Compare commits

..

142 Commits

Author SHA1 Message Date
e612529cd8 Merge tag 'v0.0.101' into feature/nwc 2024-01-15 16:03:55 -05:00
a94f875ba5 nostr-wallet-connect initial code 2024-01-15 15:57:32 -05:00
Jonas Nick
a2e1478a7c
Merge fort-nix/nix-bitcoin#662: Update to NixOS 23.11
85bbdb857a python-bitcointx: 1.1.3 -> 1.1.4 (Erik Arvstedt)
1c07c5fa5c python-packages: add workaround to reenable requirements checking (Erik Arvstedt)
dc1033f1c8 python-packages/joinmarket: update (Erik Arvstedt)
de51f20ccb python-packages/clightning: update (Erik Arvstedt)
e82da35174 examples/deploy-krops: fix duplicate import error (Erik Arvstedt)
b110e2aea6 fetch-node-modules: provide CA certs (Erik Arvstedt)
770a4354b4 btcpayserver: fix PostgreSQL 15 user permissions (Erik Arvstedt)
9efcdaf8bb treewide: use `vendorHash` for golang drvs (Erik Arvstedt)
be2028f2e8 mempool: use `recommendedBrotliSettings` (Erik Arvstedt)
1676445a51 update to NixOS 23.11 (Erik Arvstedt)
e4cb004905 joinmarket: 0.9.9 -> 0.9.10 (nixbitcoin)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 85bbdb857a

Tree-SHA512: d23ac210d4c373a2a726debdf57d96f86adf551ee7f088d460e400446a48b5ae667c60ee7d36f6ec755f48c04d543e7287f2210941af8bc8940013c8ab36473e
2023-12-14 14:26:42 +00:00
Erik Arvstedt
85bbdb857a
python-bitcointx: 1.1.3 -> 1.1.4 2023-12-14 15:00:28 +01:00
Erik Arvstedt
1c07c5fa5c
python-packages: add workaround to reenable requirements checking 2023-12-14 14:53:10 +01:00
Erik Arvstedt
dc1033f1c8
python-packages/joinmarket: update
- Add `doCheck = false` and `pythonImportsCheck` where appropriate.
  This is good practice in general, but specifically works around a
  `buildPythonPackage` bug where the test phase fails due to a
  requirements check that is unrelated to testing.

- Enable tests for `jmbitcoin`.

- Patch some requirements. I've checked the release notes of the
  required deps for backwards compatibility.
2023-12-14 14:53:10 +01:00
Erik Arvstedt
de51f20ccb
python-packages/clightning: update 2023-12-14 14:51:12 +01:00
Erik Arvstedt
e82da35174
examples/deploy-krops: fix duplicate import error
`qemu-vm.nix` is already imported in `vm-config.nix` but under a
different path.
This causes an "already declared" error on NixOS 23.11.
2023-12-14 14:51:07 +01:00
Erik Arvstedt
b110e2aea6
fetch-node-modules: provide CA certs
Without this, the `npm ci` command in `fetchNodeModules` hangs.

It seems that npm didn't check certs previously, because these are
not availble in Nix build environments by default.
2023-12-14 14:50:31 +01:00
Erik Arvstedt
770a4354b4
btcpayserver: fix PostgreSQL 15 user permissions
Since PostgreSQL 15, DB users need to be DB owners to be able to create tables.

We can't use the new `ensureDBOwnerhip` NixOS option [1] to set this up,
because it requires the PostgreSQL user name and the database name to be
identical, which is not the case for btcpayserver.

Instead, we manually issue a PostgreSQL admin statement similar to the one
used by `ensureDBOwnerhip`.

This method of setting up the user is also compatible with older
PostgreSQL versions that come with older NixOS `system.stateVersion`s.

[1] https://github.com/NixOS/nixpkgs/pull/266270
2023-12-12 11:22:38 +01:00
Erik Arvstedt
9efcdaf8bb
treewide: use vendorHash for golang drvs
`vendorSha256` has been deprecated.
2023-12-12 11:22:38 +01:00
Erik Arvstedt
be2028f2e8
mempool: use recommendedBrotliSettings 2023-12-12 11:22:38 +01:00
Erik Arvstedt
1676445a51
update to NixOS 23.11 2023-12-12 11:22:38 +01:00
nixbitcoin
e4cb004905
joinmarket: 0.9.9 -> 0.9.10 2023-12-02 23:01:15 +01:00
Jonas Nick
1d73b21f10
Merge fort-nix/nix-bitcoin#661: update nixpkgs
457f066e08 tests/trustedcoin: fix (Erik Arvstedt)
f06ee98435 update nixpkgs (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 457f066e08

Tree-SHA512: 7c1529dd8830187c0ee9adfb585747fc41300dc7efe1b8a3304ee6b5903034d8296eccecc744d38b7333a06e4f2c201dbe33d000d8360e030d1e2d16879f9513
2023-11-29 09:28:15 +00:00
Erik Arvstedt
457f066e08
tests/trustedcoin: fix
Sometimes trustedcoin outputs `tip: 0`.
Check for `returning block` instead.
2023-11-28 18:33:27 +00:00
Jonas Nick
f06ee98435
update nixpkgs
btcpayserver: 1.11.6 -> 1.11.7
electrs: 0.9.13 -> 0.10.1
fulcrum: 1.9.2 -> 1.9.7
2023-11-28 18:33:18 +00:00
Jonas Nick
24151b63f8
Merge fort-nix/nix-bitcoin#659: fix pkgconfig -> pkg-config rename
bb17457bc0 fix pkgconfig -> pkg-config rename (Chris Guida)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK bb17457bc0.

Tree-SHA512: ec23c460f53a2251885dcd5cb664033519ca490c519fada888f299e3a04e63fbd1f34e7723b0ee2ecfb4fb666d8528408ebfc1d8461975371faa0d3c1d5584c3
2023-11-13 08:06:18 +00:00
Chris Guida
bb17457bc0 fix pkgconfig -> pkg-config rename 2023-11-10 15:34:35 -06:00
Jonas Nick
a1eacce676
Merge fort-nix/nix-bitcoin#658: presets/wireguard: make compatible with secure-node preset
e784e0ceb8 presets/wireguard: make compatible with `secure-node` preset (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    utACK e784e0ceb8

Tree-SHA512: a5506e487b01b78f9c420314980bb837079c2960a076f1fbf665db26b5325d9e96cef0743a9f66ab681dfc42fe6fabcee736519013c4c4d164b7d0922ebe8edf
2023-11-05 09:50:42 +00:00
Jonas Nick
1090675516
Merge fort-nix/nix-bitcoin#505: Add mempool
1de259485b mempool: add module (Erik Arvstedt)
f0bf94cc5a mempool: init at 2.5.0 (Erik Arvstedt)
8cdedac046 bitcoind-rpc-public-whitelist: add `getindexinfo` (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 1de259485b

Tree-SHA512: f3cbe1eaac6994c6b05f2e560bb2dce564236bcd650e54e4d80ca2b15e20b1d9aa5a9a9c6b9e46ab4f0cf64e8864cbafe884190260c43ba6a1201513605c24f0
2023-11-05 09:41:00 +00:00
Erik Arvstedt
e784e0ceb8
presets/wireguard: make compatible with secure-node preset
Disable Tor enforcement set by the secure-node preset.
2023-11-01 18:29:32 +01:00
Erik Arvstedt
1de259485b
mempool: add module 2023-10-31 13:44:04 +01:00
Erik Arvstedt
f0bf94cc5a
mempool: init at 2.5.0 2023-10-30 11:58:24 +01:00
Erik Arvstedt
8cdedac046
bitcoind-rpc-public-whitelist: add getindexinfo 2023-10-30 11:58:24 +01:00
Jonas Nick
8a8f32a4fa
Merge fort-nix/nix-bitcoin#655: examples/flake.nix: minor improvements
742fd8fdd0 examples/flake.nix: add `inputs.nixpkgs` (Erik Arvstedt)
89ea349312 examples/flake.nix: add comments and extra service (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 742fd8fdd0

Tree-SHA512: 7879d2c4cfa95db7b0310d402f6d8dc78fad1667f6a1021f466b8307e6f62235d113df70cc0932695fd3d80d7b141e7463e03ad45aac93c7e655c59c12c90a2f
2023-10-23 12:35:38 +00:00
Jonas Nick
4c96a8deba
Merge fort-nix/nix-bitcoin#656: update nixpkgs: bitcoin 24.1 -> 25.1
a66c9992d3 tests/trustedcoin: fix test (Erik Arvstedt)
8e2010c1b3 update nixpkgs (Jonas Nick)
2804d4ada0 Revert "bitcoin: replace nixpkgs package with bitcoin{,d} 24.1" (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK a66c9992d3

Tree-SHA512: 6a30a86d64ad1a178ab091f3300291d711cedacd35b056f91f26b9976b83f556a1f7872a32f74c3fd545396f303b4475b9a16dd9c3043914586c5ac615519d59
2023-10-23 12:32:19 +00:00
Erik Arvstedt
a66c9992d3
tests/trustedcoin: fix test
Sometimes the trustedcoin plugin prevents clightning from starting up
in an offline environment.
2023-10-23 12:12:29 +00:00
Erik Arvstedt
742fd8fdd0
examples/flake.nix: add inputs.nixpkgs
To make this template look more like a regular system flake.
2023-10-23 11:47:34 +02:00
Jonas Nick
8e2010c1b3
update nixpkgs
bitcoin: 24.1 -> 25.1
bitcoind: 24.1 -> 25.1
2023-10-23 09:37:40 +00:00
Jonas Nick
2804d4ada0
Revert "bitcoin: replace nixpkgs package with bitcoin{,d} 24.1"
This reverts commit 3650d4befe.
2023-10-23 08:58:10 +00:00
Erik Arvstedt
89ea349312
examples/flake.nix: add comments and extra service
Like in importable-configuration.nix
2023-10-19 09:48:50 +02:00
Jonas Nick
1852305b13
Merge fort-nix/nix-bitcoin#654: update nixpkgs
1fad7c730b update nixpkgs (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 1fad7c730b

Tree-SHA512: 41cd3482e7878daa1152be2e982a2c8a07c464127d670e0e70ab0f80e6ac819b5714c8162efa3b35f7a9bd2633f0a25508044c1b7f60e6a34fdf07f3c0e07333
2023-10-18 12:20:22 +00:00
Erik Arvstedt
1fad7c730b
update nixpkgs
btcpayserver: 1.11.4 -> 1.11.6
fulcrum: 1.9.1 -> 1.9.2
lnd: 0.16.3-beta -> 0.17.0-beta
nbxplorer: 2.3.65 -> 2.3.66

Includes fix for curl CVE-2023-38545 (https://github.com/NixOS/nixpkgs/pull/260381)
2023-10-17 21:10:37 +02:00
Jonas Nick
3e82a56a3b
Merge fort-nix/nix-bitcoin#652: rtl: 0.14.0 -> 0.14.1
b63798ff46 rtl: 0.14.0 -> 0.14.1 (Erik Arvstedt)
c14ebd230c clighting-rest: 0.10.5 -> 0.10.7 (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK b63798ff46

Tree-SHA512: e5f8abcbf1f087d58a6e9df790b8a97bf3543736e8e832d0911172cf357fa158e178ec4bdd3374e82163434ba6c8e030643332b94a1cfa3346e4396cf2a22ac8
2023-10-09 08:03:01 +00:00
Jonas Nick
749901b923
Merge fort-nix/nix-bitcoin#653: Revert "clightning: don't cleanup socket on startup"
fc1466e743 Revert "clightning: don't cleanup socket on startup" (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK fc1466e743

Tree-SHA512: e4139ef9163fe371964cb8ab668f70dc414ecc5169e3d5d7a0637ef61493d51f1416d878abd21b28d5763e089e00ff10a2e8f30103b488871470ad31dd387025
2023-10-09 07:59:33 +00:00
Jonas Nick
aa169f4653
Merge fort-nix/nix-bitcoin#651: treewide: ensure services are started after secrets setup
90ce68cb16 treewide: ensure services are started after secrets setup (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 90ce68cb16

Tree-SHA512: b0872c757235b0c66b714bbb82a2b960af040f8a8171d08ace2b4e7515613e67aa9ab56db9a8acf3f9c45ab774cb0a4583e87d4e00279a6c813102f91908c165
2023-10-09 07:45:10 +00:00
Erik Arvstedt
fc1466e743
Revert "clightning: don't cleanup socket on startup"
Also, add a detailed comment.

Without this commit, clightning client services may fail to start
due to clightning RPC connection failures.
2023-10-08 21:39:46 +02:00
Erik Arvstedt
b63798ff46
rtl: 0.14.0 -> 0.14.1 2023-10-08 20:42:33 +02:00
Erik Arvstedt
c14ebd230c
clighting-rest: 0.10.5 -> 0.10.7 2023-10-08 20:42:33 +02:00
Erik Arvstedt
90ce68cb16
treewide: ensure services are started after secrets setup
Now all services that access secrets only run after the secrets setup
has finished.

Previously, we assumed that the systemd `after` dependency is
transitive, i.e. that adding an `after = [ "bitcoind.service" ]`
to a service implicitly pulled in the `after` dependency to
`nix-bitcoin-secrets.target` (which is defined for `bitcoind`).
This is not the case. Services could start before secrets setup
had finished, leading to service failure.
2023-10-08 13:56:56 +02:00
Jonas Nick
29a32ac53b
Merge fort-nix/nix-bitcoin#648: bitcoin: add shell completions
26cc9e4b60 bitcoin: add shell completions (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  0xB10C:
    Code Review ACK 26cc9e4b60

Tree-SHA512: 78e38c1045d445553d2a84bd51521e17ee216bc98d93b4786658b770b5df464d744e99f0b9af110fb909e31dd7e8bde9ef2f0f33b1cf4d3465710849a9572be8
2023-10-02 09:09:14 +00:00
Jonas Nick
9f28720e45
Merge fort-nix/nix-bitcoin#650: Update install.md
d9f5c41025 Update install.md (bavarianledger)
358a0a0d99 Update install.md (bavarianledger)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK d9f5c41025

Tree-SHA512: 6208ea91cb5983a98ad5082a89f0a16384c490f294cb3268bc2bc15adfcf044209dcb41e8a5bf11980f8a5fc125679ba06ceb0e0e5359829d1390a2bed1878d9
2023-09-29 06:34:43 +00:00
bavarianledger
d9f5c41025
Update install.md
Updated to NixOS 23.05  (built 3701)
2023-09-24 11:00:03 +02:00
bavarianledger
358a0a0d99
Update install.md
Fixed mix of x86_64 and i686 architectures.
2023-09-24 08:35:28 +02:00
7ddbc00f62 Nostr wallet connect 2023-09-20 21:36:18 -04:00
Erik Arvstedt
26cc9e4b60
bitcoin: add shell completions
Backport of https://github.com/NixOS/nixpkgs/pull/256091
2023-09-19 14:19:38 +02:00
Jonas Nick
eaea0f120d
Merge fort-nix/nix-bitcoin#644: update nixpkgs:
c1b370aaa6 update nixpkgs (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK c1b370aaa6

Tree-SHA512: a8b0c2d9a54286a899950172e62a6c6a84b5d255a0dee5227d6c39d969080a2c42e5999da26a1b00651937f36caf23fce9396eb8d9f6f8dabd368d6d90aa28e6
2023-09-16 14:31:42 +00:00
Jonas Nick
c1b370aaa6
update nixpkgs
btcpayserver: 1.11.2 -> 1.11.4
clightning: 23.05.2 -> 23.08.1
hwi: 2.2.1 -> 2.3.1

Remove custom coincurve, since nixos-23.05 includes the latest version
of coincurve (18) that's required by pyln-proto.

Co-authored-by: Erik Arvstedt <erik.arvstedt@gmail.com>
2023-09-16 13:40:27 +00:00
Jonas Nick
19b997fde7
Merge fort-nix/nix-bitcoin#643: clboss: 0.13A -> 0.13
b6df5cb130 clboss: 0.13A -> 0.13 (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK b6df5cb130

Tree-SHA512: c25352fca2a47de3e0b69637dd137bd6d127a99b5a7a138cdd011a243be2bd9e97bfd64a941894734f6c6e779e03db1b34696bfa66bfe59eb3155a6eeda5c90f
2023-09-11 08:29:21 +00:00
Erik Arvstedt
b6df5cb130
clboss: 0.13A -> 0.13 2023-09-09 14:35:35 +02:00
Jonas Nick
8db4a1ece5
Merge fort-nix/nix-bitcoin#641: Update recommended disk space hardware.md
73333d5e8f Update recommended disk space hardware.md (bakerb15)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 73333d5e8f

Tree-SHA512: 9c339ab2d4f50ba5d6a05e90719da94c4f72aca0087f5f3ea6a4c131b7d27c5bbc31e06ee78457237456fa57dc25a3d4d6c730b90ce0853331c3d611c6eebe8d
2023-09-05 19:44:04 +00:00
bakerb15
73333d5e8f
Update recommended disk space hardware.md 2023-09-05 12:53:12 -04:00
Jonas Nick
d5d3f064e6
Merge fort-nix/nix-bitcoin#640: pkgs/bitcoind: use pkgs instead of pkgsUnstable
ff30af6ed3 pkgs/bitcoind: use `pkgs` instead of `pkgsUnstable` (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK ff30af6ed3

Tree-SHA512: 756267aedbb166e315daaeab6c0dd3869df2ff57e076fb67cc55e4242a76b201eae4ff0512950280b4298438dc655ed5e8d22588722e4235b05baa7f4e59237a
2023-09-04 19:34:31 +00:00
Jonas Nick
b98c0292cd
Merge fort-nix/nix-bitcoin#637: Misc. improvements
27e52fc565 dev-scenarios: fix comment (Erik Arvstedt)
7dcf307925 flake-info-sandboxed: clarify that sandbox is offline (Erik Arvstedt)
c22365d4a2 minimal-vm.nix: improve login text (Erik Arvstedt)
32ce2b567c examples/README: make relative location of configuration.nix explicit (Erik Arvstedt)
8303a65f0c configuration.nix: add nodeinfo (Erik Arvstedt)
073161b044 secrets: add comment (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 27e52fc565

Tree-SHA512: a5015183db39fb1b32af08e187029db049f53e7df8ec00d8c3ee4393b20f1318e99cd4696ecd48ecacdfefca0f1200df5602ec14f7123291ac983ae382cac41d
2023-09-04 19:23:49 +00:00
Jonas Nick
d85e7108d1
Merge fort-nix/nix-bitcoin#638: Minor clightning fixes
e253b89858 clightning: depend on actual bitcoind package (Erik Arvstedt)
b85aac9ba1 clightning: don't cleanup socket on startup (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK e253b89858

Tree-SHA512: 483b1208ff3c7409fddb2cce10f6285cdc7cd17e48742755bcf1b0c8668e4a343acc70f1efcccd3a3d32d172306dfbf0febb31972db636a64e16ed364adbf5ce
2023-09-04 19:18:21 +00:00
Jonas Nick
13a264105e
Merge fort-nix/nix-bitcoin#636: docs/install: don't enter examples shell while creating node config
329fbac404 docs/install: don't enter examples shell while creating node config (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 329fbac404

Tree-SHA512: 220f97b8d57207da516003576eb7710a9040c05dfac147492181dc4b5cf673713ed91383574ecba4c66a294d8f52e48fb59916ecc930ed8233da23e6136fba60
2023-09-04 19:12:05 +00:00
Erik Arvstedt
ff30af6ed3
pkgs/bitcoind: use pkgs instead of pkgsUnstable
All deps required by `bitcoind` are available in `pkgs`.
2023-09-01 01:12:34 +02:00
Erik Arvstedt
27e52fc565
dev-scenarios: fix comment 2023-08-20 10:54:46 +02:00
Erik Arvstedt
7dcf307925
flake-info-sandboxed: clarify that sandbox is offline 2023-08-20 10:54:46 +02:00
Erik Arvstedt
c22365d4a2
minimal-vm.nix: improve login text
- Add `bitcoin-cli` cmd
- Remove leading dashes to for easier copying and pasting
2023-08-20 10:54:45 +02:00
Erik Arvstedt
32ce2b567c
examples/README: make relative location of configuration.nix explicit 2023-08-20 10:54:45 +02:00
Erik Arvstedt
8303a65f0c
configuration.nix: add nodeinfo 2023-08-20 10:54:45 +02:00
Erik Arvstedt
073161b044
secrets: add comment 2023-08-20 10:54:45 +02:00
Erik Arvstedt
e253b89858
clightning: depend on actual bitcoind package 2023-08-20 10:52:50 +02:00
Erik Arvstedt
b85aac9ba1
clightning: don't cleanup socket on startup
This is now taken care of by clightning itself.
2023-08-19 12:24:31 +02:00
Erik Arvstedt
329fbac404
docs/install: don't enter examples shell while creating node config
1. This simplifies the setup

2. Fixes a bug where a user skipped step 4.6 (run `nix-shell`) which
   he deemed superfluous because a Nix shell was already active.
   This caused an error during deployment.
2023-08-18 16:28:15 +02:00
Jonas Nick
70bfb03e88
Merge fort-nix/nix-bitcoin#635: update nixpkgs
7ec5830169 update nixpkgs (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 7ec5830169

Tree-SHA512: 768fa5751ecfdb3dad1b5c12911d313e265d27ecb8a5522addfa0a3c1bd326d96e85a03ce4203aac6f5947ddf47a0b71ffacb8071f62bb8c5fa5981e14acbbce
2023-08-18 12:53:35 +00:00
Erik Arvstedt
7ec5830169
update nixpkgs
btcpayserver: 1.10.3 -> 1.11.2
2023-08-18 13:36:19 +02:00
Jonas Nick
9d9925621a
Merge fort-nix/nix-bitcoin#621: Trustedcoin fixes
4e8369705d dev: add trustedcoin (Erik Arvstedt)
ac59f93e63 trustedcoin: add regtest support, reenable test (Erik Arvstedt)
aa418869b3 tests/trustedcoin: extract fn (Erik Arvstedt)
6de5029c49 tests/trustedcoin: refactor (Erik Arvstedt)
53ea447ab7 trustedcoin: add option `tor.proxy` (Erik Arvstedt)
31b76f1ffe clightning: add option `useBcliPlugin` (Erik Arvstedt)
f3e9c644e3 clightning-plugins/trustedcoin: improve docs (Erik Arvstedt)
7640c69d79 tests/clightning-plugins: enable active plugin test for `trustedcoin` (Erik Arvstedt)
57455eb897 tests/clightning-plugins: set actual `clboss` pkg path (Erik Arvstedt)
dca6813d6b tests/clightning-plugins: extract variable (Erik Arvstedt)
858ab1cfd6 clightning: revert whitespace changes (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 4e8369705d

Tree-SHA512: 4abf6f2e6ba51b39351f8c2ef97c6afc7c2e686da41b7a6bb4a8d6e89bc9f829ca53109efb800d7b26d360319271bcc8beafc5ddfe133668cf412790d645682b
2023-08-05 20:09:31 +00:00
Erik Arvstedt
4e8369705d
dev: add trustedcoin 2023-08-03 18:40:13 +02:00
Erik Arvstedt
ac59f93e63
trustedcoin: add regtest support, reenable test 2023-08-03 18:40:13 +02:00
Erik Arvstedt
aa418869b3
tests/trustedcoin: extract fn 2023-08-03 18:40:12 +02:00
Erik Arvstedt
6de5029c49
tests/trustedcoin: refactor
- No need to wait for bitcoind:
  clightning being active implies that bitcoind is active.

