||
|
||||
```
|
||||
../nix-bitcoin/helper/fetch-release > nix-bitcoin-release.nix
|
||||
```
|
||||
|
||||
#### Optional: Specify the system of your node
|
||||
|
|
|
@ -128,7 +128,7 @@ yourself with custom permissions.
|
|||
Normally you would connect to RTL via SSH tunneling with a command like this
|
||||
|
||||
```
|
||||
ssh -L 3000:localhost:3000 root@bitcoin-node
|
||||
ssh -L 3000:127.0.0.1:3000 root@bitcoin-node
|
||||
```
|
||||
|
||||
Or like this, if you are using `netns-isolation`
|
||||
|
@ -291,49 +291,6 @@ Create a plain text URL:
|
|||
lndconnect-wg --url
|
||||
``````
|
||||
|
||||
# Connect to spark-wallet
|
||||
### Requirements
|
||||
* Android phone
|
||||
* [Orbot](https://guardianproject.info/apps/orbot/) installed from [F-Droid](https://guardianproject.info/fdroid) (recommended) or [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android&hl=en)
|
||||
* [Spark-wallet](https://github.com/shesek/spark-wallet) installed from [direct download](https://github.com/shesek/spark-wallet/releases) or [Google Play](https://play.google.com/store/apps/details?id=com.spark.wallet)
|
||||
|
||||
1. Enable spark-wallet in `configuration.nix`
|
||||
|
||||
Change
|
||||
```
|
||||
# services.spark-wallet.enable = true;
|
||||
```
|
||||
to
|
||||
```
|
||||
services.spark-wallet.enable = true;
|
||||
```
|
||||
|
||||
2. Deploy new `configuration.nix`
|
||||
|
||||
3. Enable Orbot VPN for spark-wallet
|
||||
|
||||
```
|
||||
Open Orbot app
|
||||
Turn on "VPN Mode"
|
||||
Select Gear icon under "Tor-Enabled Apps"
|
||||
Toggle checkbox under Spark icon
|
||||
```
|
||||
|
||||
4. Get the onion address, access key and QR access code for the spark wallet android app
|
||||
|
||||
```
|
||||
journalctl -eu spark-wallet
|
||||
```
|
||||
Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlighting the entire output to invert the colors.
|
||||
|
||||
5. Connect to spark-wallet android app
|
||||
|
||||
```
|
||||
Server Settings
|
||||
Scan QR
|
||||
Done
|
||||
```
|
||||
|
||||
# Connect to electrs
|
||||
### Requirements Android
|
||||
* Android phone
|
||||
|
@ -369,7 +326,7 @@ lndconnect-wg --url
|
|||
|
||||
On Desktop
|
||||
```
|
||||
electrum --oneserver -1 -s "<electrs onion address>:t" -p socks5:localhost:9050
|
||||
electrum --oneserver -1 -s "<electrs onion address>:t" -p socks5:127.0.0.1:9050
|
||||
```
|
||||
|
||||
On Android
|
||||
|
@ -408,11 +365,11 @@ lndconnect-wg --url
|
|||
4. Connect to your nix-bitcoin node's SSH onion service, forwarding a local port to the nix-bitcoin node's SSH server
|
||||
|
||||
```
|
||||
ssh -i ~/.ssh/id_ed25519 -L <random port of your choosing>:localhost:22 root@<SSH onion address>
|
||||
ssh -i ~/.ssh/id_ed25519 -L <random port of your choosing>:127.0.0.1:22 root@<SSH onion address>
|
||||
```
|
||||
|
||||
5. Edit your deployment tool's configuration and change the node's address to `localhost` and the ssh port to `<random port of your choosing>`.
|
||||
If you use krops as described in the [installation tutorial](./install.md), set `target = "localhost:<random port of your choosing>";` in `krops/deploy.nix`.
|
||||
5. Edit your deployment tool's configuration and change the node's address to `127.0.0.1` and the ssh port to `<random port of your choosing>`.
|
||||
If you use krops as described in the [installation tutorial](./install.md), set `target = "127.0.0.1:<random port of your choosing>";` in `krops/deploy.nix`.
|
||||
|
||||
6. After deploying the new configuration, it will connect through the SSH tunnel you established in step iv. This also allows you to do more complex SSH setups that some deployment tools don't support. An example would be authenticating with [Trezor's SSH agent](https://github.com/romanz/trezor-agent), which provides extra security.
|
||||
|
||||
|
@ -622,26 +579,18 @@ services.clightning = {
|
|||
|
||||
Please have a look at the module for a plugin (e.g. [prometheus.nix](../modules/clightning-plugins/prometheus.nix)) to learn its configuration options.
|
||||
|
||||
### Trustedcoin hints
|
||||
The [trustedcoin](https://github.com/nbd-wtf/trustedcoin) plugin use a Tor
|
||||
proxy for all of its external connections by default. That's why you can
|
||||
sometimes face issues with your connections to esploras getting blocked.
|
||||
|
||||
An example of clightning log error output in a case your connections are getting blocked:
|
||||
### Trustedcoin
|
||||
When `services.clightning.tor.proxy` is enabled, [trustedcoin](https://github.com/nbd-wtf/trustedcoin)
|
||||
also uses Tor for all external connections by default.
|
||||
In this case, connections to block explorers can sometimes get blocked.
|
||||
|
||||
An example of clightning log error output when connections are getting blocked:
|
||||
```
|
||||
lightningd[5138]: plugin-trustedcoin estimatefees error: https://blockstream.info/api error: 403 Forbidden
|
||||
lightningd[4933]: plugin-trustedcoin getblock error: got something that isn't a block hash: <html><head>...
|
||||
```
|
||||
|
||||
```
|
||||
lightningd[4933]: plugin-trustedcoin getblock error: got something that isn't a block hash: <html><head>
|
||||
lightningd[4933]: <meta http-equiv="content-type" content="text/html;
|
||||
```
|
||||
|
||||
If you face these issues and you still need to use trustedcoin, use can disable
|
||||
clightning's tor hardening by setting this option in your `configuration.nix`
|
||||
file:
|
||||
|
||||
```
|
||||
services.clightning.tor.enforce = false;
|
||||
To work around this and connect via clearnet instead, set this option:
|
||||
```nix
|
||||
services.clightning.plugins.trustedcoin.tor.proxy = false;
|
||||
```
|
||||
|
|
|
@ -23,9 +23,9 @@ cd nix-bitcoin/examples/
|
|||
nix-shell
|
||||
```
|
||||
|
||||
The following example scripts set up a nix-bitcoin node according to [`configuration.nix`](configuration.nix) and then
|
||||
The following example scripts set up a nix-bitcoin node according to [`./configuration.nix`](configuration.nix) and then
|
||||
shut down immediately. They leave no traces (outside of `/nix/store`) on the host system.\
|
||||
By default, [`configuration.nix`](configuration.nix) enables `bitcoind` and `clightning`.
|
||||
By default, [`./configuration.nix`](configuration.nix) enables `bitcoind` and `clightning`.
|
||||
|
||||
- [`./deploy-container.sh`](deploy-container.sh) creates a [NixOS container](https://github.com/erikarvstedt/extra-container).\
|
||||
This is the fastest way to set up a node.\
|
||||
|
@ -63,3 +63,9 @@ The commands in `shell.nix` allow you to locally run the node in a VM or contain
|
|||
|
||||
Flakes make it easy to include `nix-bitcoin` in an existing NixOS config.
|
||||
The [flakes example](./flakes/flake.nix) shows how to use `nix-bitcoin` as an input to a system flake.
|
||||
|
||||
### Extending nix-bitcoin with Flakes
|
||||
|
||||
The [mempool extension flake](https://github.com/fort-nix/nix-bitcoin-mempool) shows how to define new
|
||||
pkgs and modules in a Flake.\
|
||||
Since mempool is now a core nix-bitcoin module, this Flake just serves as an example.
|
||||
|
|
|
@ -126,11 +126,25 @@
|
|||
# Automatically enables lightning-loop.
|
||||
# services.rtl.nodes.lnd.loop = true;
|
||||
|
||||
### SPARK WALLET
|
||||
# Set this to enable spark-wallet, a minimalistic wallet GUI for
|
||||
# c-lightning, accessible over the web or through mobile and desktop apps.
|
||||
# Automatically enables clightning.
|
||||
# services.spark-wallet.enable = true;
|
||||
### MEMPOOL
|
||||
# Set this to enable mempool, a fully featured Bitcoin visualizer, explorer,
|
||||
# and API service.
|
||||
#
|
||||
# services.mempool.enable = true;
|
||||
#
|
||||
# Possible options for the Electrum backend server:
|
||||
#
|
||||
# - electrs (enabled by default):
|
||||
# Small database size, slow when querying new addresses.
|
||||
#
|
||||
# - fulcrum:
|
||||
# Large database size, quickly serves arbitrary address queries.
|
||||
# Enable with:
|
||||
# services.mempool.electrumServer = "fulcrum";
|
||||
#
|
||||
# Set this to create an onion service to make the mempool web interface
|
||||
# available via Tor:
|
||||
# nix-bitcoin.onionServices.mempool-frontend.enable = true;
|
||||
|
||||
### ELECTRS
|
||||
# Set this to enable electrs, an Electrum server implemented in Rust.
|
||||
|
@ -236,6 +250,12 @@
|
|||
# Set this to enable the JoinMarket order book watcher.
|
||||
# services.joinmarket-ob-watcher.enable = true;
|
||||
|
||||
### Nodeinfo
|
||||
# Set this to add command `nodeinfo` to the system environment.
|
||||
# It shows info about running services like onion addresses and local addresses.
|
||||
# It is enabled by default when importing `secure-node.nix`.
|
||||
# nix-bitcoin.nodeinfo.enable = true;
|
||||
|
||||
### Backups
|
||||
# Set this to enable nix-bitcoin's own backup service. By default, it
|
||||
# uses duplicity to incrementally back up all important files in /var/lib to
|
||||
|
@ -271,7 +291,7 @@
|
|||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
passwordAuthentication = false;
|
||||
settings.PasswordAuthentication = false;
|
||||
};
|
||||
users.users.root = {
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
@ -298,7 +318,7 @@
|
|||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
system.stateVersion = "23.11"; # Did you read the comment?
|
||||
|
||||
# The nix-bitcoin release version that your config is compatible with.
|
||||
# When upgrading to a backwards-incompatible release, nix-bitcoin will display an
|
||||
|
|
|
@ -87,6 +87,7 @@ read -rd '' src <<EOF || true
|
|||
};
|
||||
}
|
||||
EOF
|
||||
. "${BASH_SOURCE[0]%/*}"/../test/lib/extra-container-check-version.sh
|
||||
extra-container shell -E "$src" "${runCmd[@]}"
|
||||
|
||||
# The container is automatically deleted at exit
|
||||
|
|
|
@ -1,11 +1,23 @@
|
|||
# This is a system configuration template that uses nix-bitcoin.
|
||||
#
|
||||
# You can adapt this to an existing system flake by copying the parts
|
||||
# relevant to nix-bitcoin.
|
||||
#
|
||||
# Make sure to check and edit all lines marked by 'FIXME:'
|
||||
|
||||
{
|
||||
description = "A basic nix-bitcoin node";
|
||||
|
||||
inputs.nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release";
|
||||
# You can also use a version branch to track a specific NixOS release
|
||||
# inputs.nix-bitcoin.url = "github:fort-nix/nix-bitcoin/nixos-23.11";
|
||||
|
||||
outputs = { self, nix-bitcoin }: {
|
||||
inputs.nixpkgs.follows = "nix-bitcoin/nixpkgs";
|
||||
inputs.nixpkgs-unstable.follows = "nix-bitcoin/nixpkgs-unstable";
|
||||
|
||||
nixosConfigurations.mynode = nix-bitcoin.inputs.nixpkgs.lib.nixosSystem {
|
||||
outputs = { self, nixpkgs, nix-bitcoin, ... }: {
|
||||
|
||||
nixosConfigurations.mynode = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
nix-bitcoin.nixosModules.default
|
||||
|
@ -21,21 +33,25 @@
|
|||
# The secrets are stored in /etc/nix-bitcoin-secrets
|
||||
nix-bitcoin.generateSecrets = true;
|
||||
|
||||
# Enable services.
|
||||
# Enable some services.
|
||||
# See ../configuration.nix for all available features.
|
||||
services.bitcoind.enable = true;
|
||||
services.clightning.enable = true;
|
||||
|
||||
# When using nix-bitcoin as part of a larger NixOS configuration, set the following to enable
|
||||
# interactive access to nix-bitcoin features (like bitcoin-cli) for your system's main user
|
||||
nix-bitcoin.operator = {
|
||||
enable = true;
|
||||
name = "main"; # Set this to your system's main user
|
||||
# FIXME: Set this to your system's main user
|
||||
name = "main";
|
||||
};
|
||||
|
||||
# The system's main unprivileged user. This setting is usually part of your
|
||||
# existing NixOS configuration.
|
||||
# The system's main unprivileged user.
|
||||
# In an existing NixOS configuration, this setting is usually already defined.
|
||||
users.users.main = {
|
||||
isNormalUser = true;
|
||||
# FIXME: This is unsafe. Use `hashedpassword` or `passwordFile` instead in a real
|
||||
# deployment: https://search.nixos.org/options?show=users.users.%3Cname%3E.hashedPassword
|
||||
password = "a";
|
||||
};
|
||||
|
||||
|
|
|
@ -3,6 +3,5 @@
|
|||
./configuration.nix
|
||||
<nix-bitcoin/modules/deployment/krops.nix>
|
||||
<qemu-vm/vm-config.nix>
|
||||
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
|
||||
];
|
||||
}
|
||||
|
|
|
@ -40,10 +40,11 @@ rec {
|
|||
|
||||
Welcome to nix-bitcoin!
|
||||
To explore running services, try the following commands:
|
||||
- nodeinfo
|
||||
- systemctl status bitcoind
|
||||
- systemctl status clightning
|
||||
- lightning-cli getinfo
|
||||
nodeinfo
|
||||
systemctl status bitcoind
|
||||
systemctl status clightning
|
||||
bitcoin-cli -getinfo
|
||||
lightning-cli getinfo
|
||||
'';
|
||||
|
||||
# Power off VM when the user exits the shell
|
||||
|
|
26
flake.lock
26
flake.lock
|
@ -10,11 +10,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1679648217,
|
||||
"narHash": "sha256-aq2J5Hj5IE8X8X/7v3n0wcv8n+FLzzENbcCF9xqhxAc=",
|
||||
"lastModified": 1699821751,
|
||||
"narHash": "sha256-UlId5jvJFmkVcKpn0oZ2VTvWAc/mZy6butRZGk73xXM=",
|
||||
"owner": "erikarvstedt",
|
||||
"repo": "extra-container",
|
||||
"rev": "40c73f5e3292e73d6ce91625d9751be84fde17cb",
|
||||
"rev": "842912907bf189ef17a80ca09ba37b6bdfc76c49",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -28,11 +28,11 @@
|
|||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
|
||||
"lastModified": 1701680307,
|
||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
|
||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -43,27 +43,27 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1681482634,
|
||||
"narHash": "sha256-cT/nr3L8khEYZSGp8qqwxFH+/q4/547MfyOdSj6MhBk=",
|
||||
"lastModified": 1702233072,
|
||||
"narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "fda0d99c2cbbb5c89d8855d258cb0821bd9113ad",
|
||||
"rev": "781e2a9797ecf0f146e81425c822dca69fe4a348",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-22.11",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1681571934,
|
||||
"narHash": "sha256-Q3B3HTqhTahhPCT53ahK1FPktOXlEWmudSttd9CWGbE=",
|
||||
"lastModified": 1701336116,
|
||||
"narHash": "sha256-kEmpezCR/FpITc6yMbAh4WrOCiT2zg5pSjnKrq51h5Y=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "29176972b4be60f7d3eb3101f696c99f2e6ada57",
|
||||
"rev": "f5c27c6136db4d76c30e533c20517df6864c46ee",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
'';
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
extra-container = {
|
||||
|
|
Binary file not shown.
|
@ -6,42 +6,45 @@ BRANCH=master
|
|||
GIT_REMOTE=origin
|
||||
OAUTH_TOKEN=
|
||||
DRY_RUN=
|
||||
TAG_NAME=
|
||||
releaseVersion=
|
||||
|
||||
trap 'echo "Error at ${BASH_SOURCE[0]}:$LINENO"' ERR
|
||||
|
||||
cd "${BASH_SOURCE[0]%/*}"
|
||||
|
||||
for arg in "$@"; do
|
||||
case $arg in
|
||||
--dry-run|-n)
|
||||
DRY_RUN=1
|
||||
;;
|
||||
*)
|
||||
TAG_NAME="$arg"
|
||||
releaseVersion="$arg"
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ ! $TAG_NAME ]]; then
|
||||
echo "$0 [--dry-run|-n] <tag_name>"
|
||||
exit
|
||||
latestVersion=$(curl -fsS https://api.github.com/repos/$REPO/releases/latest | jq -r '.tag_name' | tail -c +2)
|
||||
|
||||
if [[ ! $releaseVersion ]]; then
|
||||
# Increment the lowest/last part of `latestVersion`
|
||||
releaseVersion=$(echo "$latestVersion" | awk -F. '/[0-9]+\./{$NF++;print}' OFS=.)