- Remove redundant log checks
2023-08-03 18:40:12 +02:00
Erik Arvstedt
53ea447ab7
trustedcoin: add option tor.proxy
By disabling `trustedcoin.tor.proxy` and enabling `clightning.tor.proxy`,
`trustedcoin` can be used without Tor proxying, while clighting still
uses Tor for lightning layer connections.

Previously, disabling Tor for `trustedcoin` required to also disable
Tor for clightning.

Also fix the workaround in the docs for the trustedcoin Tor connection issues:
The previous config snippet only affected systemd hardening settings,
but didn't disable Tor for trustedcoin.
2023-08-03 18:40:12 +02:00
Erik Arvstedt
31b76f1ffe
clightning: add option useBcliPlugin
This decouples modules `clightning` and `trustedcoin`.
`clightning` no longer depends on `trustedcoin`, which restores
the acyclic dependency graph described in `modules.nix`
2023-08-03 18:40:12 +02:00
Erik Arvstedt
f3e9c644e3
clightning-plugins/trustedcoin: improve docs 2023-08-03 17:14:40 +02:00
Erik Arvstedt
7640c69d79
tests/clightning-plugins: enable active plugin test for trustedcoin 2023-08-03 01:20:05 +02:00
Erik Arvstedt
57455eb897
tests/clightning-plugins: set actual clboss pkg path 2023-08-03 01:20:04 +02:00
Erik Arvstedt
dca6813d6b
tests/clightning-plugins: extract variable 2023-08-03 01:20:04 +02:00
Erik Arvstedt
858ab1cfd6
clightning: revert whitespace changes 2023-08-03 01:20:04 +02:00
Jonas Nick
2e53fd2e51
Merge fort-nix/nix-bitcoin#631: rtl: fix lnd, lightning-loop connection errors
14ca8b461b rtl: fix lnd, lightning-loop connection errors (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 14ca8b461b

Tree-SHA512: 9e82da82c0964c5f24fda1276b2dc27f1d4c57e040bf755568905225e6e3ad00a810a9c99c21041acbae10bbaf030f06aaaa715170e8a754025cf358f5ba1535
2023-07-29 20:41:46 +00:00
Jonas Nick
369ce1c60c
Merge fort-nix/nix-bitcoin#629: update nixpkgs
aca0b1e6ec update nixpkgs (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK aca0b1e6ec

Tree-SHA512: de44d8ad85665d0e0a7d79ed06bdc70cd3c831d06f58d237bd75b50a14c2cc02f7c1252350962884ef8bb9b35fccf1ecabedf883a516d6c054938381b0998d9a
2023-07-29 19:22:14 +00:00
Erik Arvstedt
14ca8b461b
rtl: fix lnd, lightning-loop connection errors
lnd and lightning-loop resolve `localhost` to an IPv4 address when
creating RPC sockets.

Since NixOS 23.05, RTL (nodejs) resolves `localhost` to an IPv6
address when connecting to lnd and lightning-loop, which leads to
connection errors.

To fix these and other potential errors, replace all instances
of `localhost` with `127.0.0.1`.
2023-07-29 19:07:10 +02:00
Jonas Nick
aca0b1e6ec
update nixpkgs
btcpayserver: 1.10.2 -> 1.10.3

Also, don't override boost provided to the bitcoin package, same as in the
nixpkgs.
2023-07-29 14:13:08 +00:00
Jonas Nick
d8954ec8dd
Merge fort-nix/nix-bitcoin#627: Fix clightning prometheus plugin msat purge error
8157cd4fe3 fix prometheus msat purge error (Haos Games)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 8157cd4fe3

Tree-SHA512: 0e4634106d15762aeb1ed86d2e5d59d018bf3b36a14c15dd126d5e9987cd3c3b8c937bdb02d6795ec77985a88cb5f30f70b613d92d30e057fea5db894098d459
2023-07-24 08:47:41 +00:00
Haos Games
8157cd4fe3 fix prometheus msat purge error 2023-07-23 19:45:19 +02:00
Jonas Nick
6eaddd970a
Merge fort-nix/nix-bitcoin#617: Update to NixOS 23.05
e658209d56 run-tests.sh: fix building tests for Nix ≥ 2.15 (Erik Arvstedt)
bb2e88cec2 fix python packages for nixos 23.05 (Erik Arvstedt)
e31cc686f2 run-tests: make compatible with new shellcheck version (Erik Arvstedt)
76dc7b92e1 examples/deploy-container.sh: add extra-container version check (Erik Arvstedt)
6c2d1108a4 update the required extra-container version for nixos 23.05 (Erik Arvstedt)
e2cce7daa8 update to nixos 23.05 (Erik Arvstedt)
55c64d8dff update nixpkgs (Erik Arvstedt)
bd77b89fea rtl, clightning-rest: update to nodejs 18 (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK e658209d56

Tree-SHA512: 5814f56e469ad384dfb81bc11f9ac256a35cd2647e7fd997b14f84927448fbb880b0b1cee3bdf5a2b926760b74aab291e901e67a0759d43ffaf705ff6b741b97
2023-07-19 17:37:08 +00:00
Erik Arvstedt
e658209d56
run-tests.sh: fix building tests for Nix ≥ 2.15 2023-07-19 17:22:01 +02:00
Erik Arvstedt
bb2e88cec2
fix python packages for nixos 23.05 2023-07-19 17:22:01 +02:00
Erik Arvstedt
e31cc686f2
run-tests: make compatible with new shellcheck version 2023-07-19 17:22:01 +02:00
Erik Arvstedt
76dc7b92e1
examples/deploy-container.sh: add extra-container version check
It now uses the same version check as
make-container.sh (which is called by run-tests.sh)
2023-07-19 17:22:01 +02:00
Erik Arvstedt
6c2d1108a4
update the required extra-container version for nixos 23.05 2023-07-19 17:22:01 +02:00
Erik Arvstedt
e2cce7daa8
update to nixos 23.05 2023-07-19 17:22:01 +02:00
Erik Arvstedt
55c64d8dff
update nixpkgs
clightning: 23.05.1 -> 23.05.2
lightning-pool: 0.5.3-alpha -> 0.6.4-beta
2023-07-19 17:22:01 +02:00
Erik Arvstedt
bd77b89fea
rtl, clightning-rest: update to nodejs 18
16 is no longer supported by NixOS 23.05.
18 is the latest LTS version.
2023-07-19 17:22:01 +02:00
Jonas Nick
48b360439c
Merge fort-nix/nix-bitcoin#625: Add versioned release branches
6510f269f6 release: add `nixos-*` version branch (Erik Arvstedt)
dd532d4738 push-release: fix `OAUTH_TOKEN` error handling (Erik Arvstedt)
a2b45e00c7 push-release: auto-create release version number (Erik Arvstedt)
0ce3fb1c94 push-release: use `curl -fSs` (Erik Arvstedt)
40c5419a75 push-release: rename `TAG_NAME` -> `releaseVersion` (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 6510f269f6

Tree-SHA512: f5df058d3f140fbc3dca47316b00dd46cffef6cf21276a6884abf9d99ebcb84791e135fee852216da0afc247b914603022e716ca6f4f7696a606549902f10fb0
2023-07-19 08:44:14 +00:00
Jonas Nick
e504def824
Merge fort-nix/nix-bitcoin#626: secure-node: add sudo shell alias for doas
5eaf104efe secure-node: add `sudo` shell alias for `doas` (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 5eaf104efe

Tree-SHA512: a53121599a36318e76a63a74b912fed1d315365dcb19c476a1f1b75a684f9b9c49c22946081e86d11743b749850b58d19f90eb51214f5006bc2d5bd2a0ffa402
2023-07-12 15:44:53 +00:00
Erik Arvstedt
5eaf104efe
secure-node: add sudo shell alias for doas
A convenience helper which allows running most `sudo` cmds while
`doas` is enabled.

This is safe because all args supported by both `sudo` and
`doas` that lead to command execution (like `-u <user>`)
have identical semantics.
2023-07-10 07:22:00 +02:00
Erik Arvstedt
6510f269f6
release: add nixos-* version branch
Best practice for flakes containing NixOS modules.

`push-release` now pushes to an extra branch named `nixos-<version>`,
alongside branch `release`.
This allows users to track a specific NixOS release, so that their
config doesn't break when nix-bitcoin switches to a new NixOS
release.
2023-07-09 13:13:05 +02:00
Erik Arvstedt
dd532d4738
push-release: fix OAUTH_TOKEN error handling 2023-07-09 13:07:29 +02:00
Erik Arvstedt
a2b45e00c7
push-release: auto-create release version number 2023-07-09 13:07:29 +02:00
Erik Arvstedt
0ce3fb1c94
push-release: use curl -fSs
Best practice when using curl in scripts.
2023-07-09 13:07:29 +02:00
Erik Arvstedt
40c5419a75
push-release: rename TAG_NAME -> releaseVersion
More precise name.
2023-07-09 13:07:29 +02:00
Jonas Nick
03fb70efa4
Merge fort-nix/nix-bitcoin#624: clightning-rest: 0.10.4 -> 0.10.5
50aa13c3b4 clightning-rest: 0.10.4 -> 0.10.5 (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 50aa13c3b4

Tree-SHA512: 9aeb6e4b06029ef8f40d144e13711e63e7419d222171d84038944b37df01a60babb36e5a197bb77d45616fce3e5556a7d525a02b9d6a4f45819330918820e7f8
2023-07-02 10:12:06 +00:00
Erik Arvstedt
50aa13c3b4
clightning-rest: 0.10.4 -> 0.10.5 2023-06-29 12:48:25 +02:00
Jonas Nick
01c6148056
Merge fort-nix/nix-bitcoin#620: update nixpkgs
71b4191095 update nixpkgs (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 71b4191095

Tree-SHA512: 9f9ee35462f83ed9fd0b4e70fd4d0daaeb6b66c04c990fd78bc0285328bb00f54a271df8da58d1409368be29e9934880566edb8151c62c9d94e1971e6b57f82c
2023-06-27 20:13:10 +00:00
Jonas Nick
71b4191095
update nixpkgs
extra-container: 0.11 -> 0.12
lnd: 0.16.2-beta -> 0.16.3-beta
2023-06-27 09:59:02 +00:00
Jonas Nick
f946ea4bb9
Merge fort-nix/nix-bitcoin#623: tests/trustedcoin: remove from CI, disable temporarily
26b35120ad tests/trustedcoin: remove from CI, disable temporarily (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 26b35120ad

Tree-SHA512: e68af4b7f0ddd852ecf15e522199400857b34a68ccc33f6e642f198dc3b3321d5097b61a44e42a0af096ccc3e74ec2afc0593974b66fd932c8f192a9a2c78fd4
2023-06-27 09:58:22 +00:00
Erik Arvstedt
26b35120ad
tests/trustedcoin: remove from CI, disable temporarily
- Don't spin up a CI node for the minor `trustedcoin` test.
- Add the test to `run-tests.sh`, but disable it because it
  occasionally fails.
2023-06-26 00:10:31 +02:00
Jonas Nick
379b9a727a
Merge fort-nix/nix-bitcoin#619: clightning-rest: 0.10.3 -> 0.10.4
edcf39daf5 clightning-rest: 0.10.3 -> 0.10.4 (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK edcf39daf5

Tree-SHA512: 5614cd36e11542cb599a9c419fe91c67f847b55f4232d07421e8cbde8028134154d18e55b516c4e025543c24684f5d994df8cfaeaaa80e7a7b7e9f5a6b9570ad
2023-06-24 20:35:48 +00:00
Erik Arvstedt
edcf39daf5
clightning-rest: 0.10.3 -> 0.10.4 2023-06-21 23:09:39 +02:00
Jonas Nick
9a1ea4f0d8
Merge fort-nix/nix-bitcoin#615: Typo
640f8d5ded Typo (JayDeLux)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 640f8d5ded

Tree-SHA512: 9e8789b502167cfdfc9e1a9db38cf9455c69a4ca96927189de8f71ee12bdbd04a906a233e8e2aa8e63fee11aed3060172cb006a898e98b1c602ac6ceeafafe83
2023-06-14 18:52:44 +00:00
JayDeLux
640f8d5ded
Typo 2023-06-13 22:49:46 +02:00
Jonas Nick
f2a970406b
Merge fort-nix/nix-bitcoin#614: update nixpkgs
acab8667db update nixpkgs (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK acab8667db

Tree-SHA512: e87af78213f581963e0fd9d9f4eaaf8430dcecf727c266d7acf52fba67ed84cc30db793f51916b8b958bad95253c1939e09338693732e5d0637c93d595a487d6
2023-06-13 20:15:32 +00:00
Jonas Nick
acab8667db
update nixpkgs
btcpayserver: 1.10.1 -> 1.10.2
lightning-loop: 0.23.0-beta -> 0.24.1-beta
nbxplorer: 2.3.63 -> 2.3.65
clightning: 23.05 -> 23.05.1
2023-06-13 15:03:46 +00:00
Jonas Nick
47c1a482ef
Merge fort-nix/nix-bitcoin#612: versioning: improve configVersion description
bed10d1fca versioning: improve `configVersion` description (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK bed10d1fca

Tree-SHA512: d43437a368f48628ce975f2154e802110030dcadec3e9de75df5d0d787d021ab1fa0ef20060ee4376e066ebfb83a571a2d18a27a10e4c316db101d5a6151214f
2023-06-11 20:02:20 +00:00
Jonas Nick
f3d6eaa12e
Merge fort-nix/nix-bitcoin#613: clightning-plugins/prometheus: fix patch not being applied
1b741c7cc1 clightning-plugins/prometheus: fix patch not being applied (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 1b741c7cc1

Tree-SHA512: b746e7e7a22591c7d9cc700ff124f76058334cb1f88c4e4db6ffe13ca15cdcdb27eb48de39a26034f152bcfdd0904121199f9b5ab1d9230f74ecc0703999bb71
2023-06-11 20:00:30 +00:00
Erik Arvstedt
bed10d1fca
versioning: improve configVersion description 2023-06-09 21:51:20 +02:00
Erik Arvstedt
1b741c7cc1
clightning-plugins/prometheus: fix patch not being applied
`patchPhase` can't be used with `buildCommand`.
2023-06-09 14:40:32 +02:00
Jonas Nick
e3190b244f
Merge fort-nix/nix-bitcoin#610: update nixpkgs
af87d5958a obsolete-options: simplify removal of clightning plugin `commando` (Erik Arvstedt)
9b575e4f3f test/backups: check that bitcoind stops without errors (Erik Arvstedt)
8a791b754e rtl: 0.13.6 -> 0.14.0 (Erik Arvstedt)
3650d4befe bitcoin: replace nixpkgs package with bitcoin{,d} 24.1 (Jonas Nick)
75e54bbb90 spark-wallet: remove package and module (Jonas Nick)
29a95ea311 clightning-rest: update module to v0.10.3 (Erik Arvstedt)
67475f768e clightning-rest: 0.9.0 -> 0.10.3 (Erik Arvstedt)
fe76516790 bitcoind: update module to v25.0 (Erik Arvstedt)
9c59b96add clightning-plugins: add prometheus patch for clightning 23.05 (Jonas Nick)
9aea69e799 clightning-plugins: update (Jonas Nick)
2166bfd1ee clboss: deprecate, add clighting 23.05 compatibility (Erik Arvstedt)
dcc5a543ae update nixpkgs (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK af87d5958a

Tree-SHA512: 8bc6bc1aa01f342047b9b5cc468ab4af1f71a16d7f575f7e5108f2dfb0121160d777ead5b6714506a911066d594a37c6e14b774eb1bc1cb674ddea85e2e33c5a
2023-06-02 12:39:48 +00:00
Erik Arvstedt
af87d5958a
obsolete-options: simplify removal of clightning plugin commando 2023-06-02 10:50:11 +00:00
Erik Arvstedt
9b575e4f3f
test/backups: check that bitcoind stops without errors 2023-06-02 10:50:11 +00:00
Erik Arvstedt
8a791b754e
rtl: 0.13.6 -> 0.14.0 2023-06-02 10:50:11 +00:00
Jonas Nick
3650d4befe
bitcoin: replace nixpkgs package with bitcoin{,d} 24.1
Bitcoin Core 25.0 may sometimes hang when shutting down.
2023-06-02 10:50:11 +00:00
Jonas Nick
75e54bbb90
spark-wallet: remove package and module 2023-06-02 10:50:11 +00:00
Erik Arvstedt
29a95ea311
clightning-rest: update module to v0.10.3 2023-06-02 10:49:35 +00:00
Erik Arvstedt
67475f768e
clightning-rest: 0.9.0 -> 0.10.3 2023-06-02 10:49:35 +00:00
Erik Arvstedt
fe76516790
bitcoind: update module to v25.0 2023-06-02 10:49:25 +00:00
Jonas Nick
9c59b96add
clightning-plugins: add prometheus patch for clightning 23.05 2023-05-29 06:41:38 +00:00
Jonas Nick
9aea69e799
clightning-plugins: update 2023-05-29 06:41:38 +00:00
Erik Arvstedt
2166bfd1ee
clboss: deprecate, add clighting 23.05 compatibility 2023-05-29 06:41:38 +00:00
Jonas Nick
dcc5a543ae
update nixpkgs
bitcoind: 24.0.1 -> 25.0
btcpayserver: 1.7.12 -> 1.9.3
clightning: 23.02.2 -> 23.05
nbxplorer: 2.3.62 -> 2.3.63
2023-05-29 06:41:17 +00:00
Jonas Nick
d9baa2e108
Merge fort-nix/nix-bitcoin#607: joinmarket: 0.9.8 -> 0.9.9
fcd81d486d joinmarket: 0.9.8 -> 0.9.9 (nixbitcoin)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK fcd81d486d

Tree-SHA512: cb6c1b750361592a7508ee94fa811824e72e3dc5d97ff3a2b73c6141e9500b7300faa0457da2ae3ccd2c443ad8dfac360be32804374a4252161fadbae06ac896
2023-05-09 07:04:59 +00:00
nixbitcoin
fcd81d486d
joinmarket: 0.9.8 -> 0.9.9 2023-05-08 19:05:43 +00:00
Jonas Nick
946b42808b
Merge fort-nix/nix-bitcoin#609: lnd: fix non-static patch URL
1d69c9c824 lnd: fix non-static patch URL (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 1d69c9c824

Tree-SHA512: b9258b6df76200d5438a5cfc5f33122b9d7905fe1a67d80325009b770fe9afb5b2504953d8d5984b43e4680c593d8058199b3321b63a268e6460ccd3bce719e5
2023-05-08 07:04:01 +00:00
Erik Arvstedt
1d69c9c824
lnd: fix non-static patch URL 2023-05-07 22:30:31 +02:00
Jonas Nick
30c874de01
Merge fort-nix/nix-bitcoin#606: Update nixpkgs
9f3daab64f lnd: fix cert key format bug (Erik Arvstedt)
744d8fe379 update nixpkgs (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 9f3daab64f

Tree-SHA512: eb99133c495d9e0df6ba50efb9c693a94883467845aa30537fbb7f40c60c36acb414d1865653ad33a3a05ac2e0dbfcfdc54039754aa54e83f60b9b3f071c7640
2023-05-07 19:43:22 +00:00
Jonas Nick
490146ff34
Merge fort-nix/nix-bitcoin#608: Extend expiration date of key-jonasnick.bin
5df123f3a4 Extend expiration date of key-jonasnick.bin (Jonas Nick)

Pull request description:

ACKs for top commit:
  erikarvstedt:
    ACK 5df123f3a4

Tree-SHA512: 1ecc324a0d0d8a5339f6936da07c04abcf89459679ada11fd95d1769413db1089953198b1e0d6737b200a044f08e317ed91c58dae658c85b245c1ab423ea9389
2023-05-07 19:34:23 +00:00
Jonas Nick
5df123f3a4
Extend expiration date of key-jonasnick.bin
Exported with
`gpg --export-options export-minimal --export 0x4861DBF262123605! > key-jonasnick.bin`.
2023-05-07 19:18:05 +00:00
Erik Arvstedt
9f3daab64f
lnd: fix cert key format bug 2023-05-07 21:11:00 +02:00
Erik Arvstedt
744d8fe379
update nixpkgs
fulcrum: 1.9.0 -> 1.9.1
lightning-loop: 0.20.0-beta -> 0.23.0-beta
lnd: 0.15.5-beta -> 0.16.2-beta
2023-05-06 23:14:46 +02:00
111 changed files with 1640 additions and 3674 deletions

View File

@ -9,7 +9,7 @@ task:
container:
# Defined in https://github.com/nix-community/docker-nixpkgs
image: nixpkgs/nix-flakes:nixos-22.11
image: nixpkgs/nix-flakes:nixos-23.11
matrix:
- name: modules_test
@ -27,7 +27,6 @@ task:
- scenario: default
- scenario: netns
- scenario: netnsRegtest
- scenario: trustedcoin
# This script is run as root
build_script:
- echo "sandbox = true" >> /etc/nix/nix.conf

View File

@ -79,7 +79,7 @@ NixOS modules ([src](modules/modules.nix))
* [prometheus](https://github.com/lightningd/plugins/tree/master/prometheus): lightning node exporter for the prometheus timeseries server
* [rebalance](https://github.com/lightningd/plugins/tree/master/rebalance): keeps your channels balanced
* [summary](https://github.com/lightningd/plugins/tree/master/summary): print a nice summary of the node status
* [trustedcoin](https://github.com/nbd-wtf/trustedcoin) [[experimental](docs/services.md#trustedcoin-hints)]: replaces bitcoind with trusted public explorers
* [trustedcoin](https://github.com/nbd-wtf/trustedcoin) ([experimental](docs/services.md#trustedcoin)): replaces bitcoind with trusted public explorers
* [zmq](https://github.com/lightningd/plugins/tree/master/zmq): publishes notifications via ZeroMQ to configured endpoints
* [clightning-rest](https://github.com/Ride-The-Lightning/c-lightning-REST): REST server for clightning
* [lnd](https://github.com/lightningnetwork/lnd) with support for announcing an onion service and [static channel backups](https://github.com/lightningnetwork/lnd/blob/master/docs/recovery.md)
@ -90,7 +90,7 @@ NixOS modules ([src](modules/modules.nix))
clightning [via WireGuard](./docs/services.md#use-zeus-mobile-lightning-wallet-via-wireguard) or
[Tor](./docs/services.md#use-zeus-mobile-lightning-wallet-via-tor)
* [Ride The Lightning](https://github.com/Ride-The-Lightning/RTL): web interface for `lnd` and `clightning`
* [spark-wallet](https://github.com/shesek/spark-wallet)
* [mempool](https://github.com/mempool/mempool): Bitcoin visualizer, explorer, and API service
* [electrs](https://github.com/romanz/electrs): Electrum server
* [fulcrum](https://github.com/cculianu/Fulcrum): Electrum server (see [the module](modules/fulcrum.nix) for a comparison with electrs)
* [btcpayserver](https://github.com/btcpayserver/btcpayserver)
@ -104,12 +104,6 @@ NixOS modules ([src](modules/modules.nix))
* [backups](modules/backups.nix): duplicity backups of all your node's important files
* [operator](modules/operator.nix): configures a non-root user who has access to client tools (e.g. `bitcoin-cli`, `lightning-cli`)
### Extension modules
Extension modules are maintained in separate repositories and have their own review
and release process.
* [Mempool](https://github.com/fort-nix/nix-bitcoin-mempool): Bitcoin visualizer, explorer and API service
Security
---
See [SECURITY.md](SECURITY.md) for the security policy and how to report a vulnerability.

View File

@ -45,7 +45,7 @@ all other security vulnerabilities.
| Type | Description | Examples |
| :-: | :-: | :-: |
| Outright Vulnerabilities | Vulnerabilities in nix-bitcoin specific tooling (except CI tooling) | privilege escalation in SUID binary `netns-exec`, improper release signature verification through `fetch-release` |
| Violations of [PoLP](https://en.wikipedia.org/wiki/Principle_of_least_privilege) | nix-bitcoin services are given too much privilege over the system or unnecessary access to other nix-bitcoin services, or one of the nix-bitcoin isolation measures is incorrectly implemented | `netns-isolation` doesn't work, spark-wallet has access to bitcoin RPC interface or files |
| Violations of [PoLP](https://en.wikipedia.org/wiki/Principle_of_least_privilege) | nix-bitcoin services are given too much privilege over the system or unnecessary access to other nix-bitcoin services, or one of the nix-bitcoin isolation measures is incorrectly implemented | `netns-isolation` doesn't work, RTL has access to bitcoin RPC interface or files |
| Vulnerabilities in Dependencies | A vulnerability in any dependency of a nix-bitcoin installation with a configuration consisting of any combination of the following services: bitcoind, clightning, lnd, electrs, joinmarket, btcpayserver, liquidd.<br />**Note:** The vulnerability must first be reported to and handled by the maintainers of the dependency before it qualifies for a reward| Compromised NixOS expression pulls in malicious package, JoinMarket pulls in a python dependency with a known severe vulnerability |
| Bad Documentation | Our documentation suggests blatantly insecure things | `install.md` tells you to add our SSH keys to your root user |
| Compromise of Signing Key | Compromise of the nix-bitcoin signing key, i.e., `0xB1A70E4F8DCD0366` | Leaking the key, managing to sign something with it |

View File

@ -101,4 +101,5 @@ It's easiest to use an existing service as a template:
- [flake.nix](../flake.nix): update `nixpkgs.url`
- [cirrus.yml](../.cirrus.yml): update toplevel container -> image attribute
- [examples/configuration.nix](../examples/configuration.nix): update `system.stateVersion`
- [examples/flakes/flake.nix](../examples/flakes/flake.nix): update `inputs.nix-bitcoin.url`
- Treewide: check if any `TODO-EXTERNAL` comments can be resolved

View File

@ -127,22 +127,6 @@ c systemctl status clightning-rest
c journalctl -u clightning-rest
c systemctl status clightning-rest-migrate-datadir
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
# spark-wallet
run-tests.sh -s "{
services.spark-wallet.enable = true;
test.container.exposeLocalhost = true;
}" container
c systemctl status spark-wallet
c journalctl -u spark-wallet
sparkAuth=$(c cat /secrets/spark-wallet-login | grep -ohP '(?<=login=).*')
curl -v http://$sparkAuth@$ip:9737
# Open in browser
runuser -u "$(logname)" -- xdg-open http://$sparkAuth@$ip:9737
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
# electrs
@ -291,9 +275,18 @@ c journalctl -u joinmarket-ob-watcher
c journalctl -f -u joinmarket-ob-watcher
# Check webinterface
c curl localhost:62601
c curl 127.0.0.1:62601
nix run --inputs-from . nixpkgs#lynx -- --dump $ip:62601
c curl -s localhost:62601 | grep -i "orders found"
c curl -s 127.0.0.1:62601 | grep -i "orders found"
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
# trustedcoin
run-tests.sh -s trustedcoin-online container
c systemctl start clightning
c journalctl -u clightning -f
# This should show log msgs like
# plugin-trustedcoin returning block 801409, 0000000000000000000482ddc4…, 1483968 bytes
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
# rtl

View File

@ -37,7 +37,7 @@ with lib;
extraConfig.Settings.themeColor = "INDIGO";
};
# nodes.lnd.enable = false;
# services.rtl.nodes.reverseOrder = true;
# nodes.reverseOrder = true;
nightTheme = true;
extraCurrency = "CHF";
};
@ -75,4 +75,34 @@ with lib;
};
nix-bitcoin.nodeinfo.enable = true;
};
trustedcoin-online = {
services.clightning = {
enable = true;
tor.proxy = true;
plugins.trustedcoin.enable = true;
plugins.trustedcoin.tor.proxy = false;
};
# Don't run clightning on startup.
# This breaks the follwing dependency cycle:
# clightning
# -> network (trustedcoin fails and exits clightning without network access)
# -> multi-user.target (NixOS containers only gain network access after multi-user.target has completed)
# -> clightning
systemd.services.clightning.wantedBy = mkForce [];
test.container.enableWAN = true;
};
mempool-regtest = {
imports = [
scenarios.regtestBase
];
services.mempool = {
enable = true;
frontend.address = "0.0.0.0";
};
nix-bitcoin.nodeinfo.enable = true;
};
}

22
dev/topics/mempool.sh Normal file
View File

@ -0,0 +1,22 @@
# Start mempool container
run-tests.sh -s mempool-regtest container
c systemctl status mempool
c systemctl status mysql
c nodeinfo
# Check backend
c curl -fsS localhost:8999/api/v1/blocks/1 | jq
c curl -fsS localhost:8999/api/v1/blocks/tip/height | jq
c curl -fsS localhost:8999/api/v1/address/1CGG9qVq2P6F7fo6sZExvNq99Jv2GDpaLE | jq
# Check frontend
c curl -fsS localhost:60845
c curl -fsS localhost:60845/api/mempool | jq
c curl -fsS localhost:60845/api/blocks/1 | jq
c curl -fsS localhost:60845/api/v1/blocks/1 | jq
c curl -fsS localhost:60845/api/blocks/tip/height | jq
# Open frontend
# shellcheck disable=SC2154
runuser -u "$(logname)" -- xdg-open "http://$ip:60845/"

View File

@ -30,7 +30,7 @@ runuser -u "$(logname)" -- xdg-open "http://$ip:3000"
rtl_src=~/s/RTL
git clone https://github.com/Ride-The-Lightning/RTL "$rtl_src"
nix build -o /tmp/nix-bitcoin-dev/nodejs --inputs-from . nixpkgs#nodejs-16_x
nix build -o /tmp/nix-bitcoin-dev/nodejs --inputs-from . nixpkgs#nodejs-18_x
# Start a shell in a sandbox
env --chdir "$rtl_src" nix-bitcoin-firejail --whitelist="$rtl_src" --whitelist=/tmp/nix-bitcoin-dev/nodejs
PATH=/tmp/nix-bitcoin-dev/nodejs/bin:"$PATH"

View File

@ -2,7 +2,7 @@ Hardware requirements
---
* RAM: 2GB. ECC memory is better. Additionally, it's recommended to use DDR4 memory with
targeted row refresh (TRR) enabled (https://rambleed.com/).
* Disk space: 500 GB (400GB for Bitcoin blockchain + some room) for an unpruned
* Disk space: 1 TB for an unpruned
instance of Bitcoin Core.
* This can be significantly lowered by enabling pruning.
Note: Pruning is not supported by `electrs` and `fulcrum`.

View File

@ -20,16 +20,16 @@ This is borrowed from the [NixOS manual](https://nixos.org/nixos/manual/index.ht
1. Obtain latest [NixOS](https://nixos.org/nixos/download.html). For example:
```
wget https://releases.nixos.org/nixos/20.09/nixos-20.09.2405.e065200fc90/nixos-minimal-20.09.2405.e065200fc90-i686-linux.iso
sha256sum nixos-minimal-20.09.2405.e065200fc90-x86_64-linux.iso
# output: 5fc182e27a71a297b041b5c287558b21bdabde7068d4fc049752dad3025df867
wget https://releases.nixos.org/nixos/23.11/nixos-23.11.1494.b4372c4924d9/nixos-minimal-23.11.1494.b4372c4924d9-x86_64-linux.iso
sha256sum nixos-minimal-23.11.1494.b4372c4924d9-x86_64-linux.iso
# output: f48cf810432c1f04b291c947b36f824823dfef8ebfa0e1906602a516450189d8
```
Alternatively you can build NixOS from source by following the instructions at https://nixos.org/nixos/manual/index.html#sec-building-cd.
2. Write NixOS iso to install media (USB/CD). For example:
```
cp nixos-minimal-20.09.2405.e065200fc90-x86_64-linux.iso /dev/sdX
cp nixos-minimal-23.05.3701.e9b4b56e5a20-x86_64-linux.iso /dev/sdX
```
Replace /dev/sdX with the correct device name. You can find this using `sudo fdisk -l`
@ -210,31 +210,21 @@ You can also build Nix from source by following the instructions at https://nixo
1. Clone this project
```
cd
git clone https://github.com/fort-nix/nix-bitcoin
```
2. Obtain the hash of the latest nix-bitcoin release
2. Create a new directory for your nix-bitcoin node config and copy initial files from nix-bitcoin
```
cd nix-bitcoin/examples
nix-shell
```
This will download the nix-bitcoin dependencies and might take a while without giving an output.
Now in the nix-shell run
```
fetch-release > nix-bitcoin-release.nix
```
3. Create a new directory for your nix-bitcoin deployment and copy initial files from nix-bitcoin
```
cd ../../
mkdir nix-bitcoin-node
cd nix-bitcoin-node
cp -r ../nix-bitcoin/examples/{nix-bitcoin-release.nix,configuration.nix,shell.nix,krops,.gitignore} .
cp -r ../nix-bitcoin/examples/{configuration.nix,shell.nix,krops,.gitignore} .
```
3. Obtain the hash of the latest nix-bitcoin release
```
../nix-bitcoin/helper/fetch-release > nix-bitcoin-release.nix
```
#### Optional: Specify the system of your node

View File

@ -128,7 +128,7 @@ yourself with custom permissions.
Normally you would connect to RTL via SSH tunneling with a command like this
```
ssh -L 3000:localhost:3000 root@bitcoin-node
ssh -L 3000:127.0.0.1:3000 root@bitcoin-node
```
Or like this, if you are using `netns-isolation`
@ -291,49 +291,6 @@ Create a plain text URL:
lndconnect-wg --url
``````
# Connect to spark-wallet
### Requirements
* Android phone
* [Orbot](https://guardianproject.info/apps/orbot/) installed from [F-Droid](https://guardianproject.info/fdroid) (recommended) or [Google Play](https://play.google.com/store/apps/details?id=org.torproject.android&hl=en)
* [Spark-wallet](https://github.com/shesek/spark-wallet) installed from [direct download](https://github.com/shesek/spark-wallet/releases) or [Google Play](https://play.google.com/store/apps/details?id=com.spark.wallet)
1. Enable spark-wallet in `configuration.nix`
Change
```
# services.spark-wallet.enable = true;
```
to
```
services.spark-wallet.enable = true;
```
2. Deploy new `configuration.nix`
3. Enable Orbot VPN for spark-wallet
```
Open Orbot app
Turn on "VPN Mode"
Select Gear icon under "Tor-Enabled Apps"
Toggle checkbox under Spark icon
```
4. Get the onion address, access key and QR access code for the spark wallet android app
```
journalctl -eu spark-wallet
```
Note: The qr code might have issues scanning if you have a light terminal theme. Try setting it to dark or highlighting the entire output to invert the colors.
5. Connect to spark-wallet android app
```
Server Settings
Scan QR
Done
```
# Connect to electrs
### Requirements Android
* Android phone
@ -369,7 +326,7 @@ lndconnect-wg --url
On Desktop
```
electrum --oneserver -1 -s "<electrs onion address>:t" -p socks5:localhost:9050
electrum --oneserver -1 -s "<electrs onion address>:t" -p socks5:127.0.0.1:9050
```
On Android
@ -408,11 +365,11 @@ lndconnect-wg --url
4. Connect to your nix-bitcoin node's SSH onion service, forwarding a local port to the nix-bitcoin node's SSH server
```
ssh -i ~/.ssh/id_ed25519 -L <random port of your choosing>:localhost:22 root@<SSH onion address>
ssh -i ~/.ssh/id_ed25519 -L <random port of your choosing>:127.0.0.1:22 root@<SSH onion address>
```
5. Edit your deployment tool's configuration and change the node's address to `localhost` and the ssh port to `<random port of your choosing>`.
If you use krops as described in the [installation tutorial](./install.md), set `target = "localhost:<random port of your choosing>";` in `krops/deploy.nix`.
5. Edit your deployment tool's configuration and change the node's address to `127.0.0.1` and the ssh port to `<random port of your choosing>`.
If you use krops as described in the [installation tutorial](./install.md), set `target = "127.0.0.1:<random port of your choosing>";` in `krops/deploy.nix`.
6. After deploying the new configuration, it will connect through the SSH tunnel you established in step iv. This also allows you to do more complex SSH setups that some deployment tools don't support. An example would be authenticating with [Trezor's SSH agent](https://github.com/romanz/trezor-agent), which provides extra security.
@ -622,26 +579,18 @@ services.clightning = {
Please have a look at the module for a plugin (e.g. [prometheus.nix](../modules/clightning-plugins/prometheus.nix)) to learn its configuration options.
### Trustedcoin hints
The [trustedcoin](https://github.com/nbd-wtf/trustedcoin) plugin use a Tor
proxy for all of its external connections by default. That's why you can
sometimes face issues with your connections to esploras getting blocked.
An example of clightning log error output in a case your connections are getting blocked:
### Trustedcoin
When `services.clightning.tor.proxy` is enabled, [trustedcoin](https://github.com/nbd-wtf/trustedcoin)
also uses Tor for all external connections by default.
In this case, connections to block explorers can sometimes get blocked.
An example of clightning log error output when connections are getting blocked:
```
lightningd[5138]: plugin-trustedcoin estimatefees error: https://blockstream.info/api error: 403 Forbidden
lightningd[4933]: plugin-trustedcoin getblock error: got something that isn't a block hash: <html><head>...
```
```
lightningd[4933]: plugin-trustedcoin getblock error: got something that isn't a block hash: <html><head>
lightningd[4933]: <meta http-equiv="content-type" content="text/html;
```
If you face these issues and you still need to use trustedcoin, use can disable
clightning's tor hardening by setting this option in your `configuration.nix`
file:
```
services.clightning.tor.enforce = false;
To work around this and connect via clearnet instead, set this option:
```nix
services.clightning.plugins.trustedcoin.tor.proxy = false;
```