|
||||
fi
|
||||
|
||||
if [[ $DRY_RUN ]]; then
|
||||
echo "Dry run"
|
||||
else
|
||||
OAUTH_TOKEN=$(pass show nix-bitcoin/github/oauth-token)
|
||||
if [[ ! $OAUTH_TOKEN ]]; then
|
||||
echo "Please set OAUTH_TOKEN variable"
|
||||
echo "Error fetching OAUTH_TOKEN"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
cd "${BASH_SOURCE[0]%/*}"
|
||||
|
||||
RESPONSE=$(curl https://api.github.com/repos/$REPO/releases/latest 2> /dev/null)
|
||||
echo "Latest release" "$(echo "$RESPONSE" | jq -r '.tag_name' | tail -c +2)"
|
||||
echo "Latest release: $latestVersion"
|
||||
|
||||
if [[ ! $DRY_RUN ]]; then
|
||||
while true; do
|
||||
read -rp "Create release ${TAG_NAME}? [yn] " yn
|
||||
read -rp "Create release ${releaseVersion}? [yn] " yn
|
||||
case $yn in
|
||||
[Yy]* ) break;;
|
||||
[Nn]* ) exit;;
|
||||
|
@ -50,9 +53,16 @@ if [[ ! $DRY_RUN ]]; then
|
|||
done
|
||||
fi
|
||||
|
||||
nixosVersion=$(sed -nE 's|.*system.stateVersion = "(.*?)".*|\1|p' ../examples/configuration.nix)
|
||||
if [[ ! $nixosVersion ]]; then
|
||||
echo "Error fetching NixOS version"
|
||||
exit 1
|
||||
fi
|
||||
nixosVersionBranch=nixos-$nixosVersion
|
||||
|
||||
TMPDIR=$(mktemp -d)
|
||||
if [[ ! $DRY_RUN ]]; then trap 'rm -rf $TMPDIR' EXIT; fi
|
||||
ARCHIVE_NAME=nix-bitcoin-$TAG_NAME.tar.gz
|
||||
ARCHIVE_NAME=nix-bitcoin-$releaseVersion.tar.gz
|
||||
ARCHIVE=$TMPDIR/$ARCHIVE_NAME
|
||||
|
||||
# Need to be in the repo root directory for archiving
|
||||
|
@ -70,12 +80,16 @@ nix hash to-sri --type sha256 "$(nix-prefetch-url --unpack "file://$ARCHIVE" 2>
|
|||
gpg -o nar-hash.txt.asc -a --detach-sig nar-hash.txt
|
||||
|
||||
if [[ $DRY_RUN ]]; then
|
||||
echo "Created v$TAG_NAME in $TMPDIR"
|
||||
echo "Created v$releaseVersion in $TMPDIR"
|
||||
echo "NixOS version branch: $nixosVersionBranch"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
POST_DATA="{ \"tag_name\": \"v$TAG_NAME\", \"name\": \"nix-bitcoin-$TAG_NAME\", \"body\": \"nix-bitcoin-$TAG_NAME\", \"target_comitish\": \"$BRANCH\" }"
|
||||
RESPONSE=$(curl -H "Authorization: token $OAUTH_TOKEN" -d "$POST_DATA" https://api.github.com/repos/$REPO/releases 2> /dev/null)
|
||||
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
|
||||
# Create release
|
||||
|
||||
POST_DATA="{ \"tag_name\": \"v$releaseVersion\", \"name\": \"nix-bitcoin-$releaseVersion\", \"body\": \"nix-bitcoin-$releaseVersion\", \"target_comitish\": \"$BRANCH\" }"
|
||||
RESPONSE=$(curl -fsS -H "Authorization: token $OAUTH_TOKEN" -d "$POST_DATA" https://api.github.com/repos/$REPO/releases)
|
||||
ID=$(echo "$RESPONSE" | jq -r '.id')
|
||||
if [[ $ID == null ]]; then
|
||||
echo "Failed to create release with $POST_DATA"
|
||||
|
@ -84,8 +98,8 @@ fi
|
|||
|
||||
post_asset() {
|
||||
GH_ASSET="https://uploads.github.com/repos/$REPO/releases/$ID/assets?name="
|
||||
curl -H "Authorization: token $OAUTH_TOKEN" --data-binary "@$1" -H "Content-Type: application/octet-stream" \
|
||||
"$GH_ASSET/$(basename "$1")" &> /dev/null
|
||||
curl -fsS -H "Authorization: token $OAUTH_TOKEN" --data-binary "@$1" -H "Content-Type: application/octet-stream" \
|
||||
"$GH_ASSET/$(basename "$1")"
|
||||
}
|
||||
post_asset nar-hash.txt
|
||||
post_asset nar-hash.txt.asc
|
||||
|
@ -98,7 +112,8 @@ post_asset "$SHA256SUMS.asc"
|
|||
popd >/dev/null
|
||||
|
||||
if [[ ! $DRY_RUN ]]; then
|
||||
git push "$GIT_REMOTE" "${BRANCH}:release"
|
||||
git push "$GIT_REMOTE" "$BRANCH:release"
|
||||
git push "$GIT_REMOTE" "$BRANCH:$nixosVersionBranch"
|
||||
fi
|
||||
|
||||
echo "Successfully created" "$(echo "$POST_DATA" | jq -r .tag_name)"
|
||||
|
|
|
@ -1,3 +1,5 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# The file that defines the derivation that should be updated
|
||||
|
|
|
@ -49,7 +49,7 @@ let
|
|||
|
||||
cfg = config.services.backups;
|
||||
|
||||
# Potential backup file paths are are matched against filelist
|
||||
# Potential backup file paths are matched against filelist
|
||||
# entries from top to bottom.
|
||||
# The first match determines inclusion or exclusion.
|
||||
filelist = builtins.toFile "filelist.txt" ''
|
||||
|
@ -106,7 +106,7 @@ in {
|
|||
|
||||
systemd.services.duplicity = {
|
||||
wants = postgresqlBackupServices;
|
||||
after = postgresqlBackupServices;
|
||||
after = postgresqlBackupServices ++ [ "nix-bitcoin-secrets.target" ];
|
||||
};
|
||||
|
||||
services.postgresqlBackup = {
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
[
|
||||
"echo"
|
||||
"getinfo"
|
||||
"getindexinfo"
|
||||
"help"
|
||||
"ping"
|
||||
"uptime"
|
||||
|
|
|
@ -414,6 +414,8 @@ in {
|
|||
# Enable RPC access for group
|
||||
postStart = ''
|
||||
chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
|
||||
'' + (optionalString cfg.regtest) ''
|
||||
chmod g=x '${cfg.dataDir}/regtest'
|
||||
'';
|
||||
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
|
|
|
@ -138,16 +138,16 @@ in {
|
|||
enable = true;
|
||||
ensureDatabases = [ "btcpaydb" "nbxplorer" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = cfg.btcpayserver.user;
|
||||
ensurePermissions."DATABASE btcpaydb" = "ALL PRIVILEGES";
|
||||
}
|
||||
{
|
||||
name = cfg.nbxplorer.user;
|
||||
ensurePermissions."DATABASE nbxplorer" = "ALL PRIVILEGES";
|
||||
}
|
||||
{ name = cfg.btcpayserver.user; }
|
||||
{ name = cfg.nbxplorer.user; }
|
||||
];
|
||||
};
|
||||
systemd.services.postgresql.postStart = lib.mkAfter ''
|
||||
$PSQL -tAc '
|
||||
ALTER DATABASE "btcpaydb" OWNER TO "${cfg.btcpayserver.user}";
|
||||
ALTER DATABASE "nbxplorer" OWNER TO "${cfg.nbxplorer.user}";
|
||||
'
|
||||
'';
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '${cfg.nbxplorer.dataDir}' 0770 ${cfg.nbxplorer.user} ${cfg.nbxplorer.group} - -"
|
||||
|
@ -174,7 +174,7 @@ in {
|
|||
in rec {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "bitcoind.service" "postgresql.service" ] ++ optional cfg.btcpayserver.lbtc "liquidd.service";
|
||||
after = requires;
|
||||
after = requires ++ [ "nix-bitcoin-secrets.target" ];
|
||||
preStart = ''
|
||||
install -m 600 ${configFile} '${cfg.nbxplorer.dataDir}/settings.config'
|
||||
{
|
||||
|
|
|
@ -56,6 +56,7 @@ let cfg = config.services.clightning.plugins.clboss; in
|
|||
clboss-max-channel=${toString cfg.max-channel}
|
||||
clboss-zerobasefee=${cfg.zerobasefee}
|
||||
'';
|
||||
|
||||
systemd.services.clightning.path = [
|
||||
pkgs.dnsutils
|
||||
] ++ optional config.services.clightning.tor.proxy (hiPrio config.nix-bitcoin.torify);
|
||||
|
|
|
@ -5,24 +5,36 @@ let cfg = config.services.clightning.plugins.trustedcoin; in
|
|||
{
|
||||
options.services.clightning.plugins.trustedcoin = {
|
||||
enable = mkEnableOption "Trustedcoin (clightning plugin)";
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = config.nix-bitcoin.pkgs.trustedcoin;
|
||||
defaultText = "config.nix-bitcoin.pkgs.trustedcoin";
|
||||
description = mdDoc "The package providing trustedcoin binaries.";
|
||||
};
|
||||
|
||||
tor.proxy = mkOption {
|
||||
type = types.bool;
|
||||
default = config.services.clightning.tor.proxy;
|
||||
description = mdDoc "Whether to proxy outgoing connections with Tor.";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.clightning.extraConfig = ''
|
||||
plugin=${cfg.package}/bin/trustedcoin
|
||||
disable-plugin=bcli
|
||||
'';
|
||||
services.clightning = {
|
||||
useBcliPlugin = false;
|
||||
extraConfig = ''
|
||||
plugin=${cfg.package}/bin/trustedcoin
|
||||
'';
|
||||
tor.enforce = mkIf (!cfg.tor.proxy) false;
|
||||
};
|
||||
|
||||
# Trustedcoin does not honor the clightning's proxy configuration.
|
||||
# Ref.: https://github.com/nbd-wtf/trustedcoin/pull/19
|
||||
systemd.services.clightning.environment = mkIf (config.services.clightning.proxy != null) {
|
||||
HTTPS_PROXY = "socks5://${config.services.clightning.proxy}";
|
||||
systemd.services.clightning.environment = mkIf (cfg.tor.proxy) {
|
||||
HTTPS_PROXY = let
|
||||
clnProxy = config.services.clightning.proxy;
|
||||
proxy = if clnProxy != null then clnProxy else config.nix-bitcoin.torClientAddressWithPort;
|
||||
in
|
||||
"socks5://${proxy}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -97,6 +97,7 @@ in {
|
|||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
ReadWritePaths = [ cfg.dataDir ];
|
||||
inherit (nbLib.allowNetlink) RestrictAddressFamilies;
|
||||
} // nbLib.allowedIPAddresses cfg.tor.enforce
|
||||
// nbLib.nodejs;
|
||||
};
|
||||
|
|
|
@ -49,6 +49,15 @@ let
|
|||
parameters, as fully qualified data source name.
|
||||
'';
|
||||
};
|
||||
useBcliPlugin = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = ''
|
||||
Use bitcoind (via plugin `bcli`) for getting block data.
|
||||
This option is disabled by plugins that use other sources for
|
||||
fetching block data, like `trustedcoin`.
|
||||
'';
|
||||
};
|
||||
extraConfig = mkOption {
|
||||
type = types.lines;
|
||||
default = "";
|
||||
|
@ -107,15 +116,19 @@ let
|
|||
network = bitcoind.makeNetworkName "bitcoin" "regtest";
|
||||
configFile = pkgs.writeText "config" ''
|
||||
network=${network}
|
||||
${optionalString (!cfg.plugins.trustedcoin.enable) "bitcoin-datadir=${bitcoind.dataDir}"}
|
||||
${
|
||||
if cfg.useBcliPlugin then ''
|
||||
bitcoin-datadir=${config.services.bitcoind.dataDir}
|
||||
'' else ''
|
||||
disable-plugin=bcli
|
||||
''
|
||||
}
|
||||
${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
|
||||
always-use-proxy=${boolToString cfg.always-use-proxy}
|
||||
bind-addr=${cfg.address}:${toString cfg.port}
|
||||
|
||||
bitcoin-rpcconnect=${nbLib.address bitcoind.rpc.address}
|
||||
bitcoin-rpcport=${toString bitcoind.rpc.port}
|
||||
bitcoin-rpcuser=${bitcoind.rpc.users.public.name}
|
||||
|
||||
rpc-file-mode=0660
|
||||
log-timestamps=false
|
||||
${optionalString (cfg.wallet != null) "wallet=${cfg.wallet}"}
|
||||
|
@ -152,18 +165,20 @@ in {
|
|||
];
|
||||
|
||||
systemd.services.clightning = {
|
||||
path = [ nbPkgs.bitcoind ];
|
||||
path = [ bitcoind.package ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
|
||||
preStart = ''
|
||||
# The RPC socket has to be removed otherwise we might have stale sockets
|
||||
# Remove an existing socket so that `postStart` can detect when when a new
|
||||
# socket has been created and clightning is ready to accept RPC connections.
|
||||
# This will no longer be needed when clightning supports systemd startup notifications.
|
||||
rm -f ${cfg.networkDir}/lightning-rpc
|
||||
|
||||
umask u=rw,g=r,o=
|
||||
{
|
||||
cat ${configFile}
|
||||
echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword-public)"
|
||||
|
||||
${optionalString (cfg.getPublicAddressCmd != "") ''
|
||||
echo "announce-addr=$(${cfg.getPublicAddressCmd}):${toString publicPort}"
|
||||
''}
|
||||
|
|
|
@ -68,7 +68,7 @@ in {
|
|||
systemd.services.electrs = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
|
||||
preStart = ''
|
||||
echo "auth = \"${bitcoind.rpc.users.public.name}:$(cat ${secretsDir}/bitcoin-rpcpassword-public)\"" \
|
||||
> electrs.toml
|
||||
|
|
|
@ -112,7 +112,7 @@ in {
|
|||
systemd.services.fulcrum = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
|
||||
preStart = ''
|
||||
{
|
||||
cat ${configFile}
|
||||
|
|
|
@ -75,7 +75,7 @@ in {
|
|||
systemd.services.joinmarket-ob-watcher = rec {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "tor.service" "bitcoind.service" ];
|
||||
after = requires;
|
||||
after = requires ++ [ "nix-bitcoin-secrets.target" ];
|
||||
# The service writes to HOME/.config/matplotlib
|
||||
environment.HOME = cfg.dataDir;
|
||||
preStart = ''
|
||||
|
|
|
@ -158,7 +158,7 @@ let
|
|||
onion_serving_host = ${cfg.messagingAddress}
|
||||
onion_serving_port = ${toString cfg.messagingPort}
|
||||
hidden_service_dir =
|
||||
directory_nodes = 3kxw6lf5vf6y26emzwgibzhrzhmhqiw6ekrek3nqfjjmhwznb2moonad.onion:5222,jmdirjmioywe2s5jad7ts6kgcqg66rj6wujj6q77n6wbdrgocqwexzid.onion:5222,bqlpq6ak24mwvuixixitift4yu42nxchlilrcqwk2ugn45tdclg42qid.onion:5222
|
||||
directory_nodes = g3hv4uynnmynqqq2mchf3fcm3yd46kfzmcdogejuckgwknwyq5ya6iad.onion:5222,3kxw6lf5vf6y26emzwgibzhrzhmhqiw6ekrek3nqfjjmhwznb2moonad.onion:5222,bqlpq6ak24mwvuixixitift4yu42nxchlilrcqwk2ugn45tdclg42qid.onion:5222
|
||||
|
||||
# irc.darkscience.net
|
||||
[MESSAGING:server1]
|
||||
|
@ -191,7 +191,7 @@ let
|
|||
[DAEMON]
|
||||
no_daemon = 0
|
||||
daemon_port = 27183
|
||||
daemon_host = localhost
|
||||
daemon_host = 127.0.0.1
|
||||
use_ssl = false
|
||||
|
||||
[BLOCKCHAIN]
|
||||
|
@ -212,6 +212,7 @@ let
|
|||
segwit = true
|
||||
native = true
|
||||
merge_algorithm = default
|
||||
gaplimit = 6
|
||||
tx_fees = 3
|
||||
tx_fees_factor = 0.2
|
||||
absurd_fee_per_kb = 350000
|
||||
|
@ -252,7 +253,6 @@ let
|
|||
txfee_contribution_factor = ${toString yg.txfee_contribution_factor}
|
||||
minsize = ${toString yg.minsize}
|
||||
size_factor = ${toString yg.size_factor}
|
||||
gaplimit = 6
|
||||
|
||||
[SNICKER]
|
||||
enabled = false
|
||||
|
@ -303,7 +303,7 @@ in {
|
|||
systemd.services.joinmarket = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
|
||||
preStart = ''
|
||||
{
|
||||
cat ${configFile}
|
||||
|
@ -387,7 +387,7 @@ in {
|
|||
systemd.services.joinmarket-yieldgenerator = {
|
||||
wantedBy = [ "joinmarket.service" ];
|
||||
requires = [ "joinmarket.service" ];
|
||||
after = [ "joinmarket.service" ];
|
||||
after = [ "joinmarket.service" "nix-bitcoin-secrets.target" ];
|
||||
script = ''
|
||||
tr -d "\n" <"${secretsDir}/jm-wallet-password" \
|
||||
| ${nbPkgs.joinmarket}/bin/jm-yg-privacyenhanced --datadir='${cfg.dataDir}' \
|
||||
|
|
|
@ -6,7 +6,7 @@ let
|
|||
enable = mkEnableOption "Lightning Loop, a non-custodial off/on chain bridge";
|
||||
rpcAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
default = "127.0.0.1";
|
||||
description = mdDoc "Address to listen for gRPC connections.";
|
||||
};
|
||||
rpcPort = mkOption {
|
||||
|
@ -121,12 +121,12 @@ in {
|
|||
"d '${cfg.dataDir}' 0770 ${lnd.user} ${lnd.group} - -"
|
||||
];
|
||||
|
||||
services.lightning-loop.certificate.extraIPs = mkIf (cfg.rpcAddress != "localhost") [ "${cfg.rpcAddress}" ];
|
||||
services.lightning-loop.certificate.extraIPs = mkIf (cfg.rpcAddress != "127.0.0.1") [ "${cfg.rpcAddress}" ];
|
||||
|
||||
systemd.services.lightning-loop = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "lnd.service" ];
|
||||
after = [ "lnd.service" ];
|
||||
after = [ "lnd.service" "nix-bitcoin-secrets.target" ];
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
ExecStart = "${cfg.package}/bin/loopd --configfile=${configFile}";
|
||||
User = lnd.user;
|
||||
|
|
|
@ -6,7 +6,7 @@ let
|
|||
enable = mkEnableOption "Lightning Pool, a marketplace for inbound lightning liquidity ";
|
||||
rpcAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
default = "127.0.0.1";
|
||||
description = mdDoc "Address to listen for gRPC connections.";
|
||||
};
|
||||
rpcPort = mkOption {
|
||||
|
|
|
@ -256,7 +256,7 @@ in {
|
|||
|
||||
systemd.services.liquidd = {
|
||||
requires = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
preStart = ''
|
||||
install -m 640 ${configFile} '${cfg.dataDir}/elements.conf'
|
||||
|
|
|
@ -6,7 +6,7 @@ let
|
|||
enable = mkEnableOption "Lightning Network daemon, a Lightning Network implementation in Go";
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
default = "127.0.0.1";
|
||||
description = mdDoc "Address to listen for peer connections";
|
||||
};
|
||||
port = mkOption {
|
||||
|
@ -16,7 +16,7 @@ let
|
|||
};
|
||||
rpcAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
default = "127.0.0.1";
|
||||
description = mdDoc "Address to listen for RPC connections.";
|
||||
};
|
||||
rpcPort = mkOption {
|
||||
|
@ -26,7 +26,7 @@ let
|
|||
};
|
||||
restAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
default = "127.0.0.1";
|
||||
description = mdDoc "Address to listen for REST connections.";
|
||||
};
|
||||
restPort = mkOption {
|
||||
|
@ -224,12 +224,12 @@ in {
|
|||
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
|
||||
services.lnd.certificate.extraIPs = mkIf (cfg.rpcAddress != "localhost") [ "${cfg.rpcAddress}" ];
|
||||
services.lnd.certificate.extraIPs = mkIf (cfg.rpcAddress != "127.0.0.1") [ "${cfg.rpcAddress}" ];
|
||||
|
||||
systemd.services.lnd = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" ];
|
||||
after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
|
||||
preStart = ''
|
||||
install -m600 ${configFile} '${cfg.dataDir}/lnd.conf'
|
||||
{
|
||||
|
|
332
modules/mempool.nix
Normal file
332
modules/mempool.nix
Normal file
|
@ -0,0 +1,332 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
options.services = {
|
||||
mempool = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
Enable Mempool, a fully featured Bitcoin visualizer, explorer, and API service.