View File

@ -23,9 +23,9 @@ cd nix-bitcoin/examples/
nix-shell
```
The following example scripts set up a nix-bitcoin node according to [`configuration.nix`](configuration.nix) and then
The following example scripts set up a nix-bitcoin node according to [`./configuration.nix`](configuration.nix) and then
shut down immediately. They leave no traces (outside of `/nix/store`) on the host system.\
By default, [`configuration.nix`](configuration.nix) enables `bitcoind` and `clightning`.
By default, [`./configuration.nix`](configuration.nix) enables `bitcoind` and `clightning`.
- [`./deploy-container.sh`](deploy-container.sh) creates a [NixOS container](https://github.com/erikarvstedt/extra-container).\
This is the fastest way to set up a node.\
@ -63,3 +63,9 @@ The commands in `shell.nix` allow you to locally run the node in a VM or contain
Flakes make it easy to include `nix-bitcoin` in an existing NixOS config.
The [flakes example](./flakes/flake.nix) shows how to use `nix-bitcoin` as an input to a system flake.
### Extending nix-bitcoin with Flakes
The [mempool extension flake](https://github.com/fort-nix/nix-bitcoin-mempool) shows how to define new
pkgs and modules in a Flake.\
Since mempool is now a core nix-bitcoin module, this Flake just serves as an example.

View File

@ -126,11 +126,25 @@
# Automatically enables lightning-loop.
# services.rtl.nodes.lnd.loop = true;
### SPARK WALLET
# Set this to enable spark-wallet, a minimalistic wallet GUI for
# c-lightning, accessible over the web or through mobile and desktop apps.
# Automatically enables clightning.
# services.spark-wallet.enable = true;
### MEMPOOL
# Set this to enable mempool, a fully featured Bitcoin visualizer, explorer,
# and API service.
#
# services.mempool.enable = true;
#
# Possible options for the Electrum backend server:
#
# - electrs (enabled by default):
# Small database size, slow when querying new addresses.
#
# - fulcrum:
# Large database size, quickly serves arbitrary address queries.
# Enable with:
# services.mempool.electrumServer = "fulcrum";
#
# Set this to create an onion service to make the mempool web interface
# available via Tor:
# nix-bitcoin.onionServices.mempool-frontend.enable = true;
### ELECTRS
# Set this to enable electrs, an Electrum server implemented in Rust.
@ -236,6 +250,12 @@
# Set this to enable the JoinMarket order book watcher.
# services.joinmarket-ob-watcher.enable = true;
### Nodeinfo
# Set this to add command `nodeinfo` to the system environment.
# It shows info about running services like onion addresses and local addresses.
# It is enabled by default when importing `secure-node.nix`.
# nix-bitcoin.nodeinfo.enable = true;
### Backups
# Set this to enable nix-bitcoin's own backup service. By default, it
# uses duplicity to incrementally back up all important files in /var/lib to
@ -271,7 +291,7 @@
services.openssh = {
enable = true;
passwordAuthentication = false;
settings.PasswordAuthentication = false;
};
users.users.root = {
openssh.authorizedKeys.keys = [
@ -298,7 +318,7 @@
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
system.stateVersion = "23.11"; # Did you read the comment?
# The nix-bitcoin release version that your config is compatible with.
# When upgrading to a backwards-incompatible release, nix-bitcoin will display an

View File

@ -87,6 +87,7 @@ read -rd '' src <<EOF || true
};
}
EOF
. "${BASH_SOURCE[0]%/*}"/../test/lib/extra-container-check-version.sh
extra-container shell -E "$src" "${runCmd[@]}"
# The container is automatically deleted at exit

View File

@ -1,11 +1,23 @@
# This is a system configuration template that uses nix-bitcoin.
#
# You can adapt this to an existing system flake by copying the parts
# relevant to nix-bitcoin.
#
# Make sure to check and edit all lines marked by 'FIXME:'
{
description = "A basic nix-bitcoin node";
inputs.nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release";
# You can also use a version branch to track a specific NixOS release
# inputs.nix-bitcoin.url = "github:fort-nix/nix-bitcoin/nixos-23.11";
outputs = { self, nix-bitcoin }: {
inputs.nixpkgs.follows = "nix-bitcoin/nixpkgs";
inputs.nixpkgs-unstable.follows = "nix-bitcoin/nixpkgs-unstable";
nixosConfigurations.mynode = nix-bitcoin.inputs.nixpkgs.lib.nixosSystem {
outputs = { self, nixpkgs, nix-bitcoin, ... }: {
nixosConfigurations.mynode = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
nix-bitcoin.nixosModules.default
@ -21,21 +33,25 @@
# The secrets are stored in /etc/nix-bitcoin-secrets
nix-bitcoin.generateSecrets = true;
# Enable services.
# Enable some services.
# See ../configuration.nix for all available features.
services.bitcoind.enable = true;
services.clightning.enable = true;
# When using nix-bitcoin as part of a larger NixOS configuration, set the following to enable
# interactive access to nix-bitcoin features (like bitcoin-cli) for your system's main user
nix-bitcoin.operator = {
enable = true;
name = "main"; # Set this to your system's main user
# FIXME: Set this to your system's main user
name = "main";
};
# The system's main unprivileged user. This setting is usually part of your
# existing NixOS configuration.
# The system's main unprivileged user.
# In an existing NixOS configuration, this setting is usually already defined.
users.users.main = {
isNormalUser = true;
# FIXME: This is unsafe. Use `hashedpassword` or `passwordFile` instead in a real
# deployment: https://search.nixos.org/options?show=users.users.%3Cname%3E.hashedPassword
password = "a";
};

View File

@ -3,6 +3,5 @@
./configuration.nix
<nix-bitcoin/modules/deployment/krops.nix>
<qemu-vm/vm-config.nix>
<nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
];
}

View File

@ -40,10 +40,11 @@ rec {
Welcome to nix-bitcoin!
To explore running services, try the following commands:
- nodeinfo
- systemctl status bitcoind
- systemctl status clightning
- lightning-cli getinfo
nodeinfo
systemctl status bitcoind
systemctl status clightning
bitcoin-cli -getinfo
lightning-cli getinfo
'';
# Power off VM when the user exits the shell

View File

@ -10,11 +10,11 @@
]
},
"locked": {
"lastModified": 1679648217,
"narHash": "sha256-aq2J5Hj5IE8X8X/7v3n0wcv8n+FLzzENbcCF9xqhxAc=",
"lastModified": 1699821751,
"narHash": "sha256-UlId5jvJFmkVcKpn0oZ2VTvWAc/mZy6butRZGk73xXM=",
"owner": "erikarvstedt",
"repo": "extra-container",
"rev": "40c73f5e3292e73d6ce91625d9751be84fde17cb",
"rev": "842912907bf189ef17a80ca09ba37b6bdfc76c49",
"type": "github"
},
"original": {
@ -28,11 +28,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@ -43,27 +43,27 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1681482634,
"narHash": "sha256-cT/nr3L8khEYZSGp8qqwxFH+/q4/547MfyOdSj6MhBk=",
"lastModified": 1702233072,
"narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fda0d99c2cbbb5c89d8855d258cb0821bd9113ad",
"rev": "781e2a9797ecf0f146e81425c822dca69fe4a348",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-22.11",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1681571934,
"narHash": "sha256-Q3B3HTqhTahhPCT53ahK1FPktOXlEWmudSttd9CWGbE=",
"lastModified": 1701336116,
"narHash": "sha256-kEmpezCR/FpITc6yMbAh4WrOCiT2zg5pSjnKrq51h5Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "29176972b4be60f7d3eb3101f696c99f2e6ada57",
"rev": "f5c27c6136db4d76c30e533c20517df6864c46ee",
"type": "github"
},
"original": {

View File

@ -5,7 +5,7 @@
'';
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils";
extra-container = {

Binary file not shown.

View File

@ -6,42 +6,45 @@ BRANCH=master
GIT_REMOTE=origin
OAUTH_TOKEN=
DRY_RUN=
TAG_NAME=
releaseVersion=
trap 'echo "Error at ${BASH_SOURCE[0]}:$LINENO"' ERR
cd "${BASH_SOURCE[0]%/*}"
for arg in "$@"; do
case $arg in
--dry-run|-n)
DRY_RUN=1
;;
*)
TAG_NAME="$arg"
releaseVersion="$arg"
;;
esac
done
if [[ ! $TAG_NAME ]]; then
echo "$0 [--dry-run|-n] <tag_name>"
exit
latestVersion=$(curl -fsS https://api.github.com/repos/$REPO/releases/latest | jq -r '.tag_name' | tail -c +2)
if [[ ! $releaseVersion ]]; then
# Increment the lowest/last part of `latestVersion`
releaseVersion=$(echo "$latestVersion" | awk -F. '/[0-9]+\./{$NF++;print}' OFS=.)
fi
if [[ $DRY_RUN ]]; then
echo "Dry run"
else
OAUTH_TOKEN=$(pass show nix-bitcoin/github/oauth-token)
if [[ ! $OAUTH_TOKEN ]]; then
echo "Please set OAUTH_TOKEN variable"
echo "Error fetching OAUTH_TOKEN"
exit 1
fi
fi
cd "${BASH_SOURCE[0]%/*}"
RESPONSE=$(curl https://api.github.com/repos/$REPO/releases/latest 2> /dev/null)
echo "Latest release" "$(echo "$RESPONSE" | jq -r '.tag_name' | tail -c +2)"
echo "Latest release: $latestVersion"
if [[ ! $DRY_RUN ]]; then
while true; do
read -rp "Create release ${TAG_NAME}? [yn] " yn
read -rp "Create release ${releaseVersion}? [yn] " yn
case $yn in
[Yy]* ) break;;
[Nn]* ) exit;;
@ -50,9 +53,16 @@ if [[ ! $DRY_RUN ]]; then
done
fi
nixosVersion=$(sed -nE 's|.*system.stateVersion = "(.*?)".*|\1|p' ../examples/configuration.nix)
if [[ ! $nixosVersion ]]; then
echo "Error fetching NixOS version"
exit 1
fi
nixosVersionBranch=nixos-$nixosVersion
TMPDIR=$(mktemp -d)
if [[ ! $DRY_RUN ]]; then trap 'rm -rf $TMPDIR' EXIT; fi
ARCHIVE_NAME=nix-bitcoin-$TAG_NAME.tar.gz
ARCHIVE_NAME=nix-bitcoin-$releaseVersion.tar.gz
ARCHIVE=$TMPDIR/$ARCHIVE_NAME
# Need to be in the repo root directory for archiving
@ -70,12 +80,16 @@ nix hash to-sri --type sha256 "$(nix-prefetch-url --unpack "file://$ARCHIVE" 2>
gpg -o nar-hash.txt.asc -a --detach-sig nar-hash.txt
if [[ $DRY_RUN ]]; then
echo "Created v$TAG_NAME in $TMPDIR"
echo "Created v$releaseVersion in $TMPDIR"
echo "NixOS version branch: $nixosVersionBranch"
exit 0
fi
POST_DATA="{ \"tag_name\": \"v$TAG_NAME\", \"name\": \"nix-bitcoin-$TAG_NAME\", \"body\": \"nix-bitcoin-$TAG_NAME\", \"target_comitish\": \"$BRANCH\" }"
RESPONSE=$(curl -H "Authorization: token $OAUTH_TOKEN" -d "$POST_DATA" https://api.github.com/repos/$REPO/releases 2> /dev/null)
#―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
# Create release
POST_DATA="{ \"tag_name\": \"v$releaseVersion\", \"name\": \"nix-bitcoin-$releaseVersion\", \"body\": \"nix-bitcoin-$releaseVersion\", \"target_comitish\": \"$BRANCH\" }"
RESPONSE=$(curl -fsS -H "Authorization: token $OAUTH_TOKEN" -d "$POST_DATA" https://api.github.com/repos/$REPO/releases)
ID=$(echo "$RESPONSE" | jq -r '.id')
if [[ $ID == null ]]; then
echo "Failed to create release with $POST_DATA"
@ -84,8 +98,8 @@ fi
post_asset() {
GH_ASSET="https://uploads.github.com/repos/$REPO/releases/$ID/assets?name="
curl -H "Authorization: token $OAUTH_TOKEN" --data-binary "@$1" -H "Content-Type: application/octet-stream" \
"$GH_ASSET/$(basename "$1")" &> /dev/null
curl -fsS -H "Authorization: token $OAUTH_TOKEN" --data-binary "@$1" -H "Content-Type: application/octet-stream" \
"$GH_ASSET/$(basename "$1")"
}
post_asset nar-hash.txt
post_asset nar-hash.txt.asc
@ -98,7 +112,8 @@ post_asset "$SHA256SUMS.asc"
popd >/dev/null
if [[ ! $DRY_RUN ]]; then
git push "$GIT_REMOTE" "${BRANCH}:release"
git push "$GIT_REMOTE" "$BRANCH:release"
git push "$GIT_REMOTE" "$BRANCH:$nixosVersionBranch"
fi
echo "Successfully created" "$(echo "$POST_DATA" | jq -r .tag_name)"

View File

@ -1,3 +1,5 @@
#!/usr/bin/env bash
set -euo pipefail
# The file that defines the derivation that should be updated

View File

@ -49,7 +49,7 @@ let
cfg = config.services.backups;
# Potential backup file paths are are matched against filelist
# Potential backup file paths are matched against filelist
# entries from top to bottom.
# The first match determines inclusion or exclusion.
filelist = builtins.toFile "filelist.txt" ''
@ -106,7 +106,7 @@ in {
systemd.services.duplicity = {
wants = postgresqlBackupServices;
after = postgresqlBackupServices;
after = postgresqlBackupServices ++ [ "nix-bitcoin-secrets.target" ];
};
services.postgresqlBackup = {

View File

@ -2,6 +2,7 @@
[
"echo"
"getinfo"
"getindexinfo"
"help"
"ping"
"uptime"

View File

@ -414,6 +414,8 @@ in {
# Enable RPC access for group
postStart = ''
chmod g=r '${cfg.dataDir}/${optionalString cfg.regtest "regtest/"}.cookie'
'' + (optionalString cfg.regtest) ''
chmod g=x '${cfg.dataDir}/regtest'
'';
serviceConfig = nbLib.defaultHardening // {

View File

@ -138,16 +138,16 @@ in {
enable = true;
ensureDatabases = [ "btcpaydb" "nbxplorer" ];
ensureUsers = [
{
name = cfg.btcpayserver.user;
ensurePermissions."DATABASE btcpaydb" = "ALL PRIVILEGES";
}
{
name = cfg.nbxplorer.user;
ensurePermissions."DATABASE nbxplorer" = "ALL PRIVILEGES";
}
{ name = cfg.btcpayserver.user; }
{ name = cfg.nbxplorer.user; }
];
};
systemd.services.postgresql.postStart = lib.mkAfter ''
$PSQL -tAc '
ALTER DATABASE "btcpaydb" OWNER TO "${cfg.btcpayserver.user}";
ALTER DATABASE "nbxplorer" OWNER TO "${cfg.nbxplorer.user}";
'
'';
systemd.tmpfiles.rules = [
"d '${cfg.nbxplorer.dataDir}' 0770 ${cfg.nbxplorer.user} ${cfg.nbxplorer.group} - -"
@ -174,7 +174,7 @@ in {
in rec {
wantedBy = [ "multi-user.target" ];
requires = [ "bitcoind.service" "postgresql.service" ] ++ optional cfg.btcpayserver.lbtc "liquidd.service";
after = requires;
after = requires ++ [ "nix-bitcoin-secrets.target" ];
preStart = ''
install -m 600 ${configFile} '${cfg.nbxplorer.dataDir}/settings.config'
{

View File

@ -56,6 +56,7 @@ let cfg = config.services.clightning.plugins.clboss; in
clboss-max-channel=${toString cfg.max-channel}
clboss-zerobasefee=${cfg.zerobasefee}
'';
systemd.services.clightning.path = [
pkgs.dnsutils
] ++ optional config.services.clightning.tor.proxy (hiPrio config.nix-bitcoin.torify);

View File

@ -5,24 +5,36 @@ let cfg = config.services.clightning.plugins.trustedcoin; in
{
options.services.clightning.plugins.trustedcoin = {
enable = mkEnableOption "Trustedcoin (clightning plugin)";
package = mkOption {
type = types.package;
default = config.nix-bitcoin.pkgs.trustedcoin;
defaultText = "config.nix-bitcoin.pkgs.trustedcoin";
description = mdDoc "The package providing trustedcoin binaries.";
};
tor.proxy = mkOption {
type = types.bool;
default = config.services.clightning.tor.proxy;
description = mdDoc "Whether to proxy outgoing connections with Tor.";
};
};
config = mkIf cfg.enable {
services.clightning.extraConfig = ''
plugin=${cfg.package}/bin/trustedcoin
disable-plugin=bcli
'';
services.clightning = {
useBcliPlugin = false;
extraConfig = ''
plugin=${cfg.package}/bin/trustedcoin
'';
tor.enforce = mkIf (!cfg.tor.proxy) false;
};
# Trustedcoin does not honor the clightning's proxy configuration.
# Ref.: https://github.com/nbd-wtf/trustedcoin/pull/19
systemd.services.clightning.environment = mkIf (config.services.clightning.proxy != null) {
HTTPS_PROXY = "socks5://${config.services.clightning.proxy}";
systemd.services.clightning.environment = mkIf (cfg.tor.proxy) {
HTTPS_PROXY = let
clnProxy = config.services.clightning.proxy;
proxy = if clnProxy != null then clnProxy else config.nix-bitcoin.torClientAddressWithPort;
in
"socks5://${proxy}";
};
};
}

View File

@ -97,6 +97,7 @@ in {
Restart = "on-failure";
RestartSec = "10s";
ReadWritePaths = [ cfg.dataDir ];
inherit (nbLib.allowNetlink) RestrictAddressFamilies;
} // nbLib.allowedIPAddresses cfg.tor.enforce
// nbLib.nodejs;
};

View File

@ -49,6 +49,15 @@ let
parameters, as fully qualified data source name.
'';
};
useBcliPlugin = mkOption {
type = types.bool;
default = true;
description = ''
Use bitcoind (via plugin `bcli`) for getting block data.
This option is disabled by plugins that use other sources for
fetching block data, like `trustedcoin`.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
@ -107,15 +116,19 @@ let
network = bitcoind.makeNetworkName "bitcoin" "regtest";
configFile = pkgs.writeText "config" ''
network=${network}
${optionalString (!cfg.plugins.trustedcoin.enable) "bitcoin-datadir=${bitcoind.dataDir}"}
${
if cfg.useBcliPlugin then ''
bitcoin-datadir=${config.services.bitcoind.dataDir}
'' else ''
disable-plugin=bcli
''
}
${optionalString (cfg.proxy != null) "proxy=${cfg.proxy}"}
always-use-proxy=${boolToString cfg.always-use-proxy}
bind-addr=${cfg.address}:${toString cfg.port}
bitcoin-rpcconnect=${nbLib.address bitcoind.rpc.address}
bitcoin-rpcport=${toString bitcoind.rpc.port}
bitcoin-rpcuser=${bitcoind.rpc.users.public.name}
rpc-file-mode=0660
log-timestamps=false
${optionalString (cfg.wallet != null) "wallet=${cfg.wallet}"}
@ -152,18 +165,20 @@ in {
];
systemd.services.clightning = {
path = [ nbPkgs.bitcoind ];
path = [ bitcoind.package ];
wantedBy = [ "multi-user.target" ];
requires = [ "bitcoind.service" ];
after = [ "bitcoind.service" ];
after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
preStart = ''
# The RPC socket has to be removed otherwise we might have stale sockets
# Remove an existing socket so that `postStart` can detect when when a new
# socket has been created and clightning is ready to accept RPC connections.
# This will no longer be needed when clightning supports systemd startup notifications.
rm -f ${cfg.networkDir}/lightning-rpc
umask u=rw,g=r,o=
{
cat ${configFile}
echo "bitcoin-rpcpassword=$(cat ${config.nix-bitcoin.secretsDir}/bitcoin-rpcpassword-public)"
${optionalString (cfg.getPublicAddressCmd != "") ''
echo "announce-addr=$(${cfg.getPublicAddressCmd}):${toString publicPort}"
''}

View File

@ -68,7 +68,7 @@ in {
systemd.services.electrs = {
wantedBy = [ "multi-user.target" ];
requires = [ "bitcoind.service" ];
after = [ "bitcoind.service" ];
after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
preStart = ''
echo "auth = \"${bitcoind.rpc.users.public.name}:$(cat ${secretsDir}/bitcoin-rpcpassword-public)\"" \
> electrs.toml

View File

@ -112,7 +112,7 @@ in {
systemd.services.fulcrum = {
wantedBy = [ "multi-user.target" ];
requires = [ "bitcoind.service" ];
after = [ "bitcoind.service" ];
after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
preStart = ''
{
cat ${configFile}

View File

@ -75,7 +75,7 @@ in {
systemd.services.joinmarket-ob-watcher = rec {
wantedBy = [ "multi-user.target" ];
requires = [ "tor.service" "bitcoind.service" ];
after = requires;
after = requires ++ [ "nix-bitcoin-secrets.target" ];
# The service writes to HOME/.config/matplotlib
environment.HOME = cfg.dataDir;
preStart = ''

View File

@ -158,7 +158,7 @@ let
onion_serving_host = ${cfg.messagingAddress}
onion_serving_port = ${toString cfg.messagingPort}
hidden_service_dir =
directory_nodes = 3kxw6lf5vf6y26emzwgibzhrzhmhqiw6ekrek3nqfjjmhwznb2moonad.onion:5222,jmdirjmioywe2s5jad7ts6kgcqg66rj6wujj6q77n6wbdrgocqwexzid.onion:5222,bqlpq6ak24mwvuixixitift4yu42nxchlilrcqwk2ugn45tdclg42qid.onion:5222