|
||||
|
||||
Note: Mempool enables `txindex` in bitcoind (this is a requirement).
|
||||
|
||||
This module has two components:
|
||||
- A backend service (systemd service `mempool`)
|
||||
|
||||
- An optional web interface run by nginx, defined by options `services.mempool.frontend.*`.
|
||||
The frontend is enabled by default when mempool is enabled.
|
||||
For details, see `services.mempool.frontend.enable`.
|
||||
'';
|
||||
};
|
||||
|
||||
frontend = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = cfg.enable;
|
||||
description = mdDoc ''
|
||||
Enable the mempool frontend (web interface).
|
||||
This starts a simple nginx instance, configured for local usage with
|
||||
settings similar to the `mempool/frontend` Docker image.
|
||||
|
||||
IMPORTANT:
|
||||
If you want to expose the mempool frontend to the internet, you
|
||||
should create a custom nginx config that includes TLS, backend caching, rate limiting
|
||||
and performance tuning.
|
||||
For this task, reuse the config snippets from option `services.mempool.frontend.nginxConfig`.
|
||||
See also: https://github.com/fort-nix/nixbitcoin.org/blob/master/website/mempool.nix,
|
||||
which contains a mempool nginx config for public hosting (running at
|
||||
https://mempool.nixbitcoin.org).
|
||||
'';
|
||||
};
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = mdDoc "HTTP server address.";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 60845; # A random private port
|
||||
description = mdDoc "HTTP server port.";
|
||||
};
|
||||
staticContentRoot = mkOption {
|
||||
type = types.path;
|
||||
default = nbPkgs.mempool-frontend;
|
||||
defaultText = "config.nix-bitcoin.pkgs.mempool-frontend";
|
||||
description = mdDoc "
|
||||
Path of the static frontend content root.
|
||||
";
|
||||
};
|
||||
nginxConfig = mkOption {
|
||||
readOnly = true;
|
||||
default = frontend.nginxConfig;
|
||||
defaultText = "(See source)";
|
||||
description = mdDoc "
|
||||
An attrset of nginx config snippets for assembling a custom
|
||||
mempool nginx config.
|
||||
For details, see the source comments at the point of definition.
|
||||
";
|
||||
};
|
||||
};
|
||||
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = mdDoc "Mempool backend address.";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 8999;
|
||||
description = mdDoc "Mempool backend port.";
|
||||
};
|
||||
electrumServer = mkOption {
|
||||
type = types.enum [ "electrs" "fulcrum" ];
|
||||
default = "electrs";
|
||||
description = mdDoc ''
|
||||
The Electrum server to use for fetching address information.
|
||||
|
||||
Possible options:
|
||||
- electrs:
|
||||
Small database size, slow when querying new addresses.
|
||||
- fulcrum:
|
||||
Large database size, quickly serves arbitrary address queries.
|
||||
'';
|
||||
};
|
||||
settings = mkOption {
|
||||
type = with types; attrsOf (attrsOf anything);
|
||||
example = {
|
||||
MEMPOOL = {
|
||||
POLL_RATE_MS = 3000;
|
||||
STDOUT_LOG_MIN_PRIORITY = "debug";
|
||||
};
|
||||
PRICE_DATA_SERVER = {
|
||||
CLEARNET_URL = "https://myserver.org/prices";
|
||||
};
|
||||
};
|
||||
description = mdDoc ''
|
||||
Mempool backend settings.
|
||||
See here for possible options:
|
||||
https://github.com/mempool/mempool/blob/master/backend/src/config.ts
|
||||
'';
|
||||
};
|
||||
database = {
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "mempool";
|
||||
description = mdDoc "Database name.";
|
||||
};
|
||||
};
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = nbPkgs.mempool-backend;
|
||||
defaultText = "config.nix-bitcoin.pkgs.mempool-backend";
|
||||
description = mdDoc "The package providing mempool binaries.";
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "mempool";
|
||||
description = mdDoc "The user as which to run Mempool.";
|
||||
};
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = cfg.user;
|
||||
description = mdDoc "The group as which to run Mempool.";
|
||||
};
|
||||
tor = nbLib.tor;
|
||||
};
|
||||
|
||||
# Internal read-only options used by `./nodeinfo.nix` and `./onion-services.nix`
|
||||
mempool-frontend = let
|
||||
mkAlias = default: mkOption {
|
||||
internal = true;
|
||||
readOnly = true;
|
||||
inherit default;
|
||||
};
|
||||
in {
|
||||
enable = mkAlias cfg.frontend.enable;
|
||||
address = mkAlias cfg.frontend.address;
|
||||
port = mkAlias cfg.frontend.port;
|
||||
};
|
||||
};
|
||||
|
||||
cfg = config.services.mempool;
|
||||
nbLib = config.nix-bitcoin.lib;
|
||||
nbPkgs = config.nix-bitcoin.pkgs;
|
||||
secretsDir = config.nix-bitcoin.secretsDir;
|
||||
|
||||
configFile = builtins.toFile "mempool-config" (builtins.toJSON cfg.settings);
|
||||
cacheDir = "/var/cache/mempool";
|
||||
|
||||
inherit (config.services)
|
||||
bitcoind
|
||||
electrs
|
||||
fulcrum;
|
||||
|
||||
torSocket = config.services.tor.client.socksListenAddress;
|
||||
|
||||
# See the `services.nginx` definition further below below
|
||||
# on how to use these snippets.
|
||||
frontend.nginxConfig = {
|
||||
# This must be added to `services.nginx.commonHttpConfig` when
|
||||
# `mempool/location-static.conf` is used
|
||||
httpConfig = ''
|
||||
include ${nbPkgs.mempool-nginx-conf}/mempool/http-language.conf;
|
||||
'';
|
||||
|
||||
# This should be added to `services.nginx.virtualHosts.<mempool server name>.extraConfig`
|
||||
staticContent = ''
|
||||
index index.html;
|
||||
|
||||
add_header Cache-Control "public, no-transform";
|
||||
add_header Vary Accept-Language;
|
||||
add_header Vary Cookie;
|
||||
|
||||
include ${nbPkgs.mempool-nginx-conf}/mempool/location-static.conf;
|
||||
|
||||
# Redirect /api to /docs/api
|
||||
location = /api {
|
||||
return 308 https://$host/docs/api;
|
||||
}
|
||||
location = /api/ {
|
||||
return 308 https://$host/docs/api;
|
||||
}
|
||||
'';
|
||||
|
||||
# This should be added to `services.nginx.virtualHosts.<mempool server name>.extraConfig`
|
||||
proxyApi = let
|
||||
backend = "http://${nbLib.addressWithPort cfg.address cfg.port}";
|
||||
in ''
|
||||
location /api/ {
|
||||
proxy_pass ${backend}/api/v1/;
|
||||
}
|
||||
location /api/v1 {
|
||||
proxy_pass ${backend};
|
||||
}
|
||||
# Websocket API
|
||||
location /api/v1/ws {
|
||||
proxy_pass ${backend};
|
||||
|
||||
# Websocket header settings
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
|
||||
# Relevant settings from `recommendedProxyConfig` (nixos/nginx/default.nix)
|
||||
# (In the above api locations, this are inherited from the parent scope)
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
in {
|
||||
inherit options;
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.bitcoind.txindex = true;
|
||||
services.electrs.enable = mkIf (cfg.electrumServer == "electrs" ) true;
|
||||
services.fulcrum.enable = mkIf (cfg.electrumServer == "fulcrum" ) true;
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mariadb;
|
||||
ensureDatabases = [ cfg.database.name ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = cfg.user;
|
||||
ensurePermissions."${cfg.database.name}.*" = "ALL PRIVILEGES";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# Available options:
|
||||
# https://github.com/mempool/mempool/blob/master/backend/src/config.ts
|
||||
services.mempool.settings = {
|
||||
MEMPOOL = {
|
||||
# mempool doesn't support regtest
|
||||
NETWORK = "mainnet";
|
||||
BACKEND = "electrum";
|
||||
HTTP_PORT = cfg.port;
|
||||
CACHE_DIR = "${cacheDir}/cache";
|
||||
STDOUT_LOG_MIN_PRIORITY = mkDefault "info";
|
||||
};
|
||||
CORE_RPC = {
|
||||
HOST = bitcoind.rpc.address;
|
||||
PORT = bitcoind.rpc.port;
|
||||
USERNAME = bitcoind.rpc.users.public.name;
|
||||
PASSWORD = "@btcRpcPassword@";
|
||||
};
|
||||
ELECTRUM = let
|
||||
server = config.services.${cfg.electrumServer};
|
||||
in {
|
||||
HOST = server.address;
|
||||
PORT = server.port;
|
||||
TLS_ENABLED = false;
|
||||
};
|
||||
DATABASE = {
|
||||
ENABLED = true;
|
||||
DATABASE = cfg.database.name;
|
||||
SOCKET = "/run/mysqld/mysqld.sock";
|
||||
};
|
||||
} // optionalAttrs (cfg.tor.proxy) {
|
||||
# Use Tor for rate fetching
|
||||
SOCKS5PROXY = {
|
||||
ENABLED = true;
|
||||
USE_ONION = true;
|
||||
HOST = torSocket.addr;
|
||||
PORT = torSocket.port;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.mempool = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "${cfg.electrumServer}.service" ];
|
||||
after = [ "${cfg.electrumServer}.service" "mysql.service" ];
|
||||
preStart = ''
|
||||
mkdir -p '${cacheDir}/cache'
|
||||
<${configFile} sed \
|
||||
-e "s|@btcRpcPassword@|$(cat ${secretsDir}/bitcoin-rpcpassword-public)|" \
|
||||
> '${cacheDir}/config.json'
|
||||
'';
|
||||
environment.MEMPOOL_CONFIG_FILE = "${cacheDir}/config.json";
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
ExecStart = "${cfg.package}/bin/mempool-backend";
|
||||
CacheDirectory = "mempool";
|
||||
CacheDirectoryMode = "770";
|
||||
# Show "mempool" instead of "node" in the journal
|
||||
SyslogIdentifier = "mempool";
|
||||
User = cfg.user;
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
} // nbLib.allowedIPAddresses cfg.tor.enforce
|
||||
// nbLib.nodejs;
|
||||
};
|
||||
|
||||
services.nginx = mkIf cfg.frontend.enable {
|
||||
enable = true;
|
||||
enableReload = true;
|
||||
recommendedBrotliSettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
commonHttpConfig = frontend.nginxConfig.httpConfig;
|
||||
virtualHosts."mempool" = {
|
||||
serverName = "_";
|
||||
listen = [ { addr = cfg.frontend.address; port = cfg.frontend.port; } ];
|
||||
root = cfg.frontend.staticContentRoot;
|
||||
extraConfig =
|
||||
frontend.nginxConfig.staticContent +
|
||||
frontend.nginxConfig.proxyApi;
|
||||
};
|
||||
};
|
||||
|
||||
users.users.${cfg.user} = {
|
||||
isSystemUser = true;
|
||||
group = cfg.group;
|
||||
extraGroups = [ "bitcoinrpc-public" ];
|
||||
};
|
||||
users.groups.${cfg.group} = {};
|
||||
};
|
||||
}
|
|
@ -14,13 +14,13 @@
|
|||
./clightning-plugins
|
||||
./clightning-rest.nix
|
||||
./clightning-replication.nix
|
||||
./spark-wallet.nix
|
||||
./lnd.nix
|
||||
./lightning-loop.nix
|
||||
./lightning-pool.nix
|
||||
./charge-lnd.nix
|
||||
./lndconnect.nix # Requires onion-addresses.nix
|
||||
./rtl.nix
|
||||
./mempool.nix
|
||||
./electrs.nix
|
||||
./fulcrum.nix
|
||||
./liquid.nix
|
||||
|
|
|
@ -244,10 +244,6 @@ in {
|
|||
id = 16;
|
||||
connections = [ "bitcoind" ];
|
||||
};
|
||||
spark-wallet = {
|
||||
id = 17;
|
||||
# communicates with clightning over lightning-rpc socket
|
||||
};
|
||||
nginx = {
|
||||
id = 21;
|
||||
};
|
||||
|
@ -299,7 +295,14 @@ in {
|
|||
id = 31;
|
||||
connections = [ "bitcoind" ];
|
||||
};
|
||||
# id = 32 reserved for the upcoming mempool module
|
||||
mempool = {
|
||||
id = 32;
|
||||
connections = [
|
||||
"bitcoind"
|
||||
"nginx"
|
||||
(if (config.services.mempool.electrumServer == "electrs") then "electrs" else "fulcrum")
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.bitcoind = {
|
||||
|
@ -332,11 +335,6 @@ in {
|
|||
|
||||
services.fulcrum.address = netns.fulcrum.address;
|
||||
|
||||
services.spark-wallet = {
|
||||
address = netns.spark-wallet.address;
|
||||
extraArgs = "--no-tls";
|
||||
};
|
||||
|
||||
services.lightning-loop.rpcAddress = netns.lightning-loop.address;
|
||||
|
||||
services.nbxplorer.address = netns.nbxplorer.address;
|
||||
|
@ -358,6 +356,9 @@ in {
|
|||
services.rtl.address = netns.rtl.address;
|
||||
|
||||
services.clightning-rest.address = netns.clightning-rest.address;
|
||||
|
||||
services.mempool.address = netns.mempool.address;
|
||||
services.mempool.frontend.address = netns.nginx.address;
|
||||
}
|
||||
]);
|
||||
}
|
||||
|
|
|
@ -145,11 +145,16 @@ in {
|
|||
clightning-rest = mkInfo "";
|
||||
electrs = mkInfo "";
|
||||
fulcrum = mkInfo "";
|
||||
spark-wallet = mkInfo "";
|
||||
btcpayserver = mkInfo "";
|
||||
liquidd = mkInfo "";
|
||||
joinmarket-ob-watcher = mkInfo "";
|
||||
rtl = mkInfo "";
|
||||
mempool = mkInfo "";
|
||||
mempool-frontend = name: cfg: mkInfoLong {
|
||||
inherit name cfg;
|
||||
systemdServiceName = "nginx";
|
||||
extraCode = "";
|
||||
};
|
||||
# Only add sshd when it has an onion service
|
||||
sshd = name: cfg: mkIfOnionPort "sshd" (onionPort: ''
|
||||
add_service("sshd", """info["onion_address"] = get_onion_address("sshd", ${onionPort})""")
|
||||
|
|
126
modules/nostr-wallet-connect.nix
Normal file
126
modules/nostr-wallet-connect.nix
Normal file
|
@ -0,0 +1,126 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
options = {
|
||||
services.lnd.nostr-wallet-connect = {
|
||||
enable = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
Add a `nostr-wallet-connect` binary to the system environment which prints
|
||||
connection info for lnd clients.
|
||||
See: https://github.com/getalby/nostr-wallet-connect
|
||||
|
||||
Usage:
|
||||
```bash
|
||||
# Print QR code
|
||||
nostr-wallet-connect
|
||||
|
||||
# Print URL
|
||||
nostr-wallet-connect --url
|
||||
```
|
||||
'';
|
||||
};
|
||||
onion = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
Create an onion service for the lnd REST server,
|
||||
which is used by nostr-wallet-connect.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
nix-bitcoin.mknostr-wallet-connect = mkOption {
|
||||
readOnly = true;
|
||||
default = mknostr-wallet-connect;
|
||||
description = mdDoc ''
|
||||
A function to create a nostr-wallet-connect binary.
|
||||
See the source for further details.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
nbLib = config.nix-bitcoin.lib;
|
||||
runAsUser = config.nix-bitcoin.runAsUserCmd;
|
||||
|
||||
inherit (config.services)
|
||||
lnd;
|
||||
|
||||
mknostr-wallet-connect = {
|
||||
name,
|
||||
shebang ? "#!${pkgs.stdenv.shell} -e",
|
||||
isClightning ? false,
|
||||
port,
|
||||
macaroonPath,
|
||||
enableOnion,
|
||||
onionService ? null,
|
||||
certPath ? null
|
||||
}:
|
||||
# TODO-EXTERNAL:
|
||||
# nostr-wallet-connect requires a --configfile argument, although it's unused
|
||||
# https://github.com/LN-Zap/nostr-wallet-connect/issues/25
|
||||
pkgs.hiPrio (pkgs.writeScriptBin name ''
|
||||
${shebang}
|
||||
url=$(
|
||||
${getExe config.nix-bitcoin.pkgs.nostr-wallet-connect} --url \
|
||||
${optionalString enableOnion "--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService})"} \
|
||||
--port=${toString port} \
|
||||
${if enableOnion || certPath == null then "--nocert" else "--tlscertpath='${certPath}'"} \
|
||||
--adminmacaroonpath='${macaroonPath}' \
|
||||
--configfile=/dev/null "$@"
|
||||
)
|
||||
|
||||
# If --url is in args
|
||||
if [[ " $* " =~ " --url " ]]; then
|
||||
echo "$url"
|
||||
else
|
||||
# This UTF-8 encoding yields a smaller, more convenient output format
|
||||
# compared to the native nostr-wallet-connect output
|
||||
echo -n "$url" | ${getExe pkgs.qrencode} -t UTF8 -o -
|
||||
fi
|
||||
'');
|
||||
|
||||
operatorName = config.nix-bitcoin.operator.name;
|
||||
in {
|
||||
inherit options;
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf (lnd.enable && lnd.nostr-wallet-connect.enable)
|
||||
(mkMerge [
|
||||
{
|
||||
environment.systemPackages = [(
|
||||
mknostr-wallet-connect {
|
||||
name = "nostr-wallet-connect";
|
||||
# Run as lnd user because the macaroon and cert are not group-readable
|
||||
shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash";
|
||||
enableOnion = lnd.nostr-wallet-connect.onion;
|
||||
onionService = "${lnd.user}/nwc-rest";
|
||||
port = lnd.rpcPort;
|
||||
certPath = lnd.certPath;
|
||||
macaroonPath = "${lnd.networkDir}/admin.macaroon";
|
||||
}
|
||||
)];
|
||||
|
||||
services.lnd.restAddress = mkIf (!lnd.nostr-wallet-connect.onion) "0.0.0.0";
|
||||
}
|
||||
|
||||
(mkIf lnd.nostr-wallet-connect.onion {
|
||||
services.tor = {
|
||||
enable = true;
|
||||
relay.onionServices.nwc-rest = nbLib.mkOnionService {
|
||||
target.addr = nbLib.address lnd.restAddress;
|
||||
target.port = lnd.restPort;
|
||||
port = lnd.restPort;
|
||||
};
|
||||
};
|
||||
nix-bitcoin.onionAddresses.access = {
|
||||
${lnd.user} = [ "nwc-rest" ];
|
||||
${operatorName} = [ "nwc-rest" ];
|
||||
};
|
||||
})
|
||||
]))
|
||||
];
|
||||
}
|
|
@ -24,7 +24,6 @@ in {
|
|||
(mkRenamedOptionModule [ "services" "bitcoind" "rpcthreads" ] [ "services" "bitcoind" "rpc" "threads" ])
|
||||
(mkRenamedOptionModule [ "services" "clightning" "bind-addr" ] [ "services" "clightning" "address" ])
|
||||
(mkRenamedOptionModule [ "services" "clightning" "bindport" ] [ "services" "clightning" "port" ])
|
||||
(mkRenamedOptionModule [ "services" "spark-wallet" "host" ] [ "services" "spark-wallet" "address" ])
|
||||
(mkRenamedOptionModule [ "services" "lnd" "rpclisten" ] [ "services" "lnd" "rpcAddress" ])
|
||||
(mkRenamedOptionModule [ "services" "lnd" "listen" ] [ "services" "lnd" "address" ])
|
||||
(mkRenamedOptionModule [ "services" "lnd" "listenPort" ] [ "services" "lnd" "port" ])
|
||||
|
@ -75,7 +74,6 @@ in {
|
|||
"lightning-pool"
|
||||
"liquid"
|
||||
"lnd"
|
||||
"spark-wallet"
|
||||
"bitcoind"
|
||||
]) ++
|
||||
(map mkRenamedEnforceTorOption [
|
||||
|
@ -84,21 +82,32 @@ in {
|
|||
"electrs"
|
||||
]) ++
|
||||
# 0.0.77
|
||||
(
|
||||
let
|
||||
optionName = [ "services" "clightning" "plugins" "commando" ];
|
||||
in [
|
||||
(mkRemovedOptionModule (optionName ++ [ "enable" ]) ''
|
||||
clightning 0.12.0 ships with a reimplementation of the commando plugin
|
||||
that is incompatible with the commando module that existed in
|
||||
nix-bitcoin. The new built-in commando plugin is always enabled. For
|
||||
information on how to use it, run `lightning-cli help commando` and
|
||||
`lightning-cli help commando-rune`.
|
||||
'')
|
||||
(mkRemovedOptionModule (optionName ++ [ "readers" ]) "")
|
||||
(mkRemovedOptionModule (optionName ++ [ "writers" ]) "")
|
||||
]);
|
||||
|
||||
[
|
||||
(mkRemovedOptionModule [ "services" "clightning" "plugins" "commando" ] ''
|
||||
clightning 0.12.0 ships with a reimplementation of the commando plugin
|
||||
that is incompatible with the commando module that existed in
|
||||
nix-bitcoin. The new built-in commando plugin is always enabled. For
|
||||
information on how to use it, run `lightning-cli help commando` and
|
||||
`lightning-cli help commando-rune`.
|
||||
'')
|
||||
] ++
|
||||
# 0.0.92
|
||||
[
|
||||
(mkRemovedOptionModule [ "services" "spark-wallet" ] ''
|
||||
Spark Lightning Wallet is unmaintained and incompatible with clightning
|
||||
23.05. Therefore, the spark-wallet module has been removed from
|
||||
nix-bitcoin. For a replacement, consider using the rtl (Ride The
|
||||
Lightning) module or the clightning-rest module in combination with the
|
||||
Zeus mobile wallet.
|
||||
'')
|
||||
]
|
||||
++
|
||||
# 0.0.98
|
||||
[
|
||||
(mkRemovedOptionModule [ "services" "clightning" "plugins" "clboss" "acknowledgeDeprecation" ] ''
|
||||
`clboss` is maintained again and has been un-deprecated.
|
||||
'')
|
||||
];
|
||||
config = {
|
||||
# Migrate old clightning-rest datadir from nix-bitcoin versions < 0.0.70
|
||||
systemd.services.clightning-rest-migrate-datadir = let
|
||||
|
|
|
@ -104,15 +104,6 @@ in {
|
|||
# Set sensible defaults for some services
|
||||
{
|
||||
nix-bitcoin.onionServices = {
|
||||
spark-wallet = {
|
||||
externalPort = 80;
|
||||
# Enable 'public' by default, but don't auto-enable the onion service.
|
||||
# When the onion service is enabled, 'public' lets spark-wallet generate
|
||||
# a QR code for accessing the web interface.
|
||||
public = true;
|
||||
# Low priority so we can override this with mkDefault in ./presets/enable-tor.nix
|
||||
enable = mkOverride 1400 false;
|
||||
};
|
||||
btcpayserver = {
|
||||
externalPort = 80;
|
||||
};
|
||||
|
@ -122,6 +113,9 @@ in {
|
|||
rtl = {
|
||||
externalPort = 80;
|
||||
};
|
||||
mempool-frontend = {
|
||||
externalPort = 80;
|
||||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
|
|
|
@ -26,8 +26,8 @@ in {
|
|||
# TODO-EXTERNAL:
|
||||
# disable Tor enforcement until btcpayserver can fetch rates over Tor
|
||||
# btcpayserver = defaultEnableTorProxy;
|
||||
spark-wallet = defaultEnableTorProxy;
|
||||
lightning-pool = defaultEnableTorProxy;
|
||||
mempool = defaultEnableTorProxy;
|
||||
|
||||
# These services don't make outgoing connections
|
||||
# (or use Tor by default in case of joinmarket)
|
||||
|
@ -48,7 +48,6 @@ in {
|
|||
liquidd.enable = defaultTrue;
|
||||
electrs.enable = defaultTrue;
|
||||
fulcrum.enable = defaultTrue;
|
||||
spark-wallet.enable = defaultTrue;
|
||||
joinmarket-ob-watcher.enable = defaultTrue;
|
||||
rtl.enable = defaultTrue;
|
||||
};
|
||||
|
|
|
@ -25,6 +25,7 @@ in {
|
|||
# Use doas instead of sudo
|
||||
security.doas.enable = true;
|
||||
security.sudo.enable = false;
|
||||
environment.shellAliases.sudo = "doas";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
jq
|
||||
|
|
|
@ -183,8 +183,14 @@ in {
|
|||
|
||||
# Listen on all addresses, including `serverAddress`.
|
||||
# This is safe because the listen ports are secured by the firewall.
|
||||
services.lnd.restAddress = mkIf lndconnect "0.0.0.0";
|
||||
# clightning-rest always listens on "0.0.0.0"
|
||||
services.lnd = mkIf lndconnect {
|
||||
restAddress = "0.0.0.0";
|
||||
tor.enforce = false;
|
||||
};
|
||||
services.clightning-rest = mkIf lndconnect-clightning {
|
||||
# clightning-rest always listens on "0.0.0.0"
|
||||
tor.enforce = false;
|
||||
};
|
||||
|
||||
nix-bitcoin.secrets = {
|
||||
wg-server-private-key = {};
|
||||
|
|
|
@ -189,7 +189,7 @@ in {
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
requires = optional cfg.nodes.clightning.enable "clightning-rest.service" ++
|
||||
optional cfg.nodes.lnd.enable "lnd.service";
|
||||
after = requires;
|
||||
after = requires ++ [ "nix-bitcoin-secrets.target" ];
|
||||
environment.RTL_CONFIG_PATH = cfg.dataDir;
|
||||
environment.DB_DIRECTORY_PATH = cfg.dataDir;
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
|
|
|
@ -80,6 +80,7 @@ let
|
|||
rpcauth = pkgs.writers.writeBash "rpcauth" ''
|
||||
exec ${pkgs.python3}/bin/python ${rpcauthSrc} "$@"
|
||||
'';
|
||||
# Writes secrets to PWD
|
||||
in pkgs.writers.writeBash "generate-secrets" ''
|
||||
set -euo pipefail
|
||||
|
||||
|
|
|
@ -1,98 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
options.services.spark-wallet = {
|
||||
enable = mkEnableOption "spark-wallet";
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "localhost";
|
||||
description = mdDoc "http(s) server address.";
|
||||
};
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 9737;
|
||||
description = mdDoc "http(s) server port.";
|
||||
};
|
||||
extraArgs = mkOption {
|
||||
type = types.separatedString " ";
|
||||
default = "";
|
||||
description = mdDoc "Extra command line arguments passed to spark-wallet.";
|
||||
};
|
||||
getPublicAddressCmd = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = mdDoc ''
|
||||
Bash expression which outputs the public service address.
|
||||
If set, spark-wallet prints a QR code to the systemd journal which
|
||||
encodes an URL for accessing the web interface.
|
||||
'';
|
||||
};
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "spark-wallet";
|
||||
description = mdDoc "The user as which to run spark-wallet.";
|
||||
};
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = cfg.user;
|
||||
description = mdDoc "The group as which to run spark-wallet.";
|
||||
};
|
||||
tor = nbLib.tor;
|
||||
};
|
||||
|
||||
cfg = config.services.spark-wallet;
|
||||
nbLib = config.nix-bitcoin.lib;
|
||||
|
||||
clightning = config.services.clightning;
|
||||
|
||||
# Use wasabi rate provider because the default (bitstamp) doesn't accept
|
||||
# connections through Tor
|
||||
torRateProvider = "--rate-provider wasabi --proxy socks5h://${config.nix-bitcoin.torClientAddressWithPort}";
|
||||
startScript = ''
|
||||
${optionalString (cfg.getPublicAddressCmd != "") ''
|
||||
publicURL=(--public-url "http://$(${cfg.getPublicAddressCmd})")
|
||||
''}
|
||||
exec ${config.nix-bitcoin.pkgs.spark-wallet}/bin/spark-wallet \
|
||||
--ln-path '${clightning.networkDir}' \
|
||||
--host ${cfg.address} --port ${toString cfg.port} \
|
||||
--config '${config.nix-bitcoin.secretsDir}/spark-wallet-login' \
|
||||
${optionalString cfg.tor.proxy torRateProvider} \
|
||||
${optionalString (cfg.getPublicAddressCmd != "") ''"''${publicURL[@]}"''} \
|
||||
--pairing-qr --print-key ${cfg.extraArgs}
|
||||
'';
|
||||
in {
|
||||
inherit options;
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.clightning.enable = true;
|
||||
|
||||
systemd.services.spark-wallet = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
requires = [ "clightning.service" ];
|
||||
after = [ "clightning.service" ];
|
||||
script = startScript;
|
||||
serviceConfig = nbLib.defaultHardening // {
|
||||
User = cfg.user;
|
||||
Restart = "on-failure";
|
||||
RestartSec = "10s";
|
||||
} // nbLib.allowedIPAddresses cfg.tor.enforce
|
||||
// nbLib.nodejs;
|
||||
};
|
||||
|
||||
users.users.${cfg.user} = {
|
||||
isSystemUser = true;
|
||||
group = cfg.group;
|
||||
extraGroups = [ clightning.group ];
|
||||
};
|
||||
users.groups.${cfg.group} = {};
|
||||
|
||||
nix-bitcoin.secrets.spark-wallet-login.user = cfg.user;
|
||||
nix-bitcoin.generateSecretsCmds.spark-wallet = ''
|
||||
makePasswordSecret spark-wallet-password
|
||||
if [[ spark-wallet-password -nt spark-wallet-login ]]; then
|
||||
echo "login=spark-wallet:$(cat spark-wallet-password)" > spark-wallet-login
|
||||
fi
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -11,13 +11,16 @@ let
|
|||
nix-bitcoin.configVersion = mkOption {
|
||||
type = with types; nullOr str;
|
||||
default = null;
|
||||
example = "0.0.92";
|
||||
description = mdDoc ''
|
||||
Set this option to the nix-bitcoin release version that your config is
|
||||
compatible with.
|
||||
The nix-bitcoin release version that your config is compatible with.
|
||||
|
||||
When upgrading to a backwards-incompatible release, nix-bitcoin will throw an
|
||||
error during evaluation and provide instructions for migrating your config to
|
||||
the new release.
|
||||
|
||||
Once set, you only need to update this option when explicitly told to in an
|
||||
error message during evaluation.