directory_nodes = g3hv4uynnmynqqq2mchf3fcm3yd46kfzmcdogejuckgwknwyq5ya6iad.onion:5222,3kxw6lf5vf6y26emzwgibzhrzhmhqiw6ekrek3nqfjjmhwznb2moonad.onion:5222,bqlpq6ak24mwvuixixitift4yu42nxchlilrcqwk2ugn45tdclg42qid.onion:5222
# irc.darkscience.net
[MESSAGING:server1]
@ -191,7 +191,7 @@ let
[DAEMON]
no_daemon = 0
daemon_port = 27183
daemon_host = localhost
daemon_host = 127.0.0.1
use_ssl = false
[BLOCKCHAIN]
@ -212,6 +212,7 @@ let
segwit = true
native = true
merge_algorithm = default
gaplimit = 6
tx_fees = 3
tx_fees_factor = 0.2
absurd_fee_per_kb = 350000
@ -252,7 +253,6 @@ let
txfee_contribution_factor = ${toString yg.txfee_contribution_factor}
minsize = ${toString yg.minsize}
size_factor = ${toString yg.size_factor}
gaplimit = 6
[SNICKER]
enabled = false
@ -303,7 +303,7 @@ in {
systemd.services.joinmarket = {
wantedBy = [ "multi-user.target" ];
requires = [ "bitcoind.service" ];
after = [ "bitcoind.service" ];
after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
preStart = ''
{
cat ${configFile}
@ -387,7 +387,7 @@ in {
systemd.services.joinmarket-yieldgenerator = {
wantedBy = [ "joinmarket.service" ];
requires = [ "joinmarket.service" ];
after = [ "joinmarket.service" ];
after = [ "joinmarket.service" "nix-bitcoin-secrets.target" ];
script = ''
tr -d "\n" <"${secretsDir}/jm-wallet-password" \
| ${nbPkgs.joinmarket}/bin/jm-yg-privacyenhanced --datadir='${cfg.dataDir}' \

View File

@ -6,7 +6,7 @@ let
enable = mkEnableOption "Lightning Loop, a non-custodial off/on chain bridge";
rpcAddress = mkOption {
type = types.str;
default = "localhost";
default = "127.0.0.1";
description = mdDoc "Address to listen for gRPC connections.";
};
rpcPort = mkOption {
@ -121,12 +121,12 @@ in {
"d '${cfg.dataDir}' 0770 ${lnd.user} ${lnd.group} - -"
];
services.lightning-loop.certificate.extraIPs = mkIf (cfg.rpcAddress != "localhost") [ "${cfg.rpcAddress}" ];
services.lightning-loop.certificate.extraIPs = mkIf (cfg.rpcAddress != "127.0.0.1") [ "${cfg.rpcAddress}" ];
systemd.services.lightning-loop = {
wantedBy = [ "multi-user.target" ];
requires = [ "lnd.service" ];
after = [ "lnd.service" ];
after = [ "lnd.service" "nix-bitcoin-secrets.target" ];
serviceConfig = nbLib.defaultHardening // {
ExecStart = "${cfg.package}/bin/loopd --configfile=${configFile}";
User = lnd.user;

View File

@ -6,7 +6,7 @@ let
enable = mkEnableOption "Lightning Pool, a marketplace for inbound lightning liquidity ";
rpcAddress = mkOption {
type = types.str;
default = "localhost";
default = "127.0.0.1";
description = mdDoc "Address to listen for gRPC connections.";
};
rpcPort = mkOption {

View File

@ -256,7 +256,7 @@ in {
systemd.services.liquidd = {
requires = [ "bitcoind.service" ];
after = [ "bitcoind.service" ];
after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
wantedBy = [ "multi-user.target" ];
preStart = ''
install -m 640 ${configFile} '${cfg.dataDir}/elements.conf'

View File

@ -6,7 +6,7 @@ let
enable = mkEnableOption "Lightning Network daemon, a Lightning Network implementation in Go";
address = mkOption {
type = types.str;
default = "localhost";
default = "127.0.0.1";
description = mdDoc "Address to listen for peer connections";
};
port = mkOption {
@ -16,7 +16,7 @@ let
};
rpcAddress = mkOption {
type = types.str;
default = "localhost";
default = "127.0.0.1";
description = mdDoc "Address to listen for RPC connections.";
};
rpcPort = mkOption {
@ -26,7 +26,7 @@ let
};
restAddress = mkOption {
type = types.str;
default = "localhost";
default = "127.0.0.1";
description = mdDoc "Address to listen for REST connections.";
};
restPort = mkOption {
@ -224,12 +224,12 @@ in {
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
];
services.lnd.certificate.extraIPs = mkIf (cfg.rpcAddress != "localhost") [ "${cfg.rpcAddress}" ];
services.lnd.certificate.extraIPs = mkIf (cfg.rpcAddress != "127.0.0.1") [ "${cfg.rpcAddress}" ];
systemd.services.lnd = {
wantedBy = [ "multi-user.target" ];
requires = [ "bitcoind.service" ];
after = [ "bitcoind.service" ];
after = [ "bitcoind.service" "nix-bitcoin-secrets.target" ];
preStart = ''
install -m600 ${configFile} '${cfg.dataDir}/lnd.conf'
{

332
modules/mempool.nix Normal file
View File

@ -0,0 +1,332 @@
{ config, lib, pkgs, ... }:
with lib;
let
options.services = {
mempool = {
enable = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Enable Mempool, a fully featured Bitcoin visualizer, explorer, and API service.
Note: Mempool enables `txindex` in bitcoind (this is a requirement).
This module has two components:
- A backend service (systemd service `mempool`)
- An optional web interface run by nginx, defined by options `services.mempool.frontend.*`.
The frontend is enabled by default when mempool is enabled.
For details, see `services.mempool.frontend.enable`.
'';
};
frontend = {
enable = mkOption {
type = types.bool;
default = cfg.enable;
description = mdDoc ''
Enable the mempool frontend (web interface).
This starts a simple nginx instance, configured for local usage with
settings similar to the `mempool/frontend` Docker image.
IMPORTANT:
If you want to expose the mempool frontend to the internet, you
should create a custom nginx config that includes TLS, backend caching, rate limiting
and performance tuning.
For this task, reuse the config snippets from option `services.mempool.frontend.nginxConfig`.
See also: https://github.com/fort-nix/nixbitcoin.org/blob/master/website/mempool.nix,
which contains a mempool nginx config for public hosting (running at
https://mempool.nixbitcoin.org).
'';
};
address = mkOption {
type = types.str;
default = "127.0.0.1";
description = mdDoc "HTTP server address.";
};
port = mkOption {
type = types.port;
default = 60845; # A random private port
description = mdDoc "HTTP server port.";
};
staticContentRoot = mkOption {
type = types.path;
default = nbPkgs.mempool-frontend;
defaultText = "config.nix-bitcoin.pkgs.mempool-frontend";
description = mdDoc "
Path of the static frontend content root.
";
};
nginxConfig = mkOption {
readOnly = true;
default = frontend.nginxConfig;
defaultText = "(See source)";
description = mdDoc "
An attrset of nginx config snippets for assembling a custom
mempool nginx config.
For details, see the source comments at the point of definition.
";
};
};
address = mkOption {
type = types.str;
default = "127.0.0.1";
description = mdDoc "Mempool backend address.";
};
port = mkOption {
type = types.port;
default = 8999;
description = mdDoc "Mempool backend port.";
};
electrumServer = mkOption {
type = types.enum [ "electrs" "fulcrum" ];
default = "electrs";
description = mdDoc ''
The Electrum server to use for fetching address information.
Possible options:
- electrs:
Small database size, slow when querying new addresses.
- fulcrum:
Large database size, quickly serves arbitrary address queries.
'';
};
settings = mkOption {
type = with types; attrsOf (attrsOf anything);
example = {
MEMPOOL = {
POLL_RATE_MS = 3000;
STDOUT_LOG_MIN_PRIORITY = "debug";
};
PRICE_DATA_SERVER = {
CLEARNET_URL = "https://myserver.org/prices";
};
};
description = mdDoc ''
Mempool backend settings.
See here for possible options:
https://github.com/mempool/mempool/blob/master/backend/src/config.ts
'';
};
database = {
name = mkOption {
type = types.str;
default = "mempool";
description = mdDoc "Database name.";
};
};
package = mkOption {
type = types.package;
default = nbPkgs.mempool-backend;
defaultText = "config.nix-bitcoin.pkgs.mempool-backend";
description = mdDoc "The package providing mempool binaries.";
};
user = mkOption {
type = types.str;
default = "mempool";
description = mdDoc "The user as which to run Mempool.";
};
group = mkOption {
type = types.str;
default = cfg.user;
description = mdDoc "The group as which to run Mempool.";
};
tor = nbLib.tor;
};
# Internal read-only options used by `./nodeinfo.nix` and `./onion-services.nix`
mempool-frontend = let
mkAlias = default: mkOption {
internal = true;
readOnly = true;
inherit default;
};
in {
enable = mkAlias cfg.frontend.enable;
address = mkAlias cfg.frontend.address;
port = mkAlias cfg.frontend.port;
};
};
cfg = config.services.mempool;
nbLib = config.nix-bitcoin.lib;
nbPkgs = config.nix-bitcoin.pkgs;
secretsDir = config.nix-bitcoin.secretsDir;
configFile = builtins.toFile "mempool-config" (builtins.toJSON cfg.settings);
cacheDir = "/var/cache/mempool";
inherit (config.services)
bitcoind
electrs
fulcrum;
torSocket = config.services.tor.client.socksListenAddress;
# See the `services.nginx` definition further below below
# on how to use these snippets.
frontend.nginxConfig = {
# This must be added to `services.nginx.commonHttpConfig` when
# `mempool/location-static.conf` is used
httpConfig = ''
include ${nbPkgs.mempool-nginx-conf}/mempool/http-language.conf;
'';
# This should be added to `services.nginx.virtualHosts.<mempool server name>.extraConfig`
staticContent = ''
index index.html;
add_header Cache-Control "public, no-transform";
add_header Vary Accept-Language;
add_header Vary Cookie;
include ${nbPkgs.mempool-nginx-conf}/mempool/location-static.conf;
# Redirect /api to /docs/api
location = /api {
return 308 https://$host/docs/api;
}
location = /api/ {
return 308 https://$host/docs/api;
}
'';
# This should be added to `services.nginx.virtualHosts.<mempool server name>.extraConfig`
proxyApi = let
backend = "http://${nbLib.addressWithPort cfg.address cfg.port}";
in ''
location /api/ {
proxy_pass ${backend}/api/v1/;
}
location /api/v1 {
proxy_pass ${backend};
}
# Websocket API
location /api/v1/ws {
proxy_pass ${backend};
# Websocket header settings
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
# Relevant settings from `recommendedProxyConfig` (nixos/nginx/default.nix)
# (In the above api locations, this are inherited from the parent scope)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
'';
};
in {
inherit options;
config = mkIf cfg.enable {
services.bitcoind.txindex = true;
services.electrs.enable = mkIf (cfg.electrumServer == "electrs" ) true;
services.fulcrum.enable = mkIf (cfg.electrumServer == "fulcrum" ) true;
services.mysql = {
enable = true;
package = pkgs.mariadb;
ensureDatabases = [ cfg.database.name ];
ensureUsers = [
{
name = cfg.user;
ensurePermissions."${cfg.database.name}.*" = "ALL PRIVILEGES";
}
];
};
# Available options:
# https://github.com/mempool/mempool/blob/master/backend/src/config.ts
services.mempool.settings = {
MEMPOOL = {
# mempool doesn't support regtest
NETWORK = "mainnet";
BACKEND = "electrum";
HTTP_PORT = cfg.port;
CACHE_DIR = "${cacheDir}/cache";
STDOUT_LOG_MIN_PRIORITY = mkDefault "info";
};
CORE_RPC = {
HOST = bitcoind.rpc.address;
PORT = bitcoind.rpc.port;
USERNAME = bitcoind.rpc.users.public.name;
PASSWORD = "@btcRpcPassword@";
};
ELECTRUM = let
server = config.services.${cfg.electrumServer};
in {
HOST = server.address;
PORT = server.port;
TLS_ENABLED = false;
};
DATABASE = {
ENABLED = true;
DATABASE = cfg.database.name;
SOCKET = "/run/mysqld/mysqld.sock";
};
} // optionalAttrs (cfg.tor.proxy) {
# Use Tor for rate fetching
SOCKS5PROXY = {
ENABLED = true;
USE_ONION = true;
HOST = torSocket.addr;
PORT = torSocket.port;
};
};
systemd.services.mempool = {
wantedBy = [ "multi-user.target" ];
requires = [ "${cfg.electrumServer}.service" ];
after = [ "${cfg.electrumServer}.service" "mysql.service" ];
preStart = ''
mkdir -p '${cacheDir}/cache'
<${configFile} sed \
-e "s|@btcRpcPassword@|$(cat ${secretsDir}/bitcoin-rpcpassword-public)|" \
> '${cacheDir}/config.json'
'';
environment.MEMPOOL_CONFIG_FILE = "${cacheDir}/config.json";
serviceConfig = nbLib.defaultHardening // {
ExecStart = "${cfg.package}/bin/mempool-backend";
CacheDirectory = "mempool";
CacheDirectoryMode = "770";
# Show "mempool" instead of "node" in the journal
SyslogIdentifier = "mempool";
User = cfg.user;
Restart = "on-failure";
RestartSec = "10s";
} // nbLib.allowedIPAddresses cfg.tor.enforce
// nbLib.nodejs;
};
services.nginx = mkIf cfg.frontend.enable {
enable = true;
enableReload = true;
recommendedBrotliSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = frontend.nginxConfig.httpConfig;
virtualHosts."mempool" = {
serverName = "_";
listen = [ { addr = cfg.frontend.address; port = cfg.frontend.port; } ];
root = cfg.frontend.staticContentRoot;
extraConfig =
frontend.nginxConfig.staticContent +
frontend.nginxConfig.proxyApi;
};
};
users.users.${cfg.user} = {
isSystemUser = true;
group = cfg.group;
extraGroups = [ "bitcoinrpc-public" ];
};
users.groups.${cfg.group} = {};
};
}

View File

@ -14,13 +14,13 @@
./clightning-plugins
./clightning-rest.nix
./clightning-replication.nix
./spark-wallet.nix
./lnd.nix
./lightning-loop.nix
./lightning-pool.nix
./charge-lnd.nix
./lndconnect.nix # Requires onion-addresses.nix
./rtl.nix
./mempool.nix
./electrs.nix
./fulcrum.nix
./liquid.nix

View File

@ -244,10 +244,6 @@ in {
id = 16;
connections = [ "bitcoind" ];
};
spark-wallet = {
id = 17;
# communicates with clightning over lightning-rpc socket
};
nginx = {
id = 21;
};
@ -299,7 +295,14 @@ in {
id = 31;
connections = [ "bitcoind" ];
};
# id = 32 reserved for the upcoming mempool module
mempool = {
id = 32;
connections = [
"bitcoind"
"nginx"
(if (config.services.mempool.electrumServer == "electrs") then "electrs" else "fulcrum")
];
};
};
services.bitcoind = {
@ -332,11 +335,6 @@ in {
services.fulcrum.address = netns.fulcrum.address;
services.spark-wallet = {
address = netns.spark-wallet.address;
extraArgs = "--no-tls";
};
services.lightning-loop.rpcAddress = netns.lightning-loop.address;
services.nbxplorer.address = netns.nbxplorer.address;
@ -358,6 +356,9 @@ in {
services.rtl.address = netns.rtl.address;
services.clightning-rest.address = netns.clightning-rest.address;
services.mempool.address = netns.mempool.address;
services.mempool.frontend.address = netns.nginx.address;
}
]);
}

View File

@ -145,11 +145,16 @@ in {
clightning-rest = mkInfo "";
electrs = mkInfo "";
fulcrum = mkInfo "";
spark-wallet = mkInfo "";
btcpayserver = mkInfo "";
liquidd = mkInfo "";
joinmarket-ob-watcher = mkInfo "";
rtl = mkInfo "";
mempool = mkInfo "";
mempool-frontend = name: cfg: mkInfoLong {
inherit name cfg;
systemdServiceName = "nginx";
extraCode = "";
};
# Only add sshd when it has an onion service
sshd = name: cfg: mkIfOnionPort "sshd" (onionPort: ''
add_service("sshd", """info["onion_address"] = get_onion_address("sshd", ${onionPort})""")

View File

@ -0,0 +1,126 @@
{ config, lib, pkgs, ... }:
with lib;
let
options = {
services.lnd.nostr-wallet-connect = {
enable = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Add a `nostr-wallet-connect` binary to the system environment which prints
connection info for lnd clients.
See: https://github.com/getalby/nostr-wallet-connect
Usage:
```bash
# Print QR code
nostr-wallet-connect
# Print URL
nostr-wallet-connect --url
```
'';
};
onion = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Create an onion service for the lnd REST server,
which is used by nostr-wallet-connect.
'';
};
};
nix-bitcoin.mknostr-wallet-connect = mkOption {
readOnly = true;
default = mknostr-wallet-connect;
description = mdDoc ''
A function to create a nostr-wallet-connect binary.
See the source for further details.
'';
};
};
nbLib = config.nix-bitcoin.lib;
runAsUser = config.nix-bitcoin.runAsUserCmd;
inherit (config.services)
lnd;
mknostr-wallet-connect = {
name,
shebang ? "#!${pkgs.stdenv.shell} -e",
isClightning ? false,
port,
macaroonPath,
enableOnion,
onionService ? null,
certPath ? null
}:
# TODO-EXTERNAL:
# nostr-wallet-connect requires a --configfile argument, although it's unused
# https://github.com/LN-Zap/nostr-wallet-connect/issues/25
pkgs.hiPrio (pkgs.writeScriptBin name ''
${shebang}
url=$(
${getExe config.nix-bitcoin.pkgs.nostr-wallet-connect} --url \
${optionalString enableOnion "--host=$(cat ${config.nix-bitcoin.onionAddresses.dataDir}/${onionService})"} \
--port=${toString port} \
${if enableOnion || certPath == null then "--nocert" else "--tlscertpath='${certPath}'"} \
--adminmacaroonpath='${macaroonPath}' \
--configfile=/dev/null "$@"
)
# If --url is in args
if [[ " $* " =~ " --url " ]]; then
echo "$url"
else
# This UTF-8 encoding yields a smaller, more convenient output format
# compared to the native nostr-wallet-connect output
echo -n "$url" | ${getExe pkgs.qrencode} -t UTF8 -o -
fi
'');
operatorName = config.nix-bitcoin.operator.name;
in {
inherit options;
config = mkMerge [
(mkIf (lnd.enable && lnd.nostr-wallet-connect.enable)
(mkMerge [
{
environment.systemPackages = [(
mknostr-wallet-connect {
name = "nostr-wallet-connect";
# Run as lnd user because the macaroon and cert are not group-readable
shebang = "#!/usr/bin/env -S ${runAsUser} ${lnd.user} ${pkgs.bash}/bin/bash";
enableOnion = lnd.nostr-wallet-connect.onion;
onionService = "${lnd.user}/nwc-rest";
port = lnd.rpcPort;
certPath = lnd.certPath;
macaroonPath = "${lnd.networkDir}/admin.macaroon";
}
)];
services.lnd.restAddress = mkIf (!lnd.nostr-wallet-connect.onion) "0.0.0.0";
}
(mkIf lnd.nostr-wallet-connect.onion {
services.tor = {
enable = true;
relay.onionServices.nwc-rest = nbLib.mkOnionService {
target.addr = nbLib.address lnd.restAddress;
target.port = lnd.restPort;
port = lnd.restPort;
};
};
nix-bitcoin.onionAddresses.access = {
${lnd.user} = [ "nwc-rest" ];
${operatorName} = [ "nwc-rest" ];
};
})
]))
];
}

View File

@ -24,7 +24,6 @@ in {
(mkRenamedOptionModule [ "services" "bitcoind" "rpcthreads" ] [ "services" "bitcoind" "rpc" "threads" ])
(mkRenamedOptionModule [ "services" "clightning" "bind-addr" ] [ "services" "clightning" "address" ])
(mkRenamedOptionModule [ "services" "clightning" "bindport" ] [ "services" "clightning" "port" ])
(mkRenamedOptionModule [ "services" "spark-wallet" "host" ] [ "services" "spark-wallet" "address" ])
(mkRenamedOptionModule [ "services" "lnd" "rpclisten" ] [ "services" "lnd" "rpcAddress" ])
(mkRenamedOptionModule [ "services" "lnd" "listen" ] [ "services" "lnd" "address" ])
(mkRenamedOptionModule [ "services" "lnd" "listenPort" ] [ "services" "lnd" "port" ])
@ -75,7 +74,6 @@ in {
"lightning-pool"
"liquid"
"lnd"
"spark-wallet"
"bitcoind"
]) ++
(map mkRenamedEnforceTorOption [
@ -84,21 +82,32 @@ in {
"electrs"
]) ++
# 0.0.77
(
let
optionName = [ "services" "clightning" "plugins" "commando" ];
in [
(mkRemovedOptionModule (optionName ++ [ "enable" ]) ''
clightning 0.12.0 ships with a reimplementation of the commando plugin