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# This is a modified version of
|
||||
# https://github.com/NixOS/nixpkgs/pull/128749
|
||||
|
||||
{ lib, stdenvNoCC, makeWrapper, nodejs }:
|
||||
{ lib, stdenvNoCC, makeWrapper, nodejs, cacert }:
|
||||
|
||||
{ src
|
||||
, hash ? ""
|
||||
|
@ -25,6 +25,9 @@ stdenvNoCC.mkDerivation ({
|
|||
|
||||
phases = "unpackPhase patchPhase buildPhase installPhase";
|
||||
|
||||
# npm doesn't support var `SSL_CERT_FILE`.
|
||||
NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
|
||||
|
||||
buildPhase = ''
|
||||
runHook preBuild
|
||||
|
||||
|
|
|
@ -1,24 +1,34 @@
|
|||
{ lib, stdenv, fetchurl, pkgconfig, curl, libev, sqlite }:
|
||||
{ lib, stdenv, fetchFromGitHub, autoconf-archive, autoreconfHook, pkg-config, curl, libev, sqlite }:
|
||||
|
||||
let
|
||||
curlWithGnuTLS = curl.override { gnutlsSupport = true; opensslSupport = false; };
|
||||
in
|
||||
stdenv.mkDerivation rec {
|
||||
pname = "clboss";
|
||||
version = "0.13A";
|
||||
version = "0.13";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/ZmnSCPxj/clboss/releases/download/${version}/clboss-${version}.tar.gz";
|
||||
hash = "sha256-LTDJrm9Mk4j7Z++tKJKawEurgF1TnYuIoj+APbDHll4=";
|
||||
src = fetchFromGitHub {
|
||||
owner = "ZmnSCPxj";
|
||||
repo = "clboss";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-NP9blymdqDXo/OtGLQg/MXK24PpPvCrzqXRdtfCvpfI=";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ pkgconfig libev curlWithGnuTLS sqlite ];
|
||||
nativeBuildInputs = [
|
||||
autoreconfHook
|
||||
autoconf-archive
|
||||
pkg-config
|
||||
libev
|
||||
curlWithGnuTLS
|
||||
sqlite
|
||||
];
|
||||
|
||||
enableParallelBuilding = true;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Automated C-Lightning Node Manager";
|
||||
homepage = "https://github.com/ZmnSCPxj/clboss";
|
||||
changelog = "https://github.com/ZmnSCPxj/clboss/blob/v${version}/ChangeLog";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ nixbitcoin ];
|
||||
platforms = platforms.linux;
|
||||
|
|
|
@ -6,8 +6,8 @@ let
|
|||
src = pkgs.fetchFromGitHub {
|
||||
owner = "lightningd";
|
||||
repo = "plugins";
|
||||
rev = "e625369423b00c70b23641662f62ccd898286edc";
|
||||
sha256 = "04f30xlfr7pgdmdgka87x7sc9j82wc4zv7fbiqrjsc83dkmly81i";
|
||||
rev = "ce078bb74e10b5dea779fcd9fbe77e1d3e72db7a";
|
||||
hash = "sha256-SCHSJzXe1l14hVT47SU3lWDxKCKwwICjXjSDpjUX96U";
|
||||
};
|
||||
|
||||
version = builtins.substring 0 7 src.rev;
|
||||
|
@ -31,7 +31,7 @@ let
|
|||
description = "Lightning node exporter for the prometheus timeseries server";
|
||||
extraPkgs = [ prometheus_client ];
|
||||
patchRequirements =
|
||||
"--replace prometheus-client==0.6.0 prometheus-client==0.15.0"
|
||||
"--replace prometheus-client==0.6.0 prometheus-client==0.17.1"
|
||||
+ " --replace pyln-client~=0.9.3 pyln-client~=23.02";
|
||||
};
|
||||
rebalance = {
|
||||
|
@ -68,7 +68,7 @@ let
|
|||
|
||||
# Check that requirements are met
|
||||
PYTHONPATH='${toString python}/${python.sitePackages}' \
|
||||
${pkgs.python3Packages.pip}/bin/pip install -r requirements.txt --no-cache --no-index
|
||||
${pkgs.python3Packages.pip}/bin/pip install -r requirements.txt --no-cache --no-index --break-system-packages
|
||||
|
||||
chmod +x '${script}'
|
||||
patchShebangs '${script}'
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ lib
|
||||
, stdenvNoCC
|
||||
, nodejs-16_x
|
||||
, nodejs-slim-16_x
|
||||
, nodejs-18_x
|
||||
, nodejs-slim-18_x
|
||||
, fetchNodeModules
|
||||
, fetchurl
|
||||
, makeWrapper
|
||||
|
@ -9,20 +9,20 @@
|
|||
}:
|
||||
let self = stdenvNoCC.mkDerivation {
|
||||
pname = "clightning-rest";
|
||||
version = "0.9.0";
|
||||
version = "0.10.7";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/Ride-The-Lightning/c-lightning-REST/archive/refs/tags/v${self.version}.tar.gz";
|
||||
hash = "sha256-1thorV/UivDDH7oqjfm8VTd47LYSGooR2yEoETgBOH4=";
|
||||
hash = "sha256-m/djMQk+g994GaTW/yysD/eVgWcqY8cap41tot0UElI=";
|
||||
};
|
||||
|
||||
passthru = {
|
||||
nodejs = nodejs-16_x;
|
||||
nodejsRuntime = nodejs-slim-16_x;
|
||||
nodejs = nodejs-18_x;
|
||||
nodejsRuntime = nodejs-slim-18_x;
|
||||
|
||||
nodeModules = fetchNodeModules {
|
||||
inherit (self) src nodejs;
|
||||
hash = "sha256-rQrAt2BDmNMUCVWxTJN3qoPonKlRWeJ8C4ZvF/gPygk=";
|
||||
hash = "sha256-Dz4/kR4X34idfuPFFQJYE8yGIR3OSseDnkAhqbZ6iEI=";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
set -euo pipefail
|
||||
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "gnupg wget gnused" "$@"
|
||||
|
||||
version="0.9.0"
|
||||
version="0.10.7"
|
||||
repo=https://github.com/Ride-The-Lightning/c-lightning-REST
|
||||
|
||||
scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
|
||||
|
|
|
@ -17,9 +17,12 @@ let self = {
|
|||
lndinit = pkgs.callPackage ./lndinit { };
|
||||
liquid-swap = pkgs.python3Packages.callPackage ./liquid-swap { };
|
||||
rtl = pkgs.callPackage ./rtl { inherit (self) fetchNodeModules; };
|
||||
inherit (pkgs.callPackage ./mempool { inherit (self) fetchNodeModules; })
|
||||
mempool-backend
|
||||
mempool-frontend
|
||||
mempool-nginx-conf;
|
||||
# The secp256k1 version used by joinmarket
|
||||
secp256k1 = pkgs.callPackage ./secp256k1 { };
|
||||
spark-wallet = pkgs.callPackage ./spark-wallet { };
|
||||
trustedcoin = pkgs.callPackage ./trustedcoin { };
|
||||
|
||||
pyPkgs = import ./python-packages self pkgs.python3;
|
||||
|
|
|
@ -1,10 +1,12 @@
|
|||
{ stdenv, lib, fetchurl, python3, nbPython3PackagesJoinmarket }:
|
||||
{ stdenv, lib, fetchFromGitHub, python3, nbPython3PackagesJoinmarket }:
|
||||
|
||||
let
|
||||
version = "0.9.8";
|
||||
src = fetchurl {
|
||||
url = "https://github.com/JoinMarket-Org/joinmarket-clientserver/archive/v${version}.tar.gz";
|
||||
sha256 = "1ab4smpyx966iiiip3g11bcslya37qhac1kgkbmsmlsdkpilw9di";
|
||||
version = "0.9.10";
|
||||
src = fetchFromGitHub {
|
||||
owner = "joinmarket-org";
|
||||
repo = "joinmarket-clientserver";
|
||||
rev = "v${version}";
|
||||
hash = "sha256-uNweI7VKC16CFn8MNOAvadcSnTjK/Fznfy4qctM5PR8=";
|
||||
};
|
||||
|
||||
runtimePackages = with nbPython3PackagesJoinmarket; [
|
||||
|
|
|
@ -1,25 +1,25 @@
|
|||
#!/usr/bin/env bash
|
||||
#!/usr/bin/env nix-shell
|
||||
#!nix-shell -i bash -p git gnupg jq
|
||||
|
||||
set -euo pipefail
|
||||
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "git gnupg" "$@"
|
||||
newVersion=$(curl -s "https://api.github.com/repos/joinmarket-org/joinmarket-clientserver/releases" | jq -r '.[0].tag_name')
|
||||
|
||||
TMPDIR="$(mktemp -d -p /tmp)"
|
||||
trap 'rm -rf $TMPDIR' EXIT
|
||||
cd "$TMPDIR"
|
||||
|
||||
echo "Fetching latest release"
|
||||
git clone https://github.com/joinmarket-org/joinmarket-clientserver 2> /dev/null
|
||||
cd joinmarket-clientserver
|
||||
latest=$(git describe --tags "$(git rev-list --tags --max-count=1)")
|
||||
echo "Latest release is $latest"
|
||||
|
||||
# GPG verification
|
||||
export GNUPGHOME=$TMPDIR
|
||||
# Fetch release and GPG-verify the content hash
|
||||
tmpdir=$(mktemp -d /tmp/joinmarket-verify-gpg.XXX)
|
||||
repo=$tmpdir/repo
|
||||
git clone --depth 1 --branch "${newVersion}" -c advice.detachedHead=false https://github.com/joinmarket-org/joinmarket-clientserver "$repo"
|
||||
export GNUPGHOME=$tmpdir
|
||||
echo "Fetching Adam Gibson's key"
|
||||
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 2B6FC204D9BF332D062B461A141001A1AF77F20B 2> /dev/null
|
||||
echo "Verifying latest release"
|
||||
git verify-tag "$latest"
|
||||
echo "Fetch Kristaps Kaupe's key"
|
||||
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 70A1D47DD44F59DF8B22244333E472FE870C7E5D 2> /dev/null
|
||||
echo
|
||||
echo "Verifying commit"
|
||||
git -C "$repo" verify-commit HEAD
|
||||
rm -rf "$repo"/.git
|
||||
newHash=$(nix hash path "$repo")
|
||||
rm -rf "$tmpdir"
|
||||
echo
|
||||
|
||||
echo "tag: $latest"
|
||||
# The prefix option is necessary because GitHub prefixes the archive contents in this format
|
||||
echo "sha256: $(nix-hash --type sha256 --flat --base32 \
|
||||
<(git archive --format tar.gz --prefix=joinmarket-clientserver-"${latest//v}"/ "$latest"))"
|
||||
echo "tag: $newVersion"
|
||||
echo "hash: $newHash"
|
||||
|
|
|
@ -41,8 +41,12 @@ let self = {
|
|||
RestrictAddressFamilies = self.defaultHardening.RestrictAddressFamilies + " AF_NETLINK";
|
||||
};
|
||||
|
||||
# nodejs applications require memory write execute for JIT compilation
|
||||
nodejs = { MemoryDenyWriteExecute = false; };
|
||||
nodejs = {
|
||||
# Required for JIT compilation
|
||||
MemoryDenyWriteExecute = false;
|
||||
# Required by nodejs >= 18
|
||||
SystemCallFilter = self.defaultHardening.SystemCallFilter ++ [ "@pkey" ];
|
||||
};
|
||||
|
||||
# Allow takes precedence over Deny.
|
||||
allowLocalIPAddresses = {
|
||||
|
|
|
@ -11,7 +11,7 @@ buildGoModule rec {
|
|||
sha256 = "sha256-sO1DpbppCurxr9g9nUl9Vx82FJK1mTcUw3rY1Fm1wEU=";
|
||||
};
|
||||
|
||||
vendorSha256 = "sha256-El44BS5Bu0K/klMxkajciU/R6uqiXBMOiLN536QztbE=";
|
||||
vendorHash = "sha256-El44BS5Bu0K/klMxkajciU/R6uqiXBMOiLN536QztbE=";
|
||||
|
||||
subPackages = [ "." ];
|
||||
|
||||
|
|
143
pkgs/mempool/default.nix
Normal file
143
pkgs/mempool/default.nix
Normal file
|
@ -0,0 +1,143 @@
|
|||
{ lib
|
||||
, stdenvNoCC
|
||||
, nodejs-18_x
|
||||
, nodejs-slim-18_x
|
||||
, fetchFromGitHub
|
||||
, fetchNodeModules
|
||||
, runCommand
|
||||
, makeWrapper
|
||||
, curl
|
||||
, cacert
|
||||
, rsync
|
||||
}:
|
||||
rec {
|
||||
nodejs = nodejs-18_x;
|
||||
nodejsRuntime = nodejs-slim-18_x;
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "mempool";
|
||||
repo = "mempool";
|
||||
rev = "v2.5.0";
|
||||
hash = "sha256-8HmfytxRte3fQ0QKOljUVk9YAuaXhQQWuv3EFNmOgfQ=";
|
||||
};
|
||||
|
||||
nodeModules = {
|
||||
frontend = fetchNodeModules {
|
||||
inherit src nodejs;
|
||||
preBuild = "cd frontend";
|
||||
hash = "sha256-/Z0xNvob7eMGpzdUWolr47vljpFiIutZpGwd0uYhPWI=";
|
||||
};
|
||||
backend = fetchNodeModules {
|
||||
inherit src nodejs;
|
||||
preBuild = "cd backend";
|
||||
hash = "sha256-HpzzSTuSRWDWGbctVhTcUA01if/7OTI4xN3DAbAAX+U=";
|
||||
};
|
||||
};
|
||||
|
||||
frontendAssets = fetchFiles {
|
||||
name = "mempool-frontend-assets";
|
||||
hash = "sha256-3TmulAfzJJMf0UFhnHEqjAnzc1TNC5DM2XcsU7eyinY=";
|
||||
fetcher = ./frontend-assets-fetch.sh;
|
||||
};
|
||||
|
||||
mempool-backend = mkDerivationMempool {
|
||||
pname = "mempool-backend";
|
||||
|
||||
buildPhase = ''
|
||||
cd backend
|
||||
${sync} --chmod=+w ${nodeModules.backend}/lib/node_modules .
|
||||
patchShebangs node_modules
|
||||
|
||||
npm run package
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out/lib/mempool-backend
|
||||
${sync} package/ $out/lib/mempool-backend
|
||||
|
||||
makeWrapper ${nodejsRuntime}/bin/node $out/bin/mempool-backend \
|
||||
--add-flags $out/lib/mempool-backend/index.js
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
inherit nodejs nodejsRuntime;
|
||||
};
|
||||
};
|
||||
|
||||
mempool-frontend = mkDerivationMempool {
|
||||
pname = "mempool-frontend";
|
||||
|
||||
buildPhase = ''
|
||||
cd frontend
|
||||
|
||||
${sync} --chmod=+w ${nodeModules.frontend}/lib/node_modules .
|
||||
patchShebangs node_modules
|
||||
|
||||
# sync-assets.js is called during `npm run build` and downloads assets from the
|
||||
# internet. Disable this script and instead add the assets manually after building.
|
||||
: > sync-assets.js
|
||||
|
||||
# If this produces incomplete output (when run in a different build setup),
|
||||
# see https://github.com/mempool/mempool/issues/1256
|
||||
npm run build
|
||||
|
||||
# Add assets that would otherwise be downloaded by sync-assets.js
|
||||
${sync} ${frontendAssets}/ dist/mempool/browser/resources
|
||||
|
||||
runHook postBuild
|
||||
'';
|
||||
|
||||
installPhase = ''
|
||||
${sync} dist/mempool/browser/ $out
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
||||
passthru = { assets = frontendAssets; };
|
||||
};
|
||||
|
||||
mempool-nginx-conf = runCommand "mempool-nginx-conf" {} ''
|
||||
${sync} --chmod=u+w ${./nginx-conf}/ $out
|
||||
${sync} ${src}/production/nginx/http-language.conf $out/mempool
|
||||
'';
|
||||
|
||||
sync = "${rsync}/bin/rsync -a --inplace";
|
||||
|
||||
mkDerivationMempool = args: stdenvNoCC.mkDerivation ({
|
||||
version = src.rev;
|
||||
inherit src meta;
|
||||
|
||||
nativeBuildInputs = [
|
||||
makeWrapper
|
||||
nodejs
|
||||
rsync
|
||||
];
|
||||
|
||||
phases = "unpackPhase patchPhase buildPhase installPhase";
|
||||
} // args);
|
||||
|
||||
fetchFiles = { name, hash, fetcher }: stdenvNoCC.mkDerivation {
|
||||
inherit name;
|
||||
outputHashMode = "recursive";
|
||||
outputHashAlgo = "sha256";
|
||||
outputHash = hash;
|
||||
nativeBuildInputs = [ curl cacert ];
|
||||
buildCommand = ''
|
||||
mkdir $out
|
||||
cd $out
|
||||
${builtins.readFile fetcher}
|
||||
'';
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "Bitcoin blockchain and mempool explorer";
|
||||
homepage = "https://github.com/mempool/mempool/";
|
||||
license = licenses.agpl3Plus;
|
||||
maintainers = with maintainers; [ erikarvstedt ];
|
||||
platforms = platforms.unix;
|
||||
};
|
||||
}
|
31
pkgs/mempool/frontend-assets-fetch.sh
Executable file
31
pkgs/mempool/frontend-assets-fetch.sh
Executable file
|
@ -0,0 +1,31 @@
|
|||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
# Fetch hash-locked versions of assets that are dynamically fetched via
|
||||
# https://github.com/mempool/mempool/blob/master/frontend/sync-assets.js
|
||||
# when running `npm run build` in the frontend.
|
||||
#
|
||||
# This file is updated by ./frontend-assets-update.sh
|
||||
|
||||
declare -A revs=(
|
||||
["mempool/mining-pools"]=e889230b0924d7d72eb28186db6f96ef94361fa5
|
||||
["mempool/mining-pool-logos"]=9cb443035878c3f112af97384d624de245afe72d
|
||||
)
|
||||
|
||||
fetchFile() {
|
||||
repo=$1
|
||||
file=$2
|
||||
rev=${revs["$repo"]}
|
||||
curl -fsS "https://raw.githubusercontent.com/$repo/$rev/$file"
|
||||
}
|
||||
|
||||
fetchRepo() {
|
||||
repo=$1
|
||||
rev=${revs["$repo"]}
|
||||
curl -fsSL "https://github.com/$repo/archive/$rev.tar.gz"
|
||||
}
|
||||
|
||||
# shellcheck disable=SC2094
|
||||
fetchFile "mempool/mining-pools" pools.json > pools.json
|
||||
mkdir mining-pools
|
||||
fetchRepo "mempool/mining-pool-logos" | tar xz --strip-components=1 -C mining-pools
|
14
pkgs/mempool/frontend-assets-update.sh
Executable file
14
pkgs/mempool/frontend-assets-update.sh
Executable file
|
@ -0,0 +1,14 @@
|
|||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
updateRepoHash() {
|
||||
repo=$1
|
||||
echo -n "Fetching latest rev for $repo: "
|
||||
hash=$(curl -fsS "https://api.github.com/repos/$repo/commits/master" | jq -r '.sha')
|
||||
echo "$hash"
|
||||
sed -i -E "s|( +)\[\"$repo(.*)|\1[\"$repo\"]=$hash|" frontend-assets-fetch.sh
|
||||
}
|
||||
|
||||
<frontend-assets-fetch.sh sed -nE 's| +\["([^"]+).*|\1|p' | while read -r repo; do
|
||||
updateRepoHash "$repo"
|
||||
done
|
71
pkgs/mempool/generate.sh
Executable file
71
pkgs/mempool/generate.sh
Executable file
|
@ -0,0 +1,71 @@
|
|||
#!/usr/bin/env nix-shell
|
||||
#! nix-shell -i bash -p gnupg gnused jq
|
||||
set -euo pipefail
|
||||
|
||||
# Use this to start a debug shell at the location of this statement
|
||||
# . "${BASH_SOURCE[0]%/*}/../../helper/start-bash-session.sh"
|
||||
|
||||
version=2.5.0
|
||||
# You can also specify a rev instead:
|
||||
# rev=57eddac7f0b99b4fe84d91c0f4a50a4f7ccfe55f
|
||||
owner=mempool
|
||||
repo=https://github.com/$owner/mempool
|
||||
|
||||
cd "${BASH_SOURCE[0]%/*}"
|
||||
|
||||
updateSrc() {
|
||||
TMPDIR="$(mktemp -d /tmp/mempool.XXX)"
|
||||
trap 'rm -rf $TMPDIR' EXIT
|
||||
|
||||
# Fetch and verify source
|
||||
src=$TMPDIR/src
|
||||
mkdir -p "$src"
|
||||
if [[ -v rev ]]; then
|
||||
# Fetch revision
|
||||
git -C "$src" init
|
||||
git -C "$src" fetch --depth 1 "$repo" "$rev:src"
|
||||
git -C "$src" checkout src
|
||||
else
|
||||
tag=v$version
|
||||
# Fetch and GPG-verify version tag
|
||||
git clone --depth 1 --branch "$tag" -c advice.detachedHead=false $repo "$src"
|
||||
git -C "$src" checkout tags/$tag
|
||||
export GNUPGHOME=$TMPDIR
|
||||
# Fetch wiz' key
|
||||
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 913C5FF1F579B66CA10378DBA394E332255A6173 2> /dev/null
|
||||
git -C "$src" verify-tag $tag
|
||||
rev=$tag
|
||||
fi
|
||||
rm -rf "$src"/.git
|
||||
hash=$(nix hash path "$src")
|
||||
|
||||
sed -i "
|
||||
s|\bowner = .*;|owner = \"$owner\";|
|
||||
s|\brev = .*;|rev = \"$rev\";|
|
||||
s|\bhash = .*;|hash = \"$hash\";|
|
||||
" default.nix
|
||||
}
|
||||
|
||||
updateNodeModulesHash() {
|
||||
component=$1
|
||||
echo
|
||||
echo "Fetching node modules for mempool-$component"
|
||||
../../helper/update-fixed-output-derivation.sh ./default.nix mempool-"$component" "cd $component"
|
||||
}
|
||||
|
||||
updateFrontendAssets() {
|
||||
. ./frontend-assets-update.sh
|
||||
echo
|
||||
echo "Fetching frontend assets"
|
||||
../../helper/update-fixed-output-derivation.sh ./default.nix mempool-frontend.assets "frontendAssets"
|
||||
}
|
||||
|
||||
if [[ $# == 0 ]]; then
|
||||
# Each of these can be run separately
|
||||
updateSrc
|
||||
updateFrontendAssets
|
||||
updateNodeModulesHash backend
|
||||
updateNodeModulesHash frontend
|
||||
else
|
||||
"$@"
|
||||
fi
|
44
pkgs/mempool/nginx-conf/mempool/location-static.conf
Normal file
44
pkgs/mempool/nginx-conf/mempool/location-static.conf
Normal file
|
@ -0,0 +1,44 @@
|
|||
# see order of nginx location rules
|
||||
# https://stackoverflow.com/questions/5238377/nginx-location-priority
|
||||
|
||||
# for exact / requests, redirect based on $lang
|
||||
# cache redirect for 5 minutes
|
||||
location = / {
|
||||
if ($lang != '') {
|
||||
return 302 $scheme://$host/$lang/;
|
||||
}
|
||||
try_files /en-US/index.html =404;
|
||||
expires 5m;
|
||||
}
|
||||
|
||||
# cache /<lang>/main.f40e91d908a068a2.js forever since they never change
|
||||
location ~ ^/([a-z][a-z])/(.+\..+\.(js|css)) {
|
||||
try_files $uri =404;
|
||||
expires 1y;
|
||||
}
|
||||
# cache everything else for 5 minutes
|
||||
location ~ ^/([a-z][a-z])$ {
|
||||
try_files $uri /$1/index.html /en-US/index.html =404;
|
||||
expires 5m;
|
||||
}
|
||||
location ~ ^/([a-z][a-z])/ {
|
||||
try_files $uri /$1/index.html /en-US/index.html =404;
|
||||
expires 5m;
|
||||
}
|
||||
|
||||
# cache /resources/** for 1 week since they don't change often
|
||||
location /resources {
|
||||
try_files $uri /en-US/index.html;
|
||||
expires 1w;
|
||||
}
|
||||
# cache /main.f40e91d908a068a2.js forever since they never change
|
||||
location ~* ^/.+\..+\.(js|css) {
|
||||
try_files /$lang/$uri /en-US/$uri =404;
|
||||
expires 1y;
|
||||
}
|
||||
# catch-all for all URLs i.e. /address/foo /tx/foo /block/000
|
||||
# cache 5 minutes since they change frequently
|
||||
location / {
|
||||
try_files /$lang/$uri $uri /en-US/$uri /en-US/index.html =404;
|
||||
expires 5m;
|
||||
}
|
44
pkgs/mempool/nginx-conf/mempool/mempool.conf
Normal file
44
pkgs/mempool/nginx-conf/mempool/mempool.conf
Normal file
|
@ -0,0 +1,44 @@
|
|||
access_log /var/log/nginx/access_mempool.log;
|
||||
error_log /var/log/nginx/error_mempool.log;
|
||||
|
||||
root /var/www/mempool/browser;
|
||||
|
||||
index index.html;
|
||||
|
||||
# enable browser and proxy caching
|
||||
add_header Cache-Control "public, no-transform";
|
||||
|
||||
# vary cache if user changes language preference
|
||||
add_header Vary Accept-Language;
|
||||
add_header Vary Cookie;
|
||||
|
||||
include mempool/location-static.conf;
|
||||
|
||||
# static API docs
|
||||
location = /api {
|
||||
try_files $uri $uri/ /en-US/index.html =404;
|
||||
}
|
||||
location = /api/ {
|
||||
try_files $uri $uri/ /en-US/index.html =404;
|
||||
}
|
||||
|
||||
location /api/v1/ws {
|
||||
proxy_pass http://127.0.0.1:8999/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
||||
location /api/v1 {
|
||||
proxy_pass http://127.0.0.1:8999/api/v1;
|
||||
}
|
||||
location /api/ {
|
||||
proxy_pass http://127.0.0.1:8999/api/v1/;
|
||||
}
|
||||
|
||||
# mainnet API
|
||||
location /ws {
|
||||
proxy_pass http://127.0.0.1:8999/;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "Upgrade";
|
||||
}
|
82
pkgs/mempool/nginx-conf/nginx.conf
Normal file
82
pkgs/mempool/nginx-conf/nginx.conf
Normal file
|
@ -0,0 +1,82 @@
|
|||
user nobody;
|
||||
pid /var/run/nginx.pid;
|
||||
|
||||
worker_processes auto;
|
||||
worker_rlimit_nofile 100000;
|
||||
|
||||
events {
|
||||
worker_connections 9000;
|
||||
multi_accept on;
|
||||
}
|
||||
|
||||
http {
|
||||
sendfile on;
|
||||
tcp_nopush on;
|
||||
tcp_nodelay on;
|
||||
|
||||
server_tokens off;
|
||||
server_name_in_redirect off;
|
||||
|
||||
include /etc/nginx/mime.types;
|
||||
default_type application/octet-stream;
|
||||
|
||||
access_log /var/log/nginx/access.log;
|
||||
error_log /var/log/nginx/error.log;
|
||||
|
||||
# reset timed out connections freeing ram
|
||||
reset_timedout_connection on;
|
||||
# maximum time between packets the client can pause when sending nginx any data
|
||||
client_body_timeout 10s;
|
||||
# maximum time the client has to send the entire header to nginx
|
||||
client_header_timeout 10s;
|
||||
# timeout which a single keep-alive client connection will stay open
|
||||
keepalive_timeout 69s;
|
||||
# maximum time between packets nginx is allowed to pause when sending the client data
|
||||
send_timeout 69s;
|
||||
|
||||
# number of requests per connection, does not affect SPDY
|
||||
keepalive_requests 1337;
|
||||
|
||||
# enable gzip compression
|
||||
gzip on;
|
||||
gzip_vary on;
|
||||
gzip_comp_level 6;
|
||||
gzip_min_length 1000;
|
||||
gzip_proxied expired no-cache no-store private auth;
|
||||
# text/html is always compressed by gzip module
|
||||
gzip_types application/javascript application/json application/ld+json application/manifest+json application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard;
|
||||
|
||||
# limit request body size
|
||||
client_max_body_size 10m;
|
||||
|
||||
# proxy cache
|
||||
proxy_cache off;
|
||||
proxy_cache_path /var/cache/nginx keys_zone=cache:20m levels=1:2 inactive=600s max_size=500m;
|
||||
types_hash_max_size 2048;
|
||||
|
||||
# exempt localhost from rate limit
|
||||
geo $limited_ip {
|
||||
default 1;
|
||||
127.0.0.1 0;
|
||||
}
|
||||
map $limited_ip $limited_ip_key {
|
||||
1 $binary_remote_addr;
|
||||
0 '';
|
||||
}
|
||||
|
||||
# rate limit requests
|
||||
limit_req_zone $limited_ip_key zone=api:5m rate=200r/m;
|
||||
limit_req_zone $limited_ip_key zone=electrs:5m rate=2000r/m;
|
||||
limit_req_status 429;
|
||||
|
||||
# rate limit connections
|
||||
limit_conn_zone $limited_ip_key zone=websocket:10m;
|
||||
limit_conn_status 429;
|
||||
|
||||
include mempool/http-language.conf;
|
||||
|
||||
server {
|
||||
listen 127.0.0.1:80;
|
||||
include mempool/mempool.conf;
|
||||
}
|
||||
}
|
24
pkgs/nostr-wallet-connect/default.nix
Normal file
24
pkgs/nostr-wallet-connect/default.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{ lib, buildGoModule, fetchFromGitHub }:
|
||||
buildGoModule rec {
|
||||
pname = "nostr-wallet-connect";
|
||||
version = "0.3.0";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "getalby";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "cef8fb278d90c00b6e9345d28e43e9532cae978a";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-iE0nht3PH2R9pTyyrySk759untC7snGt3wTXk4/pjrU=";
|
||||
|
||||
ldflags = [ "-s" "-w" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Generate QRCode to connect apps to lnd Resources";
|
||||
license = licenses.mit;
|
||||
homepage = "https://github.com/LN-Zap/nostr-wallet-connect";
|
||||
maintainers = [ maintainers.abstractequalibrium ];
|
||||
platforms = platforms.linux;
|
||||
};
|
||||
}
|
|
@ -4,21 +4,21 @@ pkgs: pkgsUnstable:
|
|||
inherit (pkgs)
|
||||
bitcoin
|
||||
bitcoind
|
||||
extra-container
|
||||
lightning-loop
|
||||
lightning-pool
|
||||
lndconnect;
|
||||
|
||||
inherit (pkgsUnstable)
|
||||
btcpayserver
|
||||
charge-lnd
|
||||
clightning
|
||||
electrs
|
||||
elementsd
|
||||
fulcrum
|
||||
extra-container
|
||||
hwi
|
||||
lightning-loop
|
||||
lightning-pool
|
||||
lnd
|
||||
lndconnect
|
||||
nbxplorer;
|
||||
|
||||
inherit (pkgsUnstable)
|
||||
fulcrum;
|
||||
|
||||
inherit pkgs pkgsUnstable;
|
||||
}
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
{ lib, buildPythonPackage, fetchurl, cython, pytest, coverage }:
|
||||
{ lib, buildPythonPackageWithDepsCheck, fetchurl, cython, pytest, coverage }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
buildPythonPackageWithDepsCheck rec {
|
||||
pname = "bencoder.pyx";
|
||||
version = "2.0.1";
|
||||
version = "3.0.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/whtsky/bencoder.pyx/archive/v${version}.tar.gz";
|
||||
sha256 = "f3ff92ac706a7e4692bed5e6cbe205963327f3076f55e408eb948659923eac72";
|
||||
url = "https://github.com/whtsky/bencoder.pyx/archive/9a47768f3ceba9df9e6fbaa7c445f59960889009.tar.gz";
|
||||
sha256 = "1yh565xjbbhn49xjfms80ac8psjbzn66n8dcx0x8mn7zzjv06clz";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cython ];
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
{ lib, buildPythonPackage, fetchFromGitHub, colorama, future, six }:
|
||||
buildPythonPackage rec {
|
||||
{ lib, buildPythonPackageWithDepsCheck, fetchFromGitHub, colorama, future, six }:
|
||||
buildPythonPackageWithDepsCheck rec {
|
||||
pname = "chromalog";
|
||||
version = "1.0.5";
|
||||
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
{ lib, stdenv, buildPythonPackage, fetchPypi, asn1crypto, cffi, pkg-config,
|
||||
autoconf, automake, libtool, libffi, requests }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "coincurve";
|
||||
version = "17.0.0";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
hash = "sha256-aNpVr/iYcClS/aPuBP1u1gu2uR+RnGknB4btdmtUi5M";
|
||||
};
|
||||
|
||||
doCheck = false;
|
||||
nativeBuildInputs = [ autoconf automake libtool pkg-config ];
|
||||
propagatedBuildInputs = [ asn1crypto cffi libffi requests ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Cross-platform Python CFFI bindings for libsecp256k1";
|
||||
homepage = "https://github.com/ofek/coincurve";
|
||||
maintainers = with maintainers; [ nixbitcoin ];
|
||||
license = licenses.asl20;
|
||||
};
|
||||
}
|
|
@ -3,9 +3,9 @@ rec {
|
|||
pyPkgsOverrides = self: super: let
|
||||
inherit (self) callPackage;
|
||||
clightningPkg = pkg: callPackage pkg { inherit (nbPkgs.pinned) clightning; };
|
||||
joinmarketPkg = pkg: callPackage pkg { inherit (nbPkgs.joinmarket) version src; };
|
||||
in
|
||||
{
|
||||
coincurve = callPackage ./coincurve {};
|
||||
txzmq = callPackage ./txzmq {};
|
||||
|
||||
pyln-client = clightningPkg ./pyln-client;
|
||||
|
@ -13,24 +13,16 @@ rec {
|
|||
pyln-bolt7 = clightningPkg ./pyln-bolt7;
|
||||
pylightning = clightningPkg ./pylightning;
|
||||
|
||||
# bitstring 3.1.9, required by pyln-proto
|
||||
bitstring = callPackage ./specific-versions/bitstring.nix {};
|
||||
|
||||
# Packages only used by joinmarket
|
||||
bencoderpyx = callPackage ./bencoderpyx {};
|
||||
chromalog = callPackage ./chromalog {};
|
||||
python-bitcointx = callPackage ./python-bitcointx {
|
||||
inherit (nbPkgs) secp256k1;
|
||||
openssl = super.pkgs.openssl_1_1;
|
||||
};
|
||||
python-bitcointx = callPackage ./python-bitcointx { inherit (nbPkgs) secp256k1; };
|
||||
runes = callPackage ./runes {};
|
||||
sha256 = callPackage ./sha256 {};
|
||||
urldecode = callPackage ./urldecode {};
|
||||
};
|
||||
|
||||
# Joinmarket requires a custom package set because it uses older versions of Python pkgs
|
||||
pyPkgsOverridesJoinmarket = self: super: let
|
||||
inherit (self) callPackage;
|
||||
joinmarketPkg = pkg: callPackage pkg { inherit (nbPkgs.joinmarket) version src; };
|
||||
in
|
||||
(pyPkgsOverrides self super) // {
|
||||
joinmarketbase = joinmarketPkg ./jmbase;
|
||||
joinmarketclient = joinmarketPkg ./jmclient;
|
||||
joinmarketbitcoin = joinmarketPkg ./jmbitcoin;
|
||||
|
@ -38,29 +30,24 @@ rec {
|
|||
|
||||
## Specific versions of packages that already exist in nixpkgs
|
||||
|
||||
# cryptography 3.3.2, required by joinmarketdaemon
|
||||
cryptography = callPackage ./specific-versions/cryptography {
|
||||
openssl = super.pkgs.openssl_1_1;
|
||||
cryptography_vectors = callPackage ./specific-versions/cryptography/vectors.nix {};
|
||||
};
|
||||
|
||||
# autobahn 20.12.3, required by joinmarketclient
|
||||
autobahn = callPackage ./specific-versions/autobahn.nix {};
|
||||
|
||||
# pyopenssl 20.0.1, required by joinmarketdaemon
|
||||
pyopenssl = callPackage ./specific-versions/pyopenssl.nix {
|
||||
openssl = super.pkgs.openssl_1_1;
|
||||
};
|
||||
|
||||
# twisted 22.4.0, compatible with pyopenssl 20.0.1
|
||||
twisted = callPackage ./specific-versions/twisted.nix {};