that is incompatible with the commando module that existed in
nix-bitcoin. The new built-in commando plugin is always enabled. For
information on how to use it, run `lightning-cli help commando` and
`lightning-cli help commando-rune`.
'')
(mkRemovedOptionModule (optionName ++ [ "readers" ]) "")
(mkRemovedOptionModule (optionName ++ [ "writers" ]) "")
]);
[
(mkRemovedOptionModule [ "services" "clightning" "plugins" "commando" ] ''
clightning 0.12.0 ships with a reimplementation of the commando plugin
that is incompatible with the commando module that existed in
nix-bitcoin. The new built-in commando plugin is always enabled. For
information on how to use it, run `lightning-cli help commando` and
`lightning-cli help commando-rune`.
'')
] ++
# 0.0.92
[
(mkRemovedOptionModule [ "services" "spark-wallet" ] ''
Spark Lightning Wallet is unmaintained and incompatible with clightning
23.05. Therefore, the spark-wallet module has been removed from
nix-bitcoin. For a replacement, consider using the rtl (Ride The
Lightning) module or the clightning-rest module in combination with the
Zeus mobile wallet.
'')
]
++
# 0.0.98
[
(mkRemovedOptionModule [ "services" "clightning" "plugins" "clboss" "acknowledgeDeprecation" ] ''
`clboss` is maintained again and has been un-deprecated.
'')
];
config = {
# Migrate old clightning-rest datadir from nix-bitcoin versions < 0.0.70
systemd.services.clightning-rest-migrate-datadir = let

View File

@ -104,15 +104,6 @@ in {
# Set sensible defaults for some services
{
nix-bitcoin.onionServices = {
spark-wallet = {
externalPort = 80;
# Enable 'public' by default, but don't auto-enable the onion service.
# When the onion service is enabled, 'public' lets spark-wallet generate
# a QR code for accessing the web interface.
public = true;
# Low priority so we can override this with mkDefault in ./presets/enable-tor.nix
enable = mkOverride 1400 false;
};
btcpayserver = {
externalPort = 80;
};
@ -122,6 +113,9 @@ in {
rtl = {
externalPort = 80;
};
mempool-frontend = {
externalPort = 80;
};
};
}
];

View File

@ -26,8 +26,8 @@ in {
# TODO-EXTERNAL:
# disable Tor enforcement until btcpayserver can fetch rates over Tor
# btcpayserver = defaultEnableTorProxy;
spark-wallet = defaultEnableTorProxy;
lightning-pool = defaultEnableTorProxy;
mempool = defaultEnableTorProxy;
# These services don't make outgoing connections
# (or use Tor by default in case of joinmarket)
@ -48,7 +48,6 @@ in {
liquidd.enable = defaultTrue;
electrs.enable = defaultTrue;
fulcrum.enable = defaultTrue;
spark-wallet.enable = defaultTrue;
joinmarket-ob-watcher.enable = defaultTrue;
rtl.enable = defaultTrue;
};

View File

@ -25,6 +25,7 @@ in {
# Use doas instead of sudo
security.doas.enable = true;
security.sudo.enable = false;
environment.shellAliases.sudo = "doas";
environment.systemPackages = with pkgs; [
jq

View File

@ -183,8 +183,14 @@ in {
# Listen on all addresses, including `serverAddress`.
# This is safe because the listen ports are secured by the firewall.
services.lnd.restAddress = mkIf lndconnect "0.0.0.0";
# clightning-rest always listens on "0.0.0.0"
services.lnd = mkIf lndconnect {
restAddress = "0.0.0.0";
tor.enforce = false;
};
services.clightning-rest = mkIf lndconnect-clightning {
# clightning-rest always listens on "0.0.0.0"
tor.enforce = false;
};
nix-bitcoin.secrets = {
wg-server-private-key = {};

View File

@ -189,7 +189,7 @@ in {
wantedBy = [ "multi-user.target" ];
requires = optional cfg.nodes.clightning.enable "clightning-rest.service" ++
optional cfg.nodes.lnd.enable "lnd.service";
after = requires;
after = requires ++ [ "nix-bitcoin-secrets.target" ];
environment.RTL_CONFIG_PATH = cfg.dataDir;
environment.DB_DIRECTORY_PATH = cfg.dataDir;
serviceConfig = nbLib.defaultHardening // {

View File

@ -80,6 +80,7 @@ let
rpcauth = pkgs.writers.writeBash "rpcauth" ''
exec ${pkgs.python3}/bin/python ${rpcauthSrc} "$@"
'';
# Writes secrets to PWD
in pkgs.writers.writeBash "generate-secrets" ''
set -euo pipefail

View File

@ -1,98 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
options.services.spark-wallet = {
enable = mkEnableOption "spark-wallet";
address = mkOption {
type = types.str;
default = "localhost";
description = mdDoc "http(s) server address.";
};
port = mkOption {
type = types.port;
default = 9737;
description = mdDoc "http(s) server port.";
};
extraArgs = mkOption {
type = types.separatedString " ";
default = "";
description = mdDoc "Extra command line arguments passed to spark-wallet.";
};
getPublicAddressCmd = mkOption {
type = types.str;
default = "";
description = mdDoc ''
Bash expression which outputs the public service address.
If set, spark-wallet prints a QR code to the systemd journal which
encodes an URL for accessing the web interface.
'';
};
user = mkOption {
type = types.str;
default = "spark-wallet";
description = mdDoc "The user as which to run spark-wallet.";
};
group = mkOption {
type = types.str;
default = cfg.user;
description = mdDoc "The group as which to run spark-wallet.";
};
tor = nbLib.tor;
};
cfg = config.services.spark-wallet;
nbLib = config.nix-bitcoin.lib;
clightning = config.services.clightning;
# Use wasabi rate provider because the default (bitstamp) doesn't accept
# connections through Tor
torRateProvider = "--rate-provider wasabi --proxy socks5h://${config.nix-bitcoin.torClientAddressWithPort}";
startScript = ''
${optionalString (cfg.getPublicAddressCmd != "") ''
publicURL=(--public-url "http://$(${cfg.getPublicAddressCmd})")
''}
exec ${config.nix-bitcoin.pkgs.spark-wallet}/bin/spark-wallet \
--ln-path '${clightning.networkDir}' \
--host ${cfg.address} --port ${toString cfg.port} \
--config '${config.nix-bitcoin.secretsDir}/spark-wallet-login' \
${optionalString cfg.tor.proxy torRateProvider} \
${optionalString (cfg.getPublicAddressCmd != "") ''"''${publicURL[@]}"''} \
--pairing-qr --print-key ${cfg.extraArgs}
'';
in {
inherit options;
config = mkIf cfg.enable {
services.clightning.enable = true;
systemd.services.spark-wallet = {
wantedBy = [ "multi-user.target" ];
requires = [ "clightning.service" ];
after = [ "clightning.service" ];
script = startScript;
serviceConfig = nbLib.defaultHardening // {
User = cfg.user;
Restart = "on-failure";
RestartSec = "10s";
} // nbLib.allowedIPAddresses cfg.tor.enforce
// nbLib.nodejs;
};
users.users.${cfg.user} = {
isSystemUser = true;
group = cfg.group;
extraGroups = [ clightning.group ];
};
users.groups.${cfg.group} = {};
nix-bitcoin.secrets.spark-wallet-login.user = cfg.user;
nix-bitcoin.generateSecretsCmds.spark-wallet = ''
makePasswordSecret spark-wallet-password
if [[ spark-wallet-password -nt spark-wallet-login ]]; then
echo "login=spark-wallet:$(cat spark-wallet-password)" > spark-wallet-login
fi
'';
};
}

View File

@ -11,13 +11,16 @@ let
nix-bitcoin.configVersion = mkOption {
type = with types; nullOr str;
default = null;
example = "0.0.92";
description = mdDoc ''
Set this option to the nix-bitcoin release version that your config is
compatible with.
The nix-bitcoin release version that your config is compatible with.
When upgrading to a backwards-incompatible release, nix-bitcoin will throw an
error during evaluation and provide instructions for migrating your config to
the new release.
Once set, you only need to update this option when explicitly told to in an
error message during evaluation.
'';
};
};

View File

@ -1,7 +1,7 @@
# This is a modified version of
# https://github.com/NixOS/nixpkgs/pull/128749
{ lib, stdenvNoCC, makeWrapper, nodejs }:
{ lib, stdenvNoCC, makeWrapper, nodejs, cacert }:
{ src
, hash ? ""
@ -25,6 +25,9 @@ stdenvNoCC.mkDerivation ({
phases = "unpackPhase patchPhase buildPhase installPhase";
# npm doesn't support var `SSL_CERT_FILE`.
NODE_EXTRA_CA_CERTS = "${cacert}/etc/ssl/certs/ca-bundle.crt";
buildPhase = ''
runHook preBuild

View File

@ -1,24 +1,34 @@
{ lib, stdenv, fetchurl, pkgconfig, curl, libev, sqlite }:
{ lib, stdenv, fetchFromGitHub, autoconf-archive, autoreconfHook, pkg-config, curl, libev, sqlite }:
let
curlWithGnuTLS = curl.override { gnutlsSupport = true; opensslSupport = false; };
in
stdenv.mkDerivation rec {
pname = "clboss";
version = "0.13A";
version = "0.13";
src = fetchurl {
url = "https://github.com/ZmnSCPxj/clboss/releases/download/${version}/clboss-${version}.tar.gz";
hash = "sha256-LTDJrm9Mk4j7Z++tKJKawEurgF1TnYuIoj+APbDHll4=";
src = fetchFromGitHub {
owner = "ZmnSCPxj";
repo = "clboss";
rev = "v${version}";
hash = "sha256-NP9blymdqDXo/OtGLQg/MXK24PpPvCrzqXRdtfCvpfI=";
};
nativeBuildInputs = [ pkgconfig libev curlWithGnuTLS sqlite ];
nativeBuildInputs = [
autoreconfHook
autoconf-archive
pkg-config
libev
curlWithGnuTLS
sqlite
];
enableParallelBuilding = true;
meta = with lib; {
description = "Automated C-Lightning Node Manager";
homepage = "https://github.com/ZmnSCPxj/clboss";
changelog = "https://github.com/ZmnSCPxj/clboss/blob/v${version}/ChangeLog";
license = licenses.mit;
maintainers = with maintainers; [ nixbitcoin ];
platforms = platforms.linux;

View File

@ -6,8 +6,8 @@ let
src = pkgs.fetchFromGitHub {
owner = "lightningd";
repo = "plugins";
rev = "e625369423b00c70b23641662f62ccd898286edc";
sha256 = "04f30xlfr7pgdmdgka87x7sc9j82wc4zv7fbiqrjsc83dkmly81i";
rev = "ce078bb74e10b5dea779fcd9fbe77e1d3e72db7a";
hash = "sha256-SCHSJzXe1l14hVT47SU3lWDxKCKwwICjXjSDpjUX96U";
};
version = builtins.substring 0 7 src.rev;
@ -31,7 +31,7 @@ let
description = "Lightning node exporter for the prometheus timeseries server";
extraPkgs = [ prometheus_client ];
patchRequirements =
"--replace prometheus-client==0.6.0 prometheus-client==0.15.0"
"--replace prometheus-client==0.6.0 prometheus-client==0.17.1"
+ " --replace pyln-client~=0.9.3 pyln-client~=23.02";
};
rebalance = {
@ -68,7 +68,7 @@ let
# Check that requirements are met
PYTHONPATH='${toString python}/${python.sitePackages}' \
${pkgs.python3Packages.pip}/bin/pip install -r requirements.txt --no-cache --no-index
${pkgs.python3Packages.pip}/bin/pip install -r requirements.txt --no-cache --no-index --break-system-packages
chmod +x '${script}'
patchShebangs '${script}'

View File

@ -1,7 +1,7 @@
{ lib
, stdenvNoCC
, nodejs-16_x
, nodejs-slim-16_x
, nodejs-18_x
, nodejs-slim-18_x
, fetchNodeModules
, fetchurl
, makeWrapper
@ -9,20 +9,20 @@
}:
let self = stdenvNoCC.mkDerivation {
pname = "clightning-rest";
version = "0.9.0";
version = "0.10.7";
src = fetchurl {
url = "https://github.com/Ride-The-Lightning/c-lightning-REST/archive/refs/tags/v${self.version}.tar.gz";
hash = "sha256-1thorV/UivDDH7oqjfm8VTd47LYSGooR2yEoETgBOH4=";
hash = "sha256-m/djMQk+g994GaTW/yysD/eVgWcqY8cap41tot0UElI=";
};
passthru = {
nodejs = nodejs-16_x;
nodejsRuntime = nodejs-slim-16_x;
nodejs = nodejs-18_x;
nodejsRuntime = nodejs-slim-18_x;
nodeModules = fetchNodeModules {
inherit (self) src nodejs;
hash = "sha256-rQrAt2BDmNMUCVWxTJN3qoPonKlRWeJ8C4ZvF/gPygk=";
hash = "sha256-Dz4/kR4X34idfuPFFQJYE8yGIR3OSseDnkAhqbZ6iEI=";
};
};

View File

@ -2,7 +2,7 @@
set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "gnupg wget gnused" "$@"
version="0.9.0"
version="0.10.7"
repo=https://github.com/Ride-The-Lightning/c-lightning-REST
scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)

View File

@ -17,9 +17,12 @@ let self = {
lndinit = pkgs.callPackage ./lndinit { };
liquid-swap = pkgs.python3Packages.callPackage ./liquid-swap { };
rtl = pkgs.callPackage ./rtl { inherit (self) fetchNodeModules; };
inherit (pkgs.callPackage ./mempool { inherit (self) fetchNodeModules; })
mempool-backend
mempool-frontend
mempool-nginx-conf;
# The secp256k1 version used by joinmarket
secp256k1 = pkgs.callPackage ./secp256k1 { };
spark-wallet = pkgs.callPackage ./spark-wallet { };
trustedcoin = pkgs.callPackage ./trustedcoin { };
pyPkgs = import ./python-packages self pkgs.python3;

View File

@ -1,10 +1,12 @@
{ stdenv, lib, fetchurl, python3, nbPython3PackagesJoinmarket }:
{ stdenv, lib, fetchFromGitHub, python3, nbPython3PackagesJoinmarket }:
let
version = "0.9.8";
src = fetchurl {
url = "https://github.com/JoinMarket-Org/joinmarket-clientserver/archive/v${version}.tar.gz";
sha256 = "1ab4smpyx966iiiip3g11bcslya37qhac1kgkbmsmlsdkpilw9di";
version = "0.9.10";
src = fetchFromGitHub {
owner = "joinmarket-org";
repo = "joinmarket-clientserver";
rev = "v${version}";
hash = "sha256-uNweI7VKC16CFn8MNOAvadcSnTjK/Fznfy4qctM5PR8=";
};
runtimePackages = with nbPython3PackagesJoinmarket; [

View File

@ -1,25 +1,25 @@
#!/usr/bin/env bash
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p git gnupg jq
set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "git gnupg" "$@"
newVersion=$(curl -s "https://api.github.com/repos/joinmarket-org/joinmarket-clientserver/releases" | jq -r '.[0].tag_name')
TMPDIR="$(mktemp -d -p /tmp)"
trap 'rm -rf $TMPDIR' EXIT
cd "$TMPDIR"
echo "Fetching latest release"
git clone https://github.com/joinmarket-org/joinmarket-clientserver 2> /dev/null
cd joinmarket-clientserver
latest=$(git describe --tags "$(git rev-list --tags --max-count=1)")
echo "Latest release is $latest"
# GPG verification
export GNUPGHOME=$TMPDIR
# Fetch release and GPG-verify the content hash
tmpdir=$(mktemp -d /tmp/joinmarket-verify-gpg.XXX)
repo=$tmpdir/repo
git clone --depth 1 --branch "${newVersion}" -c advice.detachedHead=false https://github.com/joinmarket-org/joinmarket-clientserver "$repo"
export GNUPGHOME=$tmpdir
echo "Fetching Adam Gibson's key"
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 2B6FC204D9BF332D062B461A141001A1AF77F20B 2> /dev/null
echo "Verifying latest release"
git verify-tag "$latest"
echo "Fetch Kristaps Kaupe's key"
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 70A1D47DD44F59DF8B22244333E472FE870C7E5D 2> /dev/null
echo
echo "Verifying commit"
git -C "$repo" verify-commit HEAD
rm -rf "$repo"/.git
newHash=$(nix hash path "$repo")
rm -rf "$tmpdir"
echo
echo "tag: $latest"
# The prefix option is necessary because GitHub prefixes the archive contents in this format
echo "sha256: $(nix-hash --type sha256 --flat --base32 \
<(git archive --format tar.gz --prefix=joinmarket-clientserver-"${latest//v}"/ "$latest"))"
echo "tag: $newVersion"
echo "hash: $newHash"

View File

@ -41,8 +41,12 @@ let self = {
RestrictAddressFamilies = self.defaultHardening.RestrictAddressFamilies + " AF_NETLINK";
};
# nodejs applications require memory write execute for JIT compilation
nodejs = { MemoryDenyWriteExecute = false; };
nodejs = {
# Required for JIT compilation
MemoryDenyWriteExecute = false;
# Required by nodejs >= 18
SystemCallFilter = self.defaultHardening.SystemCallFilter ++ [ "@pkey" ];
};
# Allow takes precedence over Deny.
allowLocalIPAddresses = {

View File

@ -11,7 +11,7 @@ buildGoModule rec {
sha256 = "sha256-sO1DpbppCurxr9g9nUl9Vx82FJK1mTcUw3rY1Fm1wEU=";
};
vendorSha256 = "sha256-El44BS5Bu0K/klMxkajciU/R6uqiXBMOiLN536QztbE=";
vendorHash = "sha256-El44BS5Bu0K/klMxkajciU/R6uqiXBMOiLN536QztbE=";
subPackages = [ "." ];

143
pkgs/mempool/default.nix Normal file
View File

@ -0,0 +1,143 @@
{ lib
, stdenvNoCC
, nodejs-18_x
, nodejs-slim-18_x
, fetchFromGitHub
, fetchNodeModules
, runCommand
, makeWrapper
, curl
, cacert
, rsync
}:
rec {
nodejs = nodejs-18_x;
nodejsRuntime = nodejs-slim-18_x;
src = fetchFromGitHub {
owner = "mempool";
repo = "mempool";
rev = "v2.5.0";
hash = "sha256-8HmfytxRte3fQ0QKOljUVk9YAuaXhQQWuv3EFNmOgfQ=";
};
nodeModules = {
frontend = fetchNodeModules {
inherit src nodejs;
preBuild = "cd frontend";
hash = "sha256-/Z0xNvob7eMGpzdUWolr47vljpFiIutZpGwd0uYhPWI=";
};
backend = fetchNodeModules {
inherit src nodejs;
preBuild = "cd backend";
hash = "sha256-HpzzSTuSRWDWGbctVhTcUA01if/7OTI4xN3DAbAAX+U=";
};
};
frontendAssets = fetchFiles {
name = "mempool-frontend-assets";
hash = "sha256-3TmulAfzJJMf0UFhnHEqjAnzc1TNC5DM2XcsU7eyinY=";
fetcher = ./frontend-assets-fetch.sh;
};
mempool-backend = mkDerivationMempool {
pname = "mempool-backend";
buildPhase = ''
cd backend
${sync} --chmod=+w ${nodeModules.backend}/lib/node_modules .
patchShebangs node_modules
npm run package
runHook postBuild
'';
installPhase = ''
mkdir -p $out/lib/mempool-backend
${sync} package/ $out/lib/mempool-backend
makeWrapper ${nodejsRuntime}/bin/node $out/bin/mempool-backend \
--add-flags $out/lib/mempool-backend/index.js
runHook postInstall
'';
passthru = {
inherit nodejs nodejsRuntime;
};
};
mempool-frontend = mkDerivationMempool {
pname = "mempool-frontend";
buildPhase = ''
cd frontend
${sync} --chmod=+w ${nodeModules.frontend}/lib/node_modules .
patchShebangs node_modules
# sync-assets.js is called during `npm run build` and downloads assets from the
# internet. Disable this script and instead add the assets manually after building.
: > sync-assets.js
# If this produces incomplete output (when run in a different build setup),
# see https://github.com/mempool/mempool/issues/1256
npm run build
# Add assets that would otherwise be downloaded by sync-assets.js
${sync} ${frontendAssets}/ dist/mempool/browser/resources
runHook postBuild
'';
installPhase = ''
${sync} dist/mempool/browser/ $out
runHook postInstall
'';
passthru = { assets = frontendAssets; };
};
mempool-nginx-conf = runCommand "mempool-nginx-conf" {} ''
${sync} --chmod=u+w ${./nginx-conf}/ $out
${sync} ${src}/production/nginx/http-language.conf $out/mempool
'';
sync = "${rsync}/bin/rsync -a --inplace";
mkDerivationMempool = args: stdenvNoCC.mkDerivation ({
version = src.rev;
inherit src meta;
nativeBuildInputs = [
makeWrapper
nodejs
rsync
];
phases = "unpackPhase patchPhase buildPhase installPhase";
} // args);
fetchFiles = { name, hash, fetcher }: stdenvNoCC.mkDerivation {
inherit name;
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = hash;
nativeBuildInputs = [ curl cacert ];
buildCommand = ''
mkdir $out
cd $out
${builtins.readFile fetcher}
'';
};
meta = with lib; {
description = "Bitcoin blockchain and mempool explorer";
homepage = "https://github.com/mempool/mempool/";
license = licenses.agpl3Plus;
maintainers = with maintainers; [ erikarvstedt ];
platforms = platforms.unix;
};
}

View File

@ -0,0 +1,31 @@
#!/usr/bin/env bash
set -euo pipefail
# Fetch hash-locked versions of assets that are dynamically fetched via
# https://github.com/mempool/mempool/blob/master/frontend/sync-assets.js
# when running `npm run build` in the frontend.
#
# This file is updated by ./frontend-assets-update.sh
declare -A revs=(
["mempool/mining-pools"]=e889230b0924d7d72eb28186db6f96ef94361fa5