|
||||
# A version of `buildPythonPackage` which checks that Python package
|
||||
# requirements are met.
|
||||
# This was the case for NixOS <= 23.05.
|
||||
# TODO-EXTERNAL: Remove when this is resolved:
|
||||
# https://github.com/NixOS/nixpkgs/issues/253131
|
||||
buildPythonPackageWithDepsCheck = attrs:
|
||||
self.buildPythonPackage (attrs // {
|
||||
dontUsePypaInstall = true;
|
||||
nativeBuildInputs = (attrs.nativeBuildInputs or []) ++ [ self.pipInstallHook ];
|
||||
});
|
||||
};
|
||||
|
||||
nbPython3Packages = (python3.override {
|
||||
packageOverrides = pyPkgsOverrides;
|
||||
}).pkgs;
|
||||
|
||||
nbPython3PackagesJoinmarket = (python3.override {
|
||||
packageOverrides = pyPkgsOverridesJoinmarket;
|
||||
}).pkgs;
|
||||
nbPython3PackagesJoinmarket = nbPython3Packages;
|
||||
}
|
||||
|
|
|
@ -1,12 +1,24 @@
|
|||
{ version, src, lib, buildPythonPackage, fetchurl, future, twisted, service-identity, chromalog, txtorcon }:
|
||||
{ version, src, lib, buildPythonPackageWithDepsCheck, fetchurl, future, twisted, service-identity, chromalog, txtorcon, pyaes }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
buildPythonPackageWithDepsCheck rec {
|
||||
pname = "joinmarketbase";
|
||||
inherit version src;
|
||||
|
||||
postUnpack = "sourceRoot=$sourceRoot/jmbase";
|
||||
|
||||
propagatedBuildInputs = [ future twisted service-identity chromalog txtorcon ];
|
||||
propagatedBuildInputs = [ future twisted service-identity chromalog txtorcon pyaes ];
|
||||
|
||||
patchPhase = ''
|
||||
sed -i 's|twisted==22.4.0|twisted==23.8.0|' setup.py
|
||||
sed -i 's|service-identity==21.1.0|service-identity==23.1.0|' setup.py
|
||||
'';
|
||||
|
||||
# Has no tests
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [
|
||||
"jmbase"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver";
|
||||
|
|
|
@ -1,15 +1,24 @@
|
|||
{ version, src, lib, buildPythonPackage, fetchurl, urldecode, pyaes, python-bitcointx, joinmarketbase }:
|
||||
{ version, src, lib, buildPythonPackageWithDepsCheck, fetchurl, python-bitcointx, joinmarketbase, pytestCheckHook }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
buildPythonPackageWithDepsCheck rec {
|
||||
pname = "joinmarketbitcoin";
|
||||
inherit version src;
|
||||
|
||||
postUnpack = "sourceRoot=$sourceRoot/jmbitcoin";
|
||||
|
||||
propagatedBuildInputs = [ urldecode pyaes python-bitcointx ];
|
||||
propagatedBuildInputs = [ python-bitcointx ];
|
||||
|
||||
checkInputs = [ joinmarketbase ];
|
||||
|
||||
nativeCheckInputs = [
|
||||
pytestCheckHook
|
||||
];
|
||||
|
||||
patchPhase = ''
|
||||
substituteInPlace setup.py \
|
||||
--replace "'python-bitcointx==1.1.3'" "'python-bitcointx==1.1.4'"
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver";
|
||||
maintainers = with maintainers; [ nixbitcoin ];
|
||||
|
|
|
@ -1,22 +1,63 @@
|
|||
{ version, src, lib, buildPythonPackage, fetchurl, future, configparser, joinmarketbase, joinmarketdaemon, mnemonic, argon2_cffi, bencoderpyx, pyaes, joinmarketbitcoin, klein, pyjwt, autobahn }:
|
||||
{
|
||||
pipBuildHook
|
||||
, version
|
||||
, src
|
||||
, lib
|
||||
, buildPythonPackageWithDepsCheck
|
||||
, argon2_cffi
|
||||
, autobahn
|
||||
, bencoderpyx
|
||||
, configparser
|
||||
, fetchurl
|
||||
, future
|
||||
, joinmarketbase
|
||||
, joinmarketbitcoin
|
||||
, joinmarketdaemon
|
||||
, klein
|
||||
, mnemonic
|
||||
, pyjwt
|
||||
, werkzeug
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
buildPythonPackageWithDepsCheck rec {
|
||||
pname = "joinmarketclient";
|
||||
inherit version src;
|
||||
|
||||
postUnpack = "sourceRoot=$sourceRoot/jmclient";
|
||||
|
||||
checkInputs = [ joinmarketbitcoin joinmarketdaemon ];
|
||||
|
||||
propagatedBuildInputs = [ future configparser joinmarketbase mnemonic argon2_cffi bencoderpyx pyaes klein pyjwt autobahn ];
|
||||
propagatedBuildInputs = [
|
||||
argon2_cffi
|
||||
autobahn
|
||||
bencoderpyx
|
||||
configparser
|
||||
future
|
||||
joinmarketbase
|
||||
joinmarketbitcoin
|
||||
joinmarketdaemon
|
||||
klein
|
||||
mnemonic
|
||||
pyjwt
|
||||
werkzeug
|
||||
];
|
||||
|
||||
patchPhase = ''
|
||||
substituteInPlace setup.py \
|
||||
--replace "'klein==20.6.0'" "'klein>=20.6.0'"
|
||||
substituteInPlace setup.py \
|
||||
--replace "'pyjwt==2.4.0'" "'pyjwt==2.5.0'"
|
||||
--replace "'argon2_cffi==21.3.0'" "'argon2_cffi==23.1.0'"
|
||||
substituteInPlace setup.py \
|
||||
--replace "'pyjwt==2.4.0'" "'pyjwt==2.8.0'"
|
||||
substituteInPlace setup.py \
|
||||
--replace "'werkzeug==2.2.3'" "'werkzeug==2.3.7'"
|
||||
'';
|
||||
|
||||
# The unit tests can't be run in a Nix build environment
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [
|
||||
"jmclient"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Client library for Bitcoin coinjoins";
|
||||
homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ version, src, lib, buildPythonPackage, fetchurl, txtorcon, cryptography, pyopenssl, libnacl, joinmarketbase }:
|
||||
{ version, src, lib, buildPythonPackageWithDepsCheck, fetchurl, txtorcon, cryptography, pyopenssl, libnacl, joinmarketbase }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
buildPythonPackageWithDepsCheck rec {
|
||||
pname = "joinmarketdaemon";
|
||||
inherit version src;
|
||||
|
||||
|
@ -8,6 +8,22 @@ buildPythonPackage rec {
|
|||
|
||||
propagatedBuildInputs = [ txtorcon cryptography pyopenssl libnacl joinmarketbase ];
|
||||
|
||||
patchPhase = ''
|
||||
substituteInPlace setup.py \
|
||||
--replace "'txtorcon==22.0.0'" "'txtorcon==23.5.0'"
|
||||
substituteInPlace setup.py \
|
||||
--replace "'libnacl==1.8.0'" "'libnacl==2.1.0'"
|
||||
substituteInPlace setup.py \
|
||||
--replace "'cryptography==41.0.2" "'cryptography==41.0.3"
|
||||
'';
|
||||
|
||||
# The unit tests can't be run in a Nix build environment
|
||||
doCheck = false;
|
||||
|
||||
pythonImportsCheck = [
|
||||
"jmdaemon"
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Client library for Bitcoin coinjoins";
|
||||
homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ buildPythonPackage, clightning, pyln-client }:
|
||||
{ buildPythonPackageWithDepsCheck, clightning, pyln-client }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
buildPythonPackageWithDepsCheck rec {
|
||||
pname = "pylightning";
|
||||
version = "0.10.1"; # defined in ${src}/contrib/pyln-client/pyln/client/__init__.py
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ buildPythonPackage, poetry-core, pytestCheckHook, clightning, pyln-proto }:
|
||||
{ buildPythonPackageWithDepsCheck, poetry-core, pytestCheckHook, clightning, pyln-proto }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
buildPythonPackageWithDepsCheck rec {
|
||||
pname = "pyln-bolt7";
|
||||
# The version is defined here:
|
||||
# https://github.com/ElementsProject/lightning/blob/master/contrib/pyln-spec/bolt7/pyproject.toml
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ buildPythonPackage, poetry-core, pytestCheckHook, clightning, pyln-bolt7, pyln-proto }:
|
||||
{ buildPythonPackageWithDepsCheck, poetry-core, pytestCheckHook, clightning, pyln-bolt7, pyln-proto }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
buildPythonPackageWithDepsCheck rec {
|
||||
pname = "pyln-client";
|
||||
version = clightning.version;
|
||||
format = "pyproject";
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ buildPythonPackage
|
||||
{ buildPythonPackageWithDepsCheck
|
||||
, clightning
|
||||
, poetry-core
|
||||
, pytestCheckHook
|
||||
|
@ -6,9 +6,10 @@
|
|||
, cryptography
|
||||
, coincurve
|
||||
, base58
|
||||
, pysocks
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
buildPythonPackageWithDepsCheck rec {
|
||||
pname = "pyln-proto";
|
||||
version = clightning.version;
|
||||
format = "pyproject";
|
||||
|
@ -22,13 +23,10 @@ buildPythonPackage rec {
|
|||
cryptography
|
||||
coincurve
|
||||
base58
|
||||
pysocks
|
||||
];
|
||||
|
||||
checkInputs = [ pytestCheckHook ];
|
||||
|
||||
postUnpack = "sourceRoot=$sourceRoot/contrib/pyln-proto";
|
||||
|
||||
postPatch = ''
|
||||
sed -i 's|cryptography = "^36.0.1"|cryptography = "^38.0.0"|' pyproject.toml
|
||||
'';
|
||||
}
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
{ lib, buildPythonPackage, fetchurl, secp256k1, openssl }:
|
||||
{ lib, buildPythonPackageWithDepsCheck, fetchFromGitHub, secp256k1 }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
buildPythonPackageWithDepsCheck rec {
|
||||
pname = "python-bitcointx";
|
||||
version = "1.1.3";
|
||||
version = "1.1.4";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/Simplexum/${pname}/archive/${pname}-v${version}.tar.gz";
|
||||
sha256 = "f0f487c29619df0e94a04f6deb3dc950ff9954c072017bd3eda90f73c24f0953";
|
||||
src = fetchFromGitHub {
|
||||
owner = "Simplexum";
|
||||
repo = "python-bitcointx";
|
||||
rev = "python-bitcointx-v${version}";
|
||||
hash = "sha256-y8/cyLQr3GbpYqCg8LKTfyL0OX7eIo5AxjdFTWTqHmk=";
|
||||
};
|
||||
|
||||
patchPhase = ''
|
||||
|
@ -14,8 +16,6 @@ buildPythonPackage rec {
|
|||
substituteInPlace "bitcointx/$path" \
|
||||
--replace "ctypes.util.find_library('secp256k1')" "'${secp256k1}/lib/libsecp256k1.so'"
|
||||
done
|
||||
substituteInPlace bitcointx/core/key.py \
|
||||
--replace "ctypes.util.find_library('ssl')" "'${openssl.out}/lib/libssl.so'"
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
|
|
|
@ -9,7 +9,7 @@ cd "$TMPDIR"
|
|||
echo "Fetching latest release"
|
||||
git clone https://github.com/simplexum/python-bitcointx 2> /dev/null
|
||||
cd python-bitcointx
|
||||
latest=python-bitcointx-v1.1.3
|
||||
latest=python-bitcointx-v1.1.4
|
||||
echo "Latest release is ${latest}"
|
||||
|
||||
# GPG verification
|
||||
|
@ -19,6 +19,8 @@ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys B17A35BBA187395784E2A6B3
|
|||
echo "Verifying latest release"
|
||||
git verify-commit "$latest"
|
||||
|
||||
git checkout -q "tags/$latest"
|
||||
rm -rf .git
|
||||
|
||||
echo "tag: $latest"
|
||||
# The prefix option is necessary because GitHub prefixes the archive contents in this format
|
||||
echo "sha256: $(git archive --format tar.gz --prefix=python-bitcointx-"$latest"/ "$latest" | sha256sum | cut -d\ -f1)"
|
||||
nix hash path .
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ sha256, lib, buildPythonPackage, fetchFromGitHub }:
|
||||
{ sha256, lib, buildPythonPackageWithDepsCheck, fetchFromGitHub }:
|
||||
|
||||
buildPythonPackage {
|
||||
buildPythonPackageWithDepsCheck {
|
||||
pname = "runes";
|
||||
version = "0.4.0";
|
||||
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ lib, buildPythonPackage, fetchFromGitHub, cython }:
|
||||
{ lib, buildPythonPackageWithDepsCheck, fetchFromGitHub, cython }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
buildPythonPackageWithDepsCheck rec {
|
||||
pname = "sha256";
|
||||
version = builtins.substring 0 8 src.rev;
|
||||
|
||||
|
|
40
pkgs/python-packages/specific-versions/bitstring.nix
Normal file
40
pkgs/python-packages/specific-versions/bitstring.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchFromGitHub
|
||||
, fetchpatch
|
||||
, unittestCheckHook
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "bitstring";
|
||||
version = "3.1.9";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "scott-griffiths";
|
||||
repo = pname;
|
||||
rev = "bitstring-${version}";
|
||||
sha256 = "0y2kcq58psvl038r6dhahhlhp1wjgr5zsms45wyz1naq6ri8x9qa";
|
||||
};
|
||||
|
||||
patches = [
|
||||
(fetchpatch {
|
||||
name = "fix-running-unit-tests-using-unittest-hook.patch";
|
||||
url = "https://github.com/scott-griffiths/bitstring/commit/e5ee3fd41cad2ea761f4450b13b0424ae7262331.patch";
|
||||
hash = "sha256-+ZGywIfQQcYXJlYZBi402ONnysYm66G5zE4duJE40h8=";
|
||||
})
|
||||
];
|
||||
|
||||
checkInputs = [ unittestCheckHook ];
|
||||
|
||||
unittestFlagsArray = [ "-s" "test" ];
|
||||
|
||||
pythonImportsCheck = [ "bitstring" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "Module for binary data manipulation";
|
||||
homepage = "https://github.com/scott-griffiths/bitstring";
|
||||
license = licenses.mit;
|
||||
platforms = platforms.unix;
|
||||
maintainers = with maintainers; [ bjornfor ];
|
||||
};
|
||||
}
|
|
@ -1,83 +0,0 @@
|
|||
# Copied from nixpkgs rev c7d0dbe094c988209edac801eb2a0cc21aa498d8
|
||||
|
||||
{ lib, stdenv
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, fetchpatch
|
||||
, isPy27
|
||||
, ipaddress
|
||||
, openssl
|
||||
, cryptography_vectors
|
||||
, darwin
|
||||
, packaging
|
||||
, six
|
||||
, pythonOlder
|
||||
, isPyPy
|
||||
, cffi
|
||||
, pytest
|
||||
, pretend
|
||||
, iso8601
|
||||
, pytz
|
||||
, hypothesis
|
||||
, enum34
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "cryptography";
|
||||
version = "3.3.2"; # Also update the hash in vectors.nix
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s";
|
||||
};
|
||||
|
||||
outputs = [ "out" "dev" ];
|
||||
|
||||
nativeBuildInputs = lib.optionals (!isPyPy) [
|
||||
cffi
|
||||
];
|
||||
|
||||
buildInputs = [ openssl ]
|
||||
++ lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
|
||||
propagatedBuildInputs = [
|
||||
packaging
|
||||
six
|
||||
] ++ lib.optionals (!isPyPy) [
|
||||
cffi
|
||||
] ++ lib.optionals isPy27 [
|
||||
ipaddress enum34
|
||||
];
|
||||
|
||||
checkInputs = [
|
||||
cryptography_vectors
|
||||
hypothesis
|
||||
iso8601
|
||||
pretend
|
||||
pytest
|
||||
pytz
|
||||
];
|
||||
|
||||
checkPhase = ''
|
||||
py.test --disable-pytest-warnings tests
|
||||
'';
|
||||
|
||||
# IOKit's dependencies are inconsistent between OSX versions, so this is the best we
|
||||
# can do until nix 1.11's release
|
||||
__impureHostDeps = [ "/usr/lib" ];
|
||||
|
||||
meta = with lib; {
|
||||
description = "A package which provides cryptographic recipes and primitives";
|
||||
longDescription = ''
|
||||
Cryptography includes both high level recipes and low level interfaces to
|
||||
common cryptographic algorithms such as symmetric ciphers, message
|
||||
digests, and key derivation functions.
|
||||
Our goal is for it to be your "cryptographic standard library". It
|
||||
supports Python 2.7, Python 3.5+, and PyPy 5.4+.