["mempool/mining-pool-logos"]=9cb443035878c3f112af97384d624de245afe72d
)
fetchFile() {
repo=$1
file=$2
rev=${revs["$repo"]}
curl -fsS "https://raw.githubusercontent.com/$repo/$rev/$file"
}
fetchRepo() {
repo=$1
rev=${revs["$repo"]}
curl -fsSL "https://github.com/$repo/archive/$rev.tar.gz"
}
# shellcheck disable=SC2094
fetchFile "mempool/mining-pools" pools.json > pools.json
mkdir mining-pools
fetchRepo "mempool/mining-pool-logos" | tar xz --strip-components=1 -C mining-pools

View File

@ -0,0 +1,14 @@
#!/usr/bin/env bash
set -euo pipefail
updateRepoHash() {
repo=$1
echo -n "Fetching latest rev for $repo: "
hash=$(curl -fsS "https://api.github.com/repos/$repo/commits/master" | jq -r '.sha')
echo "$hash"
sed -i -E "s|( +)\[\"$repo(.*)|\1[\"$repo\"]=$hash|" frontend-assets-fetch.sh
}
<frontend-assets-fetch.sh sed -nE 's| +\["([^"]+).*|\1|p' | while read -r repo; do
updateRepoHash "$repo"
done

71
pkgs/mempool/generate.sh Executable file
View File

@ -0,0 +1,71 @@
#!/usr/bin/env nix-shell
#! nix-shell -i bash -p gnupg gnused jq
set -euo pipefail
# Use this to start a debug shell at the location of this statement
# . "${BASH_SOURCE[0]%/*}/../../helper/start-bash-session.sh"
version=2.5.0
# You can also specify a rev instead:
# rev=57eddac7f0b99b4fe84d91c0f4a50a4f7ccfe55f
owner=mempool
repo=https://github.com/$owner/mempool
cd "${BASH_SOURCE[0]%/*}"
updateSrc() {
TMPDIR="$(mktemp -d /tmp/mempool.XXX)"
trap 'rm -rf $TMPDIR' EXIT
# Fetch and verify source
src=$TMPDIR/src
mkdir -p "$src"
if [[ -v rev ]]; then
# Fetch revision
git -C "$src" init
git -C "$src" fetch --depth 1 "$repo" "$rev:src"
git -C "$src" checkout src
else
tag=v$version
# Fetch and GPG-verify version tag
git clone --depth 1 --branch "$tag" -c advice.detachedHead=false $repo "$src"
git -C "$src" checkout tags/$tag
export GNUPGHOME=$TMPDIR
# Fetch wiz' key
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 913C5FF1F579B66CA10378DBA394E332255A6173 2> /dev/null
git -C "$src" verify-tag $tag
rev=$tag
fi
rm -rf "$src"/.git
hash=$(nix hash path "$src")
sed -i "
s|\bowner = .*;|owner = \"$owner\";|
s|\brev = .*;|rev = \"$rev\";|
s|\bhash = .*;|hash = \"$hash\";|
" default.nix
}
updateNodeModulesHash() {
component=$1
echo
echo "Fetching node modules for mempool-$component"
../../helper/update-fixed-output-derivation.sh ./default.nix mempool-"$component" "cd $component"
}
updateFrontendAssets() {
. ./frontend-assets-update.sh
echo
echo "Fetching frontend assets"
../../helper/update-fixed-output-derivation.sh ./default.nix mempool-frontend.assets "frontendAssets"
}
if [[ $# == 0 ]]; then
# Each of these can be run separately
updateSrc
updateFrontendAssets
updateNodeModulesHash backend
updateNodeModulesHash frontend
else
"$@"
fi

View File

@ -0,0 +1,44 @@
# see order of nginx location rules
# https://stackoverflow.com/questions/5238377/nginx-location-priority
# for exact / requests, redirect based on $lang
# cache redirect for 5 minutes
location = / {
if ($lang != '') {
return 302 $scheme://$host/$lang/;
}
try_files /en-US/index.html =404;
expires 5m;
}
# cache /<lang>/main.f40e91d908a068a2.js forever since they never change
location ~ ^/([a-z][a-z])/(.+\..+\.(js|css)) {
try_files $uri =404;
expires 1y;
}
# cache everything else for 5 minutes
location ~ ^/([a-z][a-z])$ {
try_files $uri /$1/index.html /en-US/index.html =404;
expires 5m;
}
location ~ ^/([a-z][a-z])/ {
try_files $uri /$1/index.html /en-US/index.html =404;
expires 5m;
}
# cache /resources/** for 1 week since they don't change often
location /resources {
try_files $uri /en-US/index.html;
expires 1w;
}
# cache /main.f40e91d908a068a2.js forever since they never change
location ~* ^/.+\..+\.(js|css) {
try_files /$lang/$uri /en-US/$uri =404;
expires 1y;
}
# catch-all for all URLs i.e. /address/foo /tx/foo /block/000
# cache 5 minutes since they change frequently
location / {
try_files /$lang/$uri $uri /en-US/$uri /en-US/index.html =404;
expires 5m;
}

View File

@ -0,0 +1,44 @@
access_log /var/log/nginx/access_mempool.log;
error_log /var/log/nginx/error_mempool.log;
root /var/www/mempool/browser;
index index.html;
# enable browser and proxy caching
add_header Cache-Control "public, no-transform";
# vary cache if user changes language preference
add_header Vary Accept-Language;
add_header Vary Cookie;
include mempool/location-static.conf;
# static API docs
location = /api {
try_files $uri $uri/ /en-US/index.html =404;
}
location = /api/ {
try_files $uri $uri/ /en-US/index.html =404;
}
location /api/v1/ws {
proxy_pass http://127.0.0.1:8999/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api/v1 {
proxy_pass http://127.0.0.1:8999/api/v1;
}
location /api/ {
proxy_pass http://127.0.0.1:8999/api/v1/;
}
# mainnet API
location /ws {
proxy_pass http://127.0.0.1:8999/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}

View File

@ -0,0 +1,82 @@
user nobody;
pid /var/run/nginx.pid;
worker_processes auto;
worker_rlimit_nofile 100000;
events {
worker_connections 9000;
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# reset timed out connections freeing ram
reset_timedout_connection on;
# maximum time between packets the client can pause when sending nginx any data
client_body_timeout 10s;
# maximum time the client has to send the entire header to nginx
client_header_timeout 10s;
# timeout which a single keep-alive client connection will stay open
keepalive_timeout 69s;
# maximum time between packets nginx is allowed to pause when sending the client data
send_timeout 69s;
# number of requests per connection, does not affect SPDY
keepalive_requests 1337;
# enable gzip compression
gzip on;
gzip_vary on;
gzip_comp_level 6;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
# text/html is always compressed by gzip module
gzip_types application/javascript application/json application/ld+json application/manifest+json application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard;
# limit request body size
client_max_body_size 10m;
# proxy cache
proxy_cache off;
proxy_cache_path /var/cache/nginx keys_zone=cache:20m levels=1:2 inactive=600s max_size=500m;
types_hash_max_size 2048;
# exempt localhost from rate limit
geo $limited_ip {
default 1;
127.0.0.1 0;
}
map $limited_ip $limited_ip_key {
1 $binary_remote_addr;
0 '';
}
# rate limit requests
limit_req_zone $limited_ip_key zone=api:5m rate=200r/m;
limit_req_zone $limited_ip_key zone=electrs:5m rate=2000r/m;
limit_req_status 429;
# rate limit connections
limit_conn_zone $limited_ip_key zone=websocket:10m;
limit_conn_status 429;
include mempool/http-language.conf;
server {
listen 127.0.0.1:80;
include mempool/mempool.conf;
}
}

View File

@ -0,0 +1,24 @@
{ lib, buildGoModule, fetchFromGitHub }:
buildGoModule rec {
pname = "nostr-wallet-connect";
version = "0.3.0";
src = fetchFromGitHub {
owner = "getalby";
repo = pname;
rev = "v${version}";
hash = "cef8fb278d90c00b6e9345d28e43e9532cae978a";
};
vendorHash = "sha256-iE0nht3PH2R9pTyyrySk759untC7snGt3wTXk4/pjrU=";
ldflags = [ "-s" "-w" ];
meta = with lib; {
description = "Generate QRCode to connect apps to lnd Resources";
license = licenses.mit;
homepage = "https://github.com/LN-Zap/nostr-wallet-connect";
maintainers = [ maintainers.abstractequalibrium ];
platforms = platforms.linux;
};
}

View File

@ -4,21 +4,21 @@ pkgs: pkgsUnstable:
inherit (pkgs)
bitcoin
bitcoind
extra-container
lightning-loop
lightning-pool
lndconnect;
inherit (pkgsUnstable)
btcpayserver
charge-lnd
clightning
electrs
elementsd
fulcrum
extra-container
hwi
lightning-loop
lightning-pool
lnd
lndconnect
nbxplorer;
inherit (pkgsUnstable)
fulcrum;
inherit pkgs pkgsUnstable;
}

View File

@ -1,12 +1,12 @@
{ lib, buildPythonPackage, fetchurl, cython, pytest, coverage }:
{ lib, buildPythonPackageWithDepsCheck, fetchurl, cython, pytest, coverage }:
buildPythonPackage rec {
buildPythonPackageWithDepsCheck rec {
pname = "bencoder.pyx";
version = "2.0.1";
version = "3.0.1";
src = fetchurl {
url = "https://github.com/whtsky/bencoder.pyx/archive/v${version}.tar.gz";
sha256 = "f3ff92ac706a7e4692bed5e6cbe205963327f3076f55e408eb948659923eac72";
url = "https://github.com/whtsky/bencoder.pyx/archive/9a47768f3ceba9df9e6fbaa7c445f59960889009.tar.gz";
sha256 = "1yh565xjbbhn49xjfms80ac8psjbzn66n8dcx0x8mn7zzjv06clz";
};
nativeBuildInputs = [ cython ];

View File

@ -1,5 +1,5 @@
{ lib, buildPythonPackage, fetchFromGitHub, colorama, future, six }:
buildPythonPackage rec {
{ lib, buildPythonPackageWithDepsCheck, fetchFromGitHub, colorama, future, six }:
buildPythonPackageWithDepsCheck rec {
pname = "chromalog";
version = "1.0.5";

View File

@ -1,23 +0,0 @@
{ lib, stdenv, buildPythonPackage, fetchPypi, asn1crypto, cffi, pkg-config,
autoconf, automake, libtool, libffi, requests }:
buildPythonPackage rec {
pname = "coincurve";
version = "17.0.0";
src = fetchPypi {
inherit pname version;
hash = "sha256-aNpVr/iYcClS/aPuBP1u1gu2uR+RnGknB4btdmtUi5M";
};
doCheck = false;
nativeBuildInputs = [ autoconf automake libtool pkg-config ];
propagatedBuildInputs = [ asn1crypto cffi libffi requests ];
meta = with lib; {
description = "Cross-platform Python CFFI bindings for libsecp256k1";
homepage = "https://github.com/ofek/coincurve";
maintainers = with maintainers; [ nixbitcoin ];
license = licenses.asl20;
};
}

View File

@ -3,9 +3,9 @@ rec {
pyPkgsOverrides = self: super: let
inherit (self) callPackage;
clightningPkg = pkg: callPackage pkg { inherit (nbPkgs.pinned) clightning; };
joinmarketPkg = pkg: callPackage pkg { inherit (nbPkgs.joinmarket) version src; };
in
{
coincurve = callPackage ./coincurve {};
txzmq = callPackage ./txzmq {};
pyln-client = clightningPkg ./pyln-client;
@ -13,24 +13,16 @@ rec {
pyln-bolt7 = clightningPkg ./pyln-bolt7;
pylightning = clightningPkg ./pylightning;
# bitstring 3.1.9, required by pyln-proto
bitstring = callPackage ./specific-versions/bitstring.nix {};
# Packages only used by joinmarket
bencoderpyx = callPackage ./bencoderpyx {};
chromalog = callPackage ./chromalog {};
python-bitcointx = callPackage ./python-bitcointx {
inherit (nbPkgs) secp256k1;
openssl = super.pkgs.openssl_1_1;
};
python-bitcointx = callPackage ./python-bitcointx { inherit (nbPkgs) secp256k1; };
runes = callPackage ./runes {};
sha256 = callPackage ./sha256 {};
urldecode = callPackage ./urldecode {};
};
# Joinmarket requires a custom package set because it uses older versions of Python pkgs
pyPkgsOverridesJoinmarket = self: super: let
inherit (self) callPackage;
joinmarketPkg = pkg: callPackage pkg { inherit (nbPkgs.joinmarket) version src; };
in
(pyPkgsOverrides self super) // {
joinmarketbase = joinmarketPkg ./jmbase;
joinmarketclient = joinmarketPkg ./jmclient;
joinmarketbitcoin = joinmarketPkg ./jmbitcoin;
@ -38,29 +30,24 @@ rec {
## Specific versions of packages that already exist in nixpkgs
# cryptography 3.3.2, required by joinmarketdaemon
cryptography = callPackage ./specific-versions/cryptography {
openssl = super.pkgs.openssl_1_1;
cryptography_vectors = callPackage ./specific-versions/cryptography/vectors.nix {};
};
# autobahn 20.12.3, required by joinmarketclient
autobahn = callPackage ./specific-versions/autobahn.nix {};
# pyopenssl 20.0.1, required by joinmarketdaemon
pyopenssl = callPackage ./specific-versions/pyopenssl.nix {
openssl = super.pkgs.openssl_1_1;
};
# twisted 22.4.0, compatible with pyopenssl 20.0.1
twisted = callPackage ./specific-versions/twisted.nix {};
# A version of `buildPythonPackage` which checks that Python package
# requirements are met.
# This was the case for NixOS <= 23.05.
# TODO-EXTERNAL: Remove when this is resolved:
# https://github.com/NixOS/nixpkgs/issues/253131
buildPythonPackageWithDepsCheck = attrs:
self.buildPythonPackage (attrs // {
dontUsePypaInstall = true;
nativeBuildInputs = (attrs.nativeBuildInputs or []) ++ [ self.pipInstallHook ];
});
};
nbPython3Packages = (python3.override {
packageOverrides = pyPkgsOverrides;
}).pkgs;
nbPython3PackagesJoinmarket = (python3.override {
packageOverrides = pyPkgsOverridesJoinmarket;
}).pkgs;
nbPython3PackagesJoinmarket = nbPython3Packages;
}

View File

@ -1,12 +1,24 @@
{ version, src, lib, buildPythonPackage, fetchurl, future, twisted, service-identity, chromalog, txtorcon }:
{ version, src, lib, buildPythonPackageWithDepsCheck, fetchurl, future, twisted, service-identity, chromalog, txtorcon, pyaes }:
buildPythonPackage rec {
buildPythonPackageWithDepsCheck rec {
pname = "joinmarketbase";
inherit version src;
postUnpack = "sourceRoot=$sourceRoot/jmbase";
propagatedBuildInputs = [ future twisted service-identity chromalog txtorcon ];
propagatedBuildInputs = [ future twisted service-identity chromalog txtorcon pyaes ];
patchPhase = ''
sed -i 's|twisted==22.4.0|twisted==23.8.0|' setup.py
sed -i 's|service-identity==21.1.0|service-identity==23.1.0|' setup.py
'';
# Has no tests
doCheck = false;
pythonImportsCheck = [
"jmbase"
];
meta = with lib; {
homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver";

View File

@ -1,15 +1,24 @@
{ version, src, lib, buildPythonPackage, fetchurl, urldecode, pyaes, python-bitcointx, joinmarketbase }:
{ version, src, lib, buildPythonPackageWithDepsCheck, fetchurl, python-bitcointx, joinmarketbase, pytestCheckHook }:
buildPythonPackage rec {
buildPythonPackageWithDepsCheck rec {
pname = "joinmarketbitcoin";
inherit version src;
postUnpack = "sourceRoot=$sourceRoot/jmbitcoin";
propagatedBuildInputs = [ urldecode pyaes python-bitcointx ];
propagatedBuildInputs = [ python-bitcointx ];
checkInputs = [ joinmarketbase ];
nativeCheckInputs = [
pytestCheckHook
];
patchPhase = ''
substituteInPlace setup.py \
--replace "'python-bitcointx==1.1.3'" "'python-bitcointx==1.1.4'"
'';
meta = with lib; {
homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver";
maintainers = with maintainers; [ nixbitcoin ];

View File

@ -1,22 +1,63 @@
{ version, src, lib, buildPythonPackage, fetchurl, future, configparser, joinmarketbase, joinmarketdaemon, mnemonic, argon2_cffi, bencoderpyx, pyaes, joinmarketbitcoin, klein, pyjwt, autobahn }:
{
pipBuildHook
, version
, src
, lib
, buildPythonPackageWithDepsCheck
, argon2_cffi
, autobahn
, bencoderpyx
, configparser
, fetchurl
, future
, joinmarketbase
, joinmarketbitcoin
, joinmarketdaemon
, klein
, mnemonic
, pyjwt
, werkzeug
}:
buildPythonPackage rec {
buildPythonPackageWithDepsCheck rec {
pname = "joinmarketclient";
inherit version src;
postUnpack = "sourceRoot=$sourceRoot/jmclient";
checkInputs = [ joinmarketbitcoin joinmarketdaemon ];
propagatedBuildInputs = [ future configparser joinmarketbase mnemonic argon2_cffi bencoderpyx pyaes klein pyjwt autobahn ];
propagatedBuildInputs = [
argon2_cffi
autobahn
bencoderpyx
configparser
future
joinmarketbase
joinmarketbitcoin
joinmarketdaemon
klein
mnemonic
pyjwt
werkzeug
];
patchPhase = ''
substituteInPlace setup.py \
--replace "'klein==20.6.0'" "'klein>=20.6.0'"
substituteInPlace setup.py \
--replace "'pyjwt==2.4.0'" "'pyjwt==2.5.0'"
--replace "'argon2_cffi==21.3.0'" "'argon2_cffi==23.1.0'"
substituteInPlace setup.py \
--replace "'pyjwt==2.4.0'" "'pyjwt==2.8.0'"
substituteInPlace setup.py \
--replace "'werkzeug==2.2.3'" "'werkzeug==2.3.7'"
'';
# The unit tests can't be run in a Nix build environment
doCheck = false;
pythonImportsCheck = [
"jmclient"
];
meta = with lib; {
description = "Client library for Bitcoin coinjoins";
homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver";

View File

@ -1,6 +1,6 @@
{ version, src, lib, buildPythonPackage, fetchurl, txtorcon, cryptography, pyopenssl, libnacl, joinmarketbase }:
{ version, src, lib, buildPythonPackageWithDepsCheck, fetchurl, txtorcon, cryptography, pyopenssl, libnacl, joinmarketbase }:
buildPythonPackage rec {
buildPythonPackageWithDepsCheck rec {
pname = "joinmarketdaemon";
inherit version src;
@ -8,6 +8,22 @@ buildPythonPackage rec {
propagatedBuildInputs = [ txtorcon cryptography pyopenssl libnacl joinmarketbase ];
patchPhase = ''
substituteInPlace setup.py \
--replace "'txtorcon==22.0.0'" "'txtorcon==23.5.0'"
substituteInPlace setup.py \
--replace "'libnacl==1.8.0'" "'libnacl==2.1.0'"
substituteInPlace setup.py \
--replace "'cryptography==41.0.2" "'cryptography==41.0.3"
'';
# The unit tests can't be run in a Nix build environment
doCheck = false;
pythonImportsCheck = [
"jmdaemon"
];
meta = with lib; {
description = "Client library for Bitcoin coinjoins";
homepage = "https://github.com/Joinmarket-Org/joinmarket-clientserver";

View File

@ -1,6 +1,6 @@
{ buildPythonPackage, clightning, pyln-client }:
{ buildPythonPackageWithDepsCheck, clightning, pyln-client }:
buildPythonPackage rec {
buildPythonPackageWithDepsCheck rec {
pname = "pylightning";
version = "0.10.1"; # defined in ${src}/contrib/pyln-client/pyln/client/__init__.py

View File

@ -1,6 +1,6 @@
{ buildPythonPackage, poetry-core, pytestCheckHook, clightning, pyln-proto }:
{ buildPythonPackageWithDepsCheck, poetry-core, pytestCheckHook, clightning, pyln-proto }:
buildPythonPackage rec {
buildPythonPackageWithDepsCheck rec {
pname = "pyln-bolt7";
# The version is defined here:
# https://github.com/ElementsProject/lightning/blob/master/contrib/pyln-spec/bolt7/pyproject.toml

View File

@ -1,6 +1,6 @@
{ buildPythonPackage, poetry-core, pytestCheckHook, clightning, pyln-bolt7, pyln-proto }:
{ buildPythonPackageWithDepsCheck, poetry-core, pytestCheckHook, clightning, pyln-bolt7, pyln-proto }:
buildPythonPackage rec {
buildPythonPackageWithDepsCheck rec {
pname = "pyln-client";
version = clightning.version;
format = "pyproject";

View File

@ -1,4 +1,4 @@
{ buildPythonPackage
{ buildPythonPackageWithDepsCheck
, clightning
, poetry-core
, pytestCheckHook
@ -6,9 +6,10 @@
, cryptography
, coincurve
, base58
, pysocks
}:
buildPythonPackage rec {
buildPythonPackageWithDepsCheck rec {
pname = "pyln-proto";
version = clightning.version;
format = "pyproject";
@ -22,13 +23,10 @@ buildPythonPackage rec {
cryptography
coincurve
base58
pysocks
];
checkInputs = [ pytestCheckHook ];
postUnpack = "sourceRoot=$sourceRoot/contrib/pyln-proto";
postPatch = ''
sed -i 's|cryptography = "^36.0.1"|cryptography = "^38.0.0"|' pyproject.toml
'';
}

View File

@ -1,12 +1,14 @@
{ lib, buildPythonPackage, fetchurl, secp256k1, openssl }:
{ lib, buildPythonPackageWithDepsCheck, fetchFromGitHub, secp256k1 }:
buildPythonPackage rec {
buildPythonPackageWithDepsCheck rec {
pname = "python-bitcointx";
version = "1.1.3";
version = "1.1.4";
src = fetchurl {
url = "https://github.com/Simplexum/${pname}/archive/${pname}-v${version}.tar.gz";
sha256 = "f0f487c29619df0e94a04f6deb3dc950ff9954c072017bd3eda90f73c24f0953";
src = fetchFromGitHub {
owner = "Simplexum";
repo = "python-bitcointx";
rev = "python-bitcointx-v${version}";
hash = "sha256-y8/cyLQr3GbpYqCg8LKTfyL0OX7eIo5AxjdFTWTqHmk=";
};
patchPhase = ''
@ -14,8 +16,6 @@ buildPythonPackage rec {
substituteInPlace "bitcointx/$path" \
--replace "ctypes.util.find_library('secp256k1')" "'${secp256k1}/lib/libsecp256k1.so'"
done
substituteInPlace bitcointx/core/key.py \
--replace "ctypes.util.find_library('ssl')" "'${openssl.out}/lib/libssl.so'"
'';
meta = with lib; {

View File

@ -9,7 +9,7 @@ cd "$TMPDIR"
echo "Fetching latest release"
git clone https://github.com/simplexum/python-bitcointx 2> /dev/null
cd python-bitcointx
latest=python-bitcointx-v1.1.3
latest=python-bitcointx-v1.1.4
echo "Latest release is ${latest}"
# GPG verification
@ -19,6 +19,8 @@ gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys B17A35BBA187395784E2A6B3
echo "Verifying latest release"
git verify-commit "$latest"
git checkout -q "tags/$latest"
rm -rf .git
echo "tag: $latest"
# The prefix option is necessary because GitHub prefixes the archive contents in this format
echo "sha256: $(git archive --format tar.gz --prefix=python-bitcointx-"$latest"/ "$latest" | sha256sum | cut -d\ -f1)"
nix hash path .

View File

@ -1,6 +1,6 @@
{ sha256, lib, buildPythonPackage, fetchFromGitHub }:
{ sha256, lib, buildPythonPackageWithDepsCheck, fetchFromGitHub }:
buildPythonPackage {
buildPythonPackageWithDepsCheck {
pname = "runes";
version = "0.4.0";

View File

@ -1,6 +1,6 @@
{ lib, buildPythonPackage, fetchFromGitHub, cython }:
{ lib, buildPythonPackageWithDepsCheck, fetchFromGitHub, cython }:
buildPythonPackage rec {
buildPythonPackageWithDepsCheck rec {
pname = "sha256";
version = builtins.substring 0 8 src.rev;

View File

@ -0,0 +1,40 @@
{ lib
, buildPythonPackage
, fetchFromGitHub
, fetchpatch
, unittestCheckHook
}:
buildPythonPackage rec {
pname = "bitstring";
version = "3.1.9";
src = fetchFromGitHub {
owner = "scott-griffiths";
repo = pname;
rev = "bitstring-${version}";
sha256 = "0y2kcq58psvl038r6dhahhlhp1wjgr5zsms45wyz1naq6ri8x9qa";
};
patches = [
(fetchpatch {
name = "fix-running-unit-tests-using-unittest-hook.patch";
url = "https://github.com/scott-griffiths/bitstring/commit/e5ee3fd41cad2ea761f4450b13b0424ae7262331.patch";
hash = "sha256-+ZGywIfQQcYXJlYZBi402ONnysYm66G5zE4duJE40h8=";
})
];
checkInputs = [ unittestCheckHook ];
unittestFlagsArray = [ "-s" "test" ];
pythonImportsCheck = [ "bitstring" ];
meta = with lib; {
description = "Module for binary data manipulation";
homepage = "https://github.com/scott-griffiths/bitstring";
license = licenses.mit;
platforms = platforms.unix;
maintainers = with maintainers; [ bjornfor ];
};
}

View File

@ -1,83 +0,0 @@
# Copied from nixpkgs rev c7d0dbe094c988209edac801eb2a0cc21aa498d8
{ lib, stdenv
, buildPythonPackage
, fetchPypi
, fetchpatch
, isPy27
, ipaddress
, openssl
, cryptography_vectors
, darwin
, packaging
, six
, pythonOlder
, isPyPy
, cffi
, pytest
, pretend
, iso8601
, pytz
, hypothesis
, enum34
}:
buildPythonPackage rec {
pname = "cryptography";
version = "3.3.2"; # Also update the hash in vectors.nix
src = fetchPypi {
inherit pname version;
sha256 = "1vcvw4lkw1spiq322pm1256kail8nck6bbgpdxx3pqa905wd6q2s";
};
outputs = [ "out" "dev" ];
nativeBuildInputs = lib.optionals (!isPyPy) [
cffi
];
buildInputs = [ openssl ]
++ lib.optional stdenv.isDarwin darwin.apple_sdk.frameworks.Security;
propagatedBuildInputs = [
packaging
six
] ++ lib.optionals (!isPyPy) [
cffi
] ++ lib.optionals isPy27 [
ipaddress enum34
];
checkInputs = [
cryptography_vectors
hypothesis
iso8601
pretend
pytest
pytz
];
checkPhase = ''
py.test --disable-pytest-warnings tests
'';
# IOKit's dependencies are inconsistent between OSX versions, so this is the best we
# can do until nix 1.11's release
__impureHostDeps = [ "/usr/lib" ];
meta = with lib; {
description = "A package which provides cryptographic recipes and primitives";
longDescription = ''
Cryptography includes both high level recipes and low level interfaces to
common cryptographic algorithms such as symmetric ciphers, message
digests, and key derivation functions.
Our goal is for it to be your "cryptographic standard library". It
supports Python 2.7, Python 3.5+, and PyPy 5.4+.
'';
homepage = "https://github.com/pyca/cryptography";
changelog = "https://cryptography.io/en/latest/changelog/#v"
+ replaceStrings [ "." ] [ "-" ] version;
license = with licenses; [ asl20 bsd3 psfl ];
maintainers = with maintainers; [ primeos ];
};
}

View File

@ -1,25 +0,0 @@
# Copied from nixpkgs rev c7d0dbe094c988209edac801eb2a0cc21aa498d8
{ buildPythonPackage, fetchPypi, lib, cryptography }:
buildPythonPackage rec {
pname = "cryptography_vectors";
# The test vectors must have the same version as the cryptography package:
version = cryptography.version;
src = fetchPypi {
inherit pname version;
sha256 = "1yhaps0f3h2yjb6lmz953z1l1d84y9swk4k3gj9nqyk4vbx5m7cc";
};
# No tests included
doCheck = false;
meta = with lib; {
description = "Test vectors for the cryptography package";
homepage = "https://cryptography.io/en/latest/development/test-vectors/";
# Source: https://github.com/pyca/cryptography/tree/master/vectors;
license = with licenses; [ asl20 bsd3 ];
maintainers = with maintainers; [ primeos ];
};
}

View File

@ -1,92 +0,0 @@
{ lib
, stdenv
, buildPythonPackage
, fetchPypi
, openssl
, cryptography
, pyasn1
, idna
, pytest
, pretend
, flaky
, glibcLocales
, six
}:
let
# https://github.com/pyca/pyopenssl/issues/791
# These tests, we disable in the case that libressl is passed in as openssl.
failingLibresslTests = [
"test_op_no_compression"
"test_npn_advertise_error"
"test_npn_select_error"
"test_npn_client_fail"
"test_npn_success"
"test_use_certificate_chain_file_unicode"
"test_use_certificate_chain_file_bytes"
"test_add_extra_chain_cert"
"test_set_session_id_fail"
"test_verify_with_revoked"
"test_set_notAfter"
"test_set_notBefore"
];
# these tests are extremely tightly wed to the exact output of the openssl cli tool,
# including exact punctuation.
failingOpenSSL_1_1Tests = [
"test_dump_certificate"
"test_dump_privatekey_text"
"test_dump_certificate_request"
"test_export_text"
];
disabledTests = [
# https://github.com/pyca/pyopenssl/issues/692
# These tests, we disable always.
"test_set_default_verify_paths"
"test_fallback_default_verify_paths"
# https://github.com/pyca/pyopenssl/issues/768
"test_wantWriteError"
] ++ (
lib.optionals (lib.hasPrefix "libressl" openssl.meta.name) failingLibresslTests
) ++ (
lib.optionals (lib.versionAtLeast (lib.getVersion openssl.name) "1.1") failingOpenSSL_1_1Tests
) ++ (
# https://github.com/pyca/pyopenssl/issues/974
lib.optionals stdenv.is32bit [ "test_verify_with_time" ]
);
# Compose the final string expression, including the "-k" and the single quotes.
testExpression = lib.optionalString (disabledTests != [])
"-k 'not ${lib.concatStringsSep " and not " disabledTests}'";
in
buildPythonPackage rec {
pname = "pyopenssl";
version = "20.0.1";
src = fetchPypi {
pname = "pyOpenSSL";
inherit version;
sha256 = "4c231c759543ba02560fcd2480c48dcec4dae34c9da7d3747c508227e0624b51";
};
outputs = [ "out" "dev" ];
checkPhase = ''
runHook preCheck
export LANG="en_US.UTF-8"
py.test tests ${testExpression}
runHook postCheck
'';
# Seems to fail unpredictably on Darwin. See https://hydra.nixos.org/build/49877419/nixlog/1
# for one example, but I've also seen ContextTests.test_set_verify_callback_exception fail.
doCheck = !stdenv.isDarwin;
nativeBuildInputs = [ openssl ];
propagatedBuildInputs = [ cryptography pyasn1 idna six ];
checkInputs = [ pytest pretend flaky glibcLocales ];
}

View File

@ -1,173 +0,0 @@
{ lib
, stdenv
, buildPythonPackage
, pythonOlder
, fetchPypi
, python
, appdirs
, attrs
, automat
, bcrypt
, constantly
, contextvars
, cryptography
, git
, glibcLocales
, h2
, hyperlink
, idna
, incremental
, priority
, pyasn1
, pyhamcrest
, pynacl
, pyopenssl
, pyserial
, service-identity
, setuptools
, typing-extensions
, zope_interface
# for passthru.tests
, cassandra-driver
, klein
, magic-wormhole
, scrapy
, treq
, txaio
, txamqp
, txrequests
, txtorcon
, thrift
, nixosTests
}:
buildPythonPackage rec {
pname = "twisted";
version = "22.4.0";
format = "setuptools";
disabled = pythonOlder "3.6";
src = fetchPypi {
pname = "Twisted";
inherit version;
extension = "tar.gz";
sha256 = "sha256-oEeZD1ffrh4L0rffJSbU8W3NyEN3TcEIt4xS8qXxNoA=";
};
__darwinAllowLocalNetworking = true;
propagatedBuildInputs = [
attrs
automat
constantly
hyperlink
incremental
setuptools
typing-extensions
zope_interface
];
postPatch = ''
echo 'ListingTests.test_localeIndependent.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
echo 'ListingTests.test_newFile.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
echo 'ListingTests.test_newSingleDigitDayOfMonth.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
echo 'ListingTests.test_oldFile.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
echo 'ListingTests.test_oldSingleDigitDayOfMonth.skip = "Timezone issue"'>> src/twisted/conch/test/test_cftp.py
echo 'PTYProcessTestsBuilder_AsyncioSelectorReactorTests.test_openFileDescriptors.skip = "invalid syntax"'>> src/twisted/internet/test/test_process.py
echo 'PTYProcessTestsBuilder_SelectReactorTests.test_openFileDescriptors.skip = "invalid syntax"'>> src/twisted/internet/test/test_process.py
echo 'UNIXTestsBuilder_AsyncioSelectorReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py
echo 'UNIXTestsBuilder_SelectReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py
echo 'FileObserverTests.test_getTimezoneOffsetEastOfUTC.skip = "mktime argument out of range"'>> src/twisted/test/test_log.py
echo 'FileObserverTests.test_getTimezoneOffsetWestOfUTC.skip = "mktime argument out of range"'>> src/twisted/test/test_log.py
echo 'FileObserverTests.test_getTimezoneOffsetWithoutDaylightSavingTime.skip = "tuple differs, values not"'>> src/twisted/test/test_log.py
echo 'MulticastTests.test_joinLeave.skip = "No such device"'>> src/twisted/test/test_udp.py
echo 'MulticastTests.test_loopback.skip = "No such device"'>> src/twisted/test/test_udp.py
echo 'MulticastTests.test_multicast.skip = "Reactor was unclean"'>> src/twisted/test/test_udp.py
echo 'MulticastTests.test_multiListen.skip = "No such device"'>> src/twisted/test/test_udp.py
echo 'DomishExpatStreamTests.test_namespaceWithWhitespace.skip = "syntax error: line 1, column 0"'>> src/twisted/words/test/test_domish.py
# not packaged
substituteInPlace src/twisted/test/test_failure.py \
--replace "from cython_test_exception_raiser import raiser # type: ignore[import]" "raiser = None"
'' + lib.optionalString stdenv.isLinux ''
echo 'PTYProcessTestsBuilder_EPollReactorTests.test_openFileDescriptors.skip = "invalid syntax"'>> src/twisted/internet/test/test_process.py
echo 'PTYProcessTestsBuilder_PollReactorTests.test_openFileDescriptors.skip = "invalid syntax"'>> src/twisted/internet/test/test_process.py
echo 'UNIXTestsBuilder_EPollReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py
echo 'UNIXTestsBuilder_PollReactorTests.test_sendFileDescriptorTriggersPauseProducing.skip = "sendFileDescriptor producer was not paused"'>> src/twisted/internet/test/test_unix.py
# Patch t.p._inotify to point to libc. Without this,
# twisted.python.runtime.platform.supportsINotify() == False
substituteInPlace src/twisted/python/_inotify.py --replace \
"ctypes.util.find_library(\"c\")" "'${stdenv.cc.libc}/lib/libc.so.6'"
'' + lib.optionalString (stdenv.isAarch64 && stdenv.isDarwin) ''
echo 'AbortConnectionTests_AsyncioSelectorReactorTests.test_fullWriteBufferAfterByteExchange.skip = "Timeout after 120 seconds"' >> src/twisted/internet/test/test_tcp.py
echo 'AbortConnectionTests_AsyncioSelectorReactorTests.test_resumeProducingAbort.skip = "Timeout after 120 seconds"' >> src/twisted/internet/test/test_tcp.py
'';
# Generate Twisted's plug-in cache. Twisted users must do it as well. See
# http://twistedmatrix.com/documents/current/core/howto/plugin.html#auto3
# and http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=477103 for details.
postFixup = ''
$out/bin/twistd --help > /dev/null
'';
checkInputs = [
git
glibcLocales
pyhamcrest
]
++ passthru.optional-dependencies.conch
# not supported on aarch64-darwin: https://github.com/pyca/pyopenssl/issues/873
++ lib.optionals (!(stdenv.isDarwin && stdenv.isAarch64)) passthru.optional-dependencies.tls;
checkPhase = ''
export SOURCE_DATE_EPOCH=315532800
export PATH=$out/bin:$PATH
# race conditions when running in paralell
${python.interpreter} -m twisted.trial twisted
'';
passthru = {
optional-dependencies = rec {
conch = [ appdirs bcrypt cryptography pyasn1 ];
conch_nacl = conch ++ [ pynacl ];
contextvars = lib.optionals (pythonOlder "3.7") [ contextvars ];
http2 = [ h2 priority ];
serial = [ pyserial ];
tls = [ idna pyopenssl service-identity ];
};
tests = {
inherit
cassandra-driver
klein
magic-wormhole
scrapy
treq
txaio
txamqp
txrequests
txtorcon
thrift;
inherit (nixosTests) buildbot matrix-synapse;
};
};
meta = with lib; {
homepage = "https://github.com/twisted/twisted";
description = "Twisted, an event-driven networking engine written in Python";
longDescription = ''
Twisted is an event-driven networking engine written in Python
and licensed under the MIT license.
'';
license = licenses.mit;
maintainers = with maintainers; [ SuperSandro2000 ];
};
}

View File

@ -1,8 +1,9 @@
{ lib
, buildPythonPackage
, fetchPypi
, twisted
, pyzmq
, setuptools
, twisted
}:
buildPythonPackage rec {
@ -16,8 +17,9 @@ buildPythonPackage rec {
};
propagatedBuildInputs = [
twisted
pyzmq
setuptools
twisted
];
meta = with lib; {

View File

@ -1,16 +0,0 @@
{ lib, buildPythonPackage, fetchPypi }:
buildPythonPackage rec {
pname = "urldecode";
version = "0.1";
src = fetchPypi {
inherit pname version;
sha256 = "0w8my7kdwxppsfzzi1b2cxhypm6r1fsrnb2hnd752axq4gfsddjj";
};
meta = with lib; {
description = "A simple function to decode an encoded url";
homepage = "https://github.com/jennyq/urldecode";
maintainers = with maintainers; [ nixbitcoin ];
};
}

View File

@ -1,7 +1,7 @@
{ lib
, stdenvNoCC
, nodejs-16_x
, nodejs-slim-16_x
, nodejs-18_x
, nodejs-slim-18_x
, fetchNodeModules
, fetchpatch
, fetchurl
@ -10,23 +10,23 @@
}:
let self = stdenvNoCC.mkDerivation {
pname = "rtl";
version = "0.13.6";
version = "0.14.1";
src = fetchurl {
url = "https://github.com/Ride-The-Lightning/RTL/archive/refs/tags/v${self.version}.tar.gz";
hash = "sha256-eyRM28h2TV3IyW4hDPHj/wMJxLEZin7AqWQZGQt5mV4=";
hash = "sha256-sbV7d/imdCXglpAS3hh7fETvSxMzegi63AfbS1imqbk=";
};
passthru = {
nodejs = nodejs-16_x;
nodejsRuntime = nodejs-slim-16_x;
nodejs = nodejs-18_x;
nodejsRuntime = nodejs-slim-18_x;
nodeModules = fetchNodeModules {
inherit (self) src nodejs;
# TODO-EXTERNAL: Remove `npmFlags` when no longer required
# See: https://github.com/Ride-The-Lightning/RTL/issues/1182
npmFlags = "--legacy-peer-deps";
hash = "sha256-C4yK6deYXPrTa383aXiHoO0w3JAMIfAaESCEy9KKY2k=";
hash = "sha256-0fu14j4OvsYGBhu/p67EUFmuHCbIPlLVm4e8qd9tk3o=";
};
};

View File

@ -2,7 +2,7 @@
set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "gnupg wget gnused" "$@"
version="0.13.6"
version="0.14.1"
repo=https://github.com/Ride-The-Lightning/RTL
scriptDir=$(cd "${BASH_SOURCE[0]%/*}" && pwd)

View File

@ -1,17 +0,0 @@
# This file has been generated by node2nix 1.9.0. Do not edit!
{pkgs ? import <nixpkgs> {
inherit system;
}, system ? builtins.currentSystem, nodejs ? pkgs."nodejs-14_x"}:
let
nodeEnv = import (pkgs.path + "/pkgs/development/node-packages/node-env.nix") {
inherit (pkgs) stdenv lib python2 runCommand writeTextFile writeShellScript;
inherit pkgs nodejs;
libtool = if pkgs.stdenv.isDarwin then pkgs.darwin.cctools else null;
};
in
import ./node-packages.nix {
inherit (pkgs) fetchurl nix-gitignore stdenv lib fetchgit;
inherit nodeEnv;
}

View File

@ -1,16 +0,0 @@
{ pkgs, lib }:
let
nodePackages = import ./composition.nix { inherit pkgs; };
in
nodePackages.package.override {
# Required because spark-wallet uses `npm-shrinkwrap.json` as the lock file
reconstructLock = true;
meta = with lib; {
description = "A minimalistic wallet GUI for c-lightning";
homepage = "https://github.com/shesek/spark-wallet";
license = licenses.mit;
maintainers = with maintainers; [ nixbitcoin erikarvstedt ];
platforms = platforms.unix;
};
}

View File

@ -1,58 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
. "${BASH_SOURCE[0]%/*}/../../helper/run-in-nix-env" "nodePackages.node2nix gnupg wget jq moreutils gnused" "$@"
TMPDIR=$(mktemp -d -p /tmp)
trap 'rm -rf $TMPDIR' EXIT
version="0.3.1"
repo=https://github.com/shesek/spark-wallet
# Fetch and verify source tarball
file=spark-wallet-${version}-npm.tgz
url=$repo/releases/download/v${version}/$file
export GNUPGHOME=$TMPDIR
gpg --keyserver hkps://keyserver.ubuntu.com --recv-key FCF19B67866562F08A43AAD681F6104CD0F150FC
wget -P "$TMPDIR" "$url"
wget -P "$TMPDIR" "$repo/releases/download/v${version}/SHA256SUMS.asc"
gpg --verify "$TMPDIR/SHA256SUMS.asc"
(cd "$TMPDIR"; sha256sum --check --ignore-missing SHA256SUMS.asc)
hash=$(nix hash file "$TMPDIR/$file")
# Extract source
src=$TMPDIR/src
mkdir "$src"
tar xvf "$TMPDIR/$file" -C "$src" --strip-components 1 >/dev/null
# Make qrcode-terminal a strict dependency so that node2nix includes it in the package derivation.
jq '.dependencies["qrcode-terminal"] = .optionalDependencies["qrcode-terminal"]' "$src/package.json" | sponge "$src/package.json"
node2nix \
--nodejs-14 \
--input "$src/package.json" \
--lock "$src/npm-shrinkwrap.json" \
--composition composition.nix \
--no-copy-node-env
# Use node-env.nix from nixpkgs
# shellcheck disable=SC2016
nodeEnvImport='import "${toString pkgs.path}/pkgs/development/node-packages/node-env.nix"'
sed -i "s|import ./node-env.nix|$nodeEnvImport|" composition.nix
# Use the verified package src
read -rd '' fetchurl <<EOF || :
fetchurl {
url = "$url";
hash = "$hash";
};
EOF
sed -i "
# Use the verified package src
s|src = .*/src;|src = ${fetchurl//$'\n'/\\n}|
# github: use HTTPS instead of SSH, which requires user authentication
s|git+ssh://git@|https://|
s|ssh://git@|https://|
s|\.git#|#|
" node-packages.nix

File diff suppressed because it is too large Load Diff

Some files were not shown because too many files have changed in this diff Show More