|
||||
'';
|
||||
homepage = "https://github.com/pyca/cryptography";
|
||||
changelog = "https://cryptography.io/en/latest/changelog/#v"
|
||||
+ replaceStrings [ "." ] [ "-" ] version;
|
||||
license = with licenses; [ asl20 bsd3 psfl ];
|
||||
maintainers = with maintainers; [ primeos ];
|
||||
};
|
||||
}
|
|
@ -1,25 +0,0 @@
|
|||
# Copied from nixpkgs rev c7d0dbe094c988209edac801eb2a0cc21aa498d8
|
||||
|
||||
{ buildPythonPackage, fetchPypi, lib, cryptography }:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "cryptography_vectors";
|
||||
# The test vectors must have the same version as the cryptography package:
|
||||
version = cryptography.version;
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "1yhaps0f3h2yjb6lmz953z1l1d84y9swk4k3gj9nqyk4vbx5m7cc";
|
||||
};
|
||||
|
||||
# No tests included
|
||||
doCheck = false;
|
||||
|
||||
meta = with lib; {
|
||||
description = "Test vectors for the cryptography package";
|
||||
homepage = "https://cryptography.io/en/latest/development/test-vectors/";
|
||||
# Source: https://github.com/pyca/cryptography/tree/master/vectors;
|
||||
license = with licenses; [ asl20 bsd3 ];
|
||||
maintainers = with maintainers; [ primeos ];
|
||||
};
|
||||
}
|
|
@ -1,92 +0,0 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, openssl
|
||||
, cryptography
|
||||
, pyasn1
|
||||
, idna
|
||||
, pytest
|
||||
, pretend
|
||||
, flaky
|
||||
, glibcLocales
|
||||
, six
|
||||
}:
|
||||
|
||||
let
|
||||
# https://github.com/pyca/pyopenssl/issues/791
|
||||
# These tests, we disable in the case that libressl is passed in as openssl.
|
||||
failingLibresslTests = [
|
||||
"test_op_no_compression"
|
||||
"test_npn_advertise_error"
|
||||
"test_npn_select_error"
|
||||
"test_npn_client_fail"
|
||||
"test_npn_success"
|
||||
"test_use_certificate_chain_file_unicode"
|
||||
"test_use_certificate_chain_file_bytes"
|
||||
"test_add_extra_chain_cert"
|
||||
"test_set_session_id_fail"
|
||||
"test_verify_with_revoked"
|
||||
"test_set_notAfter"
|
||||
"test_set_notBefore"
|
||||
];
|
||||
|
||||
# these tests are extremely tightly wed to the exact output of the openssl cli tool,
|
||||
# including exact punctuation.
|
||||
failingOpenSSL_1_1Tests = [
|
||||
"test_dump_certificate"
|
||||
"test_dump_privatekey_text"
|
||||
"test_dump_certificate_request"
|
||||
"test_export_text"
|
||||
];
|
||||
|
||||
disabledTests = [
|
||||
# https://github.com/pyca/pyopenssl/issues/692
|
||||
# These tests, we disable always.
|
||||
"test_set_default_verify_paths"
|
||||
"test_fallback_default_verify_paths"
|
||||
# https://github.com/pyca/pyopenssl/issues/768
|
||||
"test_wantWriteError"
|
||||
] ++ (
|
||||
lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) failingLibresslTests
|
||||
) ++ (
|
||||
lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") failingOpenSSL_1_1Tests
|
||||
) ++ (
|
||||
# https://github.com/pyca/pyopenssl/issues/974
|
||||
lib.optionals stdenv.is32bit [ "test_verify_with_time" ]
|
||||
);
|
||||
|
||||
# Compose the final string expression, including the "-k" and the single quotes.
|
||||
testExpression = lib.optionalString (disabledTests != [])
|
||||
"-k 'not ${lib.concatStringsSep " and not " disabledTests}'";
|
||||
|
||||
in
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "pyopenssl";
|
||||
version = "20.0.1";
|
||||
|
||||
src = fetchPypi {
|
||||
pname = "pyOpenSSL";
|
||||
inherit version;
|
||||
sha256 = "4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51";
|
||||
};
|
||||
|
||||
outputs = [ "out" "dev" ];
|
||||
|
||||
checkPhase = ''
|
||||
runHook preCheck
|
||||
export LANG="en_US.UTF-8"
|
||||
py.test tests ${testExpression}
|
||||
runHook postCheck
|
||||
'';
|
||||
|
||||
# Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1
|
||||
# for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
|
||||
doCheck = !stdenv.isDarwin;
|
||||
|
||||
nativeBuildInputs = [ openssl ];
|
||||
propagatedBuildInputs = [ cryptography pyasn1 idna six ];
|
||||
|
||||
checkInputs = [ pytest pretend flaky glibcLocales ];
|
||||
}
|
|
@ -1,173 +0,0 @@
|
|||
{ lib
|
||||
, stdenv
|
||||
, buildPythonPackage
|
||||
, pythonOlder
|
||||
, fetchPypi
|
||||
, python
|
||||
, appdirs
|
||||
, attrs
|
||||
, automat
|
||||
, bcrypt
|
||||
, constantly
|
||||
, contextvars
|
||||
, cryptography
|
||||
, git
|
||||
, glibcLocales
|
||||
, h2
|
||||
, hyperlink
|
||||
, idna
|
||||
, incremental
|
||||
, priority
|
||||
, pyasn1
|
||||
, pyhamcrest
|
||||
, pynacl
|
||||
, pyopenssl
|
||||
, pyserial
|
||||
, service-identity
|
||||
, setuptools
|
||||
, typing-extensions
|
||||
, zope_interface
|
||||
|
||||
# for passthru.tests
|
||||
, cassandra-driver
|
||||
, klein
|
||||
, magic-wormhole
|
||||
, scrapy
|
||||
, treq
|
||||
, txaio
|
||||
, txamqp
|
||||
, txrequests
|
||||
, txtorcon
|
||||
, thrift
|
||||
, nixosTests
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
pname = "twisted";
|
||||
version = "22.4.0";
|
||||
format = "setuptools";
|
||||
|
||||
disabled = pythonOlder "3.6";
|
||||
|
||||
src = fetchPypi {
|
||||
pname = "Twisted";
|
||||
inherit version;
|
||||
extension = "tar.gz";
|
||||
sha256 = "sha256-oEeZD1ffrh4L0rffJSbU8W3NyEN3TcEIt4xS8qXxNoA=";
|
||||
};
|
||||
|
||||
__darwinAllowLocalNetworking = true;
|
||||
|
||||
propagatedBuildInputs = [
|
||||
attrs
|
||||
automat
|
||||
constantly
|
||||
hyperlink
|
||||
incremental
|
||||
setuptools
|
||||
typing-extensions
|
||||
zope_interface
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
echo 'ListingTests.test_localeIndependent.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
|
||||
echo 'ListingTests.test_newFile.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
|
||||
echo 'ListingTests.test_newSingleDigitDayOfMonth.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
|
||||
echo 'ListingTests.test_oldFile.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
|
||||
echo 'ListingTests.test_oldSingleDigitDayOfMonth.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
|
||||
|
||||
echo 'PTYProcessTestsBuilder_AsyncioSelectorReactorTests.test_openFileDescriptors.skip = "invalid syntax"'>> src/twisted/internet/test/test_process.py
|
||||
echo 'PTYProcessTestsBuilder_SelectReactorTests.test_openFileDescriptors.skip = "invalid syntax"'>> src/twisted/internet/test/test_process.py
|
||||
|
||||
echo 'UNIXTestsBuilder_AsyncioSelectorReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py
|
||||
echo 'UNIXTestsBuilder_SelectReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py
|
||||
|
||||
echo 'FileObserverTests.test_getTimezoneOffsetEastOfUTC.skip = "mktime argument out of range"'>> src/twisted/test/test_log.py
|
||||
echo 'FileObserverTests.test_getTimezoneOffsetWestOfUTC.skip = "mktime argument out of range"'>> src/twisted/test/test_log.py
|
||||
echo 'FileObserverTests.test_getTimezoneOffsetWithoutDaylightSavingTime.skip = "tuple differs, values not"'>> src/twisted/test/test_log.py
|
||||
|
||||
echo 'MulticastTests.test_joinLeave.skip = "No such device"'>> src/twisted/test/test_udp.py
|
||||
echo 'MulticastTests.test_loopback.skip = "No such device"'>> src/twisted/test/test_udp.py
|
||||
echo 'MulticastTests.test_multicast.skip = "Reactor was unclean"'>> src/twisted/test/test_udp.py
|
||||
echo 'MulticastTests.test_multiListen.skip = "No such device"'>> src/twisted/test/test_udp.py
|
||||
|
||||
echo 'DomishExpatStreamTests.test_namespaceWithWhitespace.skip = "syntax error: line 1, column 0"'>> src/twisted/words/test/test_domish.py
|
||||
|
||||
# not packaged
|
||||
substituteInPlace src/twisted/test/test_failure.py \
|
||||
--replace "from cython_test_exception_raiser import raiser # type: ignore[import]" "raiser = None"
|
||||
'' + lib.optionalString stdenv.isLinux ''
|
||||
echo 'PTYProcessTestsBuilder_EPollReactorTests.test_openFileDescriptors.skip = "invalid syntax"'>> src/twisted/internet/test/test_process.py
|
||||
echo 'PTYProcessTestsBuilder_PollReactorTests.test_openFileDescriptors.skip = "invalid syntax"'>> src/twisted/internet/test/test_process.py
|
||||
echo 'UNIXTestsBuilder_EPollReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py
|
||||
echo 'UNIXTestsBuilder_PollReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py
|
||||
|
||||
# Patch t.p._inotify to point to libc. Without this,
|
||||
# twisted.python.runtime.platform.supportsINotify() == False
|
||||
substituteInPlace src/twisted/python/_inotify.py --replace \
|
||||
"ctypes.util.find_library(\"c\")" "'${stdenv.cc.libc}/lib/libc.so.6'"
|
||||
'' + lib.optionalString (stdenv.isAarch64 && stdenv.isDarwin) ''
|
||||
echo 'AbortConnectionTests_AsyncioSelectorReactorTests.test_fullWriteBufferAfterByteExchange.skip = "Timeout after 120 seconds"' >> src/twisted/internet/test/test_tcp.py
|
||||
echo 'AbortConnectionTests_AsyncioSelectorReactorTests.test_resumeProducingAbort.skip = "Timeout after 120 seconds"' >> src/twisted/internet/test/test_tcp.py
|
||||
'';
|
||||
|
||||
# Generate Twisted's plug-in cache. Twisted users must do it as well. See
|
||||
# http://twistedmatrix.com/documents/current/core/howto/plugin.html#auto3
|
||||
# and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477103 for details.
|
||||
postFixup = ''
|
||||
$out/bin/twistd --help > /dev/null
|
||||
'';
|
||||
|
||||
checkInputs = [
|
||||
git
|
||||
glibcLocales
|
||||
pyhamcrest
|
||||
]
|
||||
++ passthru.optional-dependencies.conch
|
||||
# not supported on aarch64-darwin: https://github.com/pyca/pyopenssl/issues/873
|
||||
++ lib.optionals (!(stdenv.isDarwin && stdenv.isAarch64)) passthru.optional-dependencies.tls;
|
||||
|
||||
checkPhase = ''
|
||||
export SOURCE_DATE_EPOCH=315532800
|
||||
export PATH=$out/bin:$PATH
|
||||
# race conditions when running in paralell
|
||||
${python.interpreter} -m twisted.trial twisted
|
||||
'';
|
||||
|
||||
passthru = {
|
||||
optional-dependencies = rec {
|
||||
conch = [ appdirs bcrypt cryptography pyasn1 ];
|
||||
conch_nacl = conch ++ [ pynacl ];
|
||||
contextvars = lib.optionals (pythonOlder "3.7") [ contextvars ];
|
||||
http2 = [ h2 priority ];
|
||||
serial = [ pyserial ];
|
||||
tls = [ idna pyopenssl service-identity ];
|
||||
};
|
||||
|
||||
tests = {
|
||||
inherit
|
||||
cassandra-driver
|
||||
klein
|
||||
magic-wormhole
|
||||
scrapy
|
||||
treq
|
||||
txaio
|
||||
txamqp
|
||||
txrequests
|
||||
txtorcon
|
||||
thrift;
|
||||
inherit (nixosTests) buildbot matrix-synapse;
|
||||
};
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
homepage = "https://github.com/twisted/twisted";
|
||||
description = "Twisted, an event-driven networking engine written in Python";
|
||||
longDescription = ''
|
||||
Twisted is an event-driven networking engine written in Python
|
||||
and licensed under the MIT license.
|
||||
'';
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ SuperSandro2000 ];
|
||||
};
|
||||
}
|
|
@ -1,8 +1,9 @@
|
|||
{ lib
|
||||
, buildPythonPackage
|
||||
, fetchPypi
|
||||
, twisted
|
||||
, pyzmq
|
||||
, setuptools
|
||||
, twisted
|
||||
}:
|
||||
|
||||
buildPythonPackage rec {
|
||||
|
@ -16,8 +17,9 @@ buildPythonPackage rec {
|
|||
};
|
||||
|
||||
propagatedBuildInputs = [
|
||||
twisted
|
||||
pyzmq
|
||||
setuptools
|
||||
twisted
|
||||
];
|
||||
|
||||
meta = with lib; {
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
{ lib, buildPythonPackage, fetchPypi }:
|
||||
buildPythonPackage rec {
|
||||
pname = "urldecode";
|
||||
version = "0.1";
|
||||
|
||||
src = fetchPypi {
|
||||
inherit pname version;
|
||||
sha256 = "0w8my7kdwxppsfzzi1b2cxhypm6r1fsrnb2hnd752axq4gfsddjj";
|
||||
};
|
||||
|
||||
meta = with lib; {
|
||||
description = "A simple function to decode an encoded url";
|
||||
homepage = "https://github.com/jennyq/urldecode";
|
||||
maintainers = with maintainers; [ nixbitcoin ];
|
||||
};
|
||||
}
|
|
@ -1,7 +1,7 @@
|
|||
{ lib
|
||||
, stdenvNoCC
|
||||
, nodejs-16_x
|
||||
, nodejs-slim-16_x
|
||||
, nodejs-18_x
|
||||
, nodejs-slim-18_x
|
||||
, fetchNodeModules
|
||||
, fetchpatch
|
||||
, fetchurl
|
||||
|
@ -10,23 +10,23 @@
|
|||
}:
|
||||
let self = stdenvNoCC.mkDerivation {
|
||||
pname = "rtl";
|
||||
version = "0.13.6";
|
||||
version = "0.14.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://github.com/Ride-The-Lightning/RTL/archive/refs/tags/v${self.version}.tar.gz";
|
||||
hash = "sha256-eyRM28h2TV3IyW4hDPHj/wMJxLEZin7AqWQZGQt5mV4=";
|
||||
hash = "sha256-sbV7d/imdCXglpAS3hh7fETvSxMzegi63AfbS1imqbk=";
|
||||
};
|
||||
|
||||
passthru = {
|
||||
nodejs = nodejs-16_x;
|
||||
nodejsRuntime = nodejs-slim-16_x;
|
||||
nodejs = nodejs-18_x;
|
||||
nodejsRuntime = nodejs-slim-18_x;
|
||||
|
||||
nodeModules = fetchNodeModules {
|
||||
inherit (self) src nodejs;
|
||||
# TODO-EXTERNAL: Remove `npmFlags` when no longer required
|
||||
# See: https://github.com/Ride-The-Lightning/RTL/issues/1182
|
||||
npmFlags = "--legacy-peer-deps";
|
||||
hash = "sha256-C4yK6deYXPrTa383aXiHoO0w3JAMIfAaESCEy9KKY2k=";
|
||||
hash = "sha256-0fu14j4OvsYGBhu/p67EUFmuHCbIPlLVm4e8qd9tk3o=";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
set -euo pipefail
|
||||
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "gnupg wget gnused" "$@"
|
||||
|
||||
version="0.13.6"
|
||||
version="0.14.1"
|
||||
repo=https://github.com/Ride-The-Lightning/RTL
|
||||
|
||||
scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
# This file has been generated by node2nix 1.9.0. Do not edit!
|
||||
|
||||
{pkgs ? import <nixpkgs> {
|
||||
inherit system;
|
||||
}, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-14_x"}:
|
||||
|
||||
let
|
||||
nodeEnv = import (pkgs.path + "/pkgs/development/node-packages/node-env.nix") {
|
||||
inherit (pkgs) stdenv lib python2 runCommand writeTextFile writeShellScript;
|
||||
inherit pkgs nodejs;
|
||||
libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
|
||||
};
|
||||
in
|
||||
import ./node-packages.nix {
|
||||
inherit (pkgs) fetchurl nix-gitignore stdenv lib fetchgit;
|
||||
inherit nodeEnv;
|
||||
}
|
|
@ -1,16 +0,0 @@
|
|||
{ pkgs, lib }:
|
||||
let
|
||||
nodePackages = import ./composition.nix { inherit pkgs; };
|
||||
in
|
||||
nodePackages.package.override {
|
||||
# Required because spark-wallet uses `npm-shrinkwrap.json` as the lock file
|
||||
reconstructLock = true;
|
||||
|
||||
meta = with lib; {
|
||||
description = "A minimalistic wallet GUI for c-lightning";
|
||||
homepage = "https://github.com/shesek/spark-wallet";
|
||||
license = licenses.mit;
|
||||
maintainers = with maintainers; [ nixbitcoin erikarvstedt ];
|
||||
platforms = platforms.unix;
|
||||
};
|
||||
}
|
|
@ -1,58 +0,0 @@
|
|||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "nodePackages.node2nix gnupg wget jq moreutils gnused" "$@"
|
||||
|
||||
TMPDIR=$(mktemp -d -p /tmp)
|
||||
trap 'rm -rf $TMPDIR' EXIT
|
||||
|
||||
version="0.3.1"
|
||||
repo=https://github.com/shesek/spark-wallet
|
||||
|
||||
# Fetch and verify source tarball
|
||||
file=spark-wallet-${version}-npm.tgz
|
||||
url=$repo/releases/download/v${version}/$file
|
||||
export GNUPGHOME=$TMPDIR
|
||||
gpg --keyserver hkps://keyserver.ubuntu.com --recv-key FCF19B67866562F08A43AAD681F6104CD0F150FC
|
||||
wget -P "$TMPDIR" "$url"
|
||||
wget -P "$TMPDIR" "$repo/releases/download/v${version}/SHA256SUMS.asc"
|
||||
gpg --verify "$TMPDIR/SHA256SUMS.asc"
|
||||
(cd "$TMPDIR"; sha256sum --check --ignore-missing SHA256SUMS.asc)
|
||||
hash=$(nix hash file "$TMPDIR/$file")
|
||||
|
||||
# Extract source
|
||||
src=$TMPDIR/src
|
||||
mkdir "$src"
|
||||
tar xvf "$TMPDIR/$file" -C "$src" --strip-components 1 >/dev/null
|
||||
|
||||
# Make qrcode-terminal a strict dependency so that node2nix includes it in the package derivation.
|
||||
jq '.dependencies["qrcode-terminal"] = .optionalDependencies["qrcode-terminal"]' "$src/package.json" | sponge "$src/package.json"
|
||||
|
||||
node2nix \
|
||||
--nodejs-14 \
|
||||
--input "$src/package.json" \
|
||||
--lock "$src/npm-shrinkwrap.json" \
|
||||
--composition composition.nix \
|
||||
--no-copy-node-env
|
||||
|
||||
# Use node-env.nix from nixpkgs
|
||||
# shellcheck disable=SC2016
|
||||
nodeEnvImport='import "${toString pkgs.path}/pkgs/development/node-packages/node-env.nix"'
|
||||
sed -i "s|import ./node-env.nix|$nodeEnvImport|" composition.nix
|
||||
|
||||
# Use the verified package src
|
||||
read -rd '' fetchurl <<EOF || :
|
||||
fetchurl {
|
||||
url = "$url";
|
||||
hash = "$hash";
|
||||
};
|
||||
EOF
|
||||
|
||||
sed -i "
|
||||
# Use the verified package src
|
||||
s|src = .*/src;|src = ${fetchurl//$'\n'/\\n}|
|
||||
|
||||
# github: use HTTPS instead of SSH, which requires user authentication
|
||||
s|git+ssh://git@|https://|
|
||||
s|ssh://git@|https://|
|
||||
s|\.git#|#|
|
||||
" node-packages.nix
|
File diff suppressed because it is too large
Load Diff
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user