Commit Graph

99 Commits

Author SHA1 Message Date
Jonas Nick
75e54bbb90
spark-wallet: remove package and module 2023-06-02 10:50:11 +00:00
Erik Arvstedt
519ae31202
netns-isolation: improve formatting 2023-02-02 10:51:41 +01:00
Erik Arvstedt
a1023696e6
netns-isolation: reserve netns id for mempool
This allows using the old id in the extension flake, so that
existing configs are not changed.
2023-02-02 10:51:41 +01:00
Erik Arvstedt
109dccca27
treewide: use mdDoc for descriptions
Enable markdown syntax (instead of docbook) for descriptions.
This only affects external doc tooling that renders the descriptions.
2022-12-18 20:01:52 +01:00
Jonas Nick
34c4b61402
Merge fort-nix/nix-bitcoin#504: Add fulcrum module
7d7f2df006 fulcrum: add module (Erik Arvstedt)
edd8bd311c bitcoind-rpc-public-whitelist: add `ping`, `help` (Erik Arvstedt)
f946a7cd9b examples: use `mkDefault` for setting `system.stateVersion` (Erik Arvstedt)
79994d0bd2 tests: increase postgresql startup timeout (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  nixbitcoin:
    ACK 7d7f2df006

Tree-SHA512: 866f0a40bb81ceb2008e6efbd415eeee201b9e56aa5ebc60fd1bb4b6eda300155faaa2e6492d8145b3c6084b1e8ef5ec7d4e0ff694beb328d2e5ed755c9d04b4
2022-07-22 13:11:40 +00:00
Erik Arvstedt
8dc4858872
bitcoind: remove banlist loader
Gmaxwell's banlist (https://people.xiph.org/~greg/banlist.cli.txt) is
no longer maintained and hasn't been updated since 2 years.
2022-07-15 14:45:37 +02:00
Erik Arvstedt
7d7f2df006
fulcrum: add module 2022-07-09 11:07:09 +02:00
nixbitcoin
cb295d1a16
joinmarket: 0.9.5 -> 0.9.6 2022-06-03 08:56:35 +00:00
Erik Arvstedt
ff228a604d
rtl: change nodes options
- Move option `rtl.nodes.{lnd,clightning}` -> `rtl.nodes.{lnd,clightning}.enable`
  This is required by the next commit.

- Move option `rtl.loop` -> `rtl.nodes.lnd.loop`

- Only enable loop when `nodes.lnd` is enabled
2022-05-15 21:25:32 +02:00
Erik Arvstedt
acf5fe69ad
add standalone clightning-rest service
- Rename `services.rtl.cl-rest` to `services.clightning-rest`.
  `clightning-rest` is generally useful for connecting external REST clients
  to clightning.

- Add a dedicated network namespace in netns-isolation.

- Add nodeinfo entry.

- Add datadir (which contains REST auth data) to backups.
2022-05-06 16:26:40 +02:00
Erik Arvstedt
71e9864060
netns-isolation: add compatibility with 21.11
`security.wrappers` now requires `group` be defined.
2021-12-10 12:16:09 +00:00
Erik Arvstedt
def64a73b8
treewide: use TODO-EXTERNAL
Use TODO-EXTERNAL for TODOs that depend on external factors like
upstream fixes.
2021-11-29 13:47:48 +01:00
Erik Arvstedt
6f37bef2a3
netns-isolation: simplify firewall setup
Set all allowed INPUT/OUTPUT addresses in a single `iptables` command.
2021-11-29 13:47:48 +01:00
Erik Arvstedt
9bda7305fd
services: add tor.* options
Split `enforceTor` into `tor.proxy` and `tor.enforce`.
By enabling `tor.proxy` without `tor.enforce`, a service can accept
incoming clearnet connections.
E.g., this allows setting up a Tor-proxied bitcoind node that accepts
RPC connections from LAN.
2021-11-29 13:22:43 +01:00
Erik Arvstedt
c6fe017aeb
netns-isolation: avoid creating service files for disabled services
Only set the `serviceConfig` option when the service is enabled.
Otherwise a service file is created.
2021-11-29 13:22:43 +01:00
Erik Arvstedt
8aa28da110
remove recurring-donations module
This module has failed to evaluate for quite some time.
We might bring it back someday with bolt12 and LNURL support.
2021-11-28 21:18:39 +01:00
Jonas Nick
6673c8245c
Merge fort-nix/nix-bitcoin#423: Misc. improvements
4a74b7de08 clightning: work around unsupported seccomp syscall (Erik Arvstedt)
38a843d005 clightning: update python pkgs to new version (Erik Arvstedt)
6ad7107ddb update nixpkgs (Erik Arvstedt)
f58d67677e netns-isolation: separate host and netns setup (Erik Arvstedt)
cb6e5ef702 netns-isolation: fix routing issues due to netns restarting (Erik Arvstedt)
7f77147b60 makeShell: minor improvements (Erik Arvstedt)
a5730eb736 makeShell: make the help msg a shell derivation variable (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK 4a74b7de08

Tree-SHA512: 75454b51db6d7ab41590d8579e0a5136e5ac1be78d5c2f547c6ef1982c0de679968879bb9bac57dd66413f59a4659236601ab75414486b0137c7c43d73d22759
2021-11-10 21:57:16 +00:00
nixbitcoin
f569227410
rtl: add module 2021-11-09 14:13:42 +00:00
Erik Arvstedt
f58d67677e
netns-isolation: separate host and netns setup
- Improves readability

- `netns exec ...` (called via `netnsIptables`) incurs a large
  overhead: In addition to netns switching, a mount namespace
  is setup and populated with the contents of /etc/netns/<ns>/.
  Instead, simply run `nsenter`.
2021-11-08 12:46:28 +01:00
Erik Arvstedt
cb6e5ef702
netns-isolation: fix routing issues due to netns restarting
Previously, restarting a service implied restarting its netns.
For unknown reasons, this sometimes caused the netns-local address
to not be routable from the root netns for up to 20 s.
I.e., the service was sometimes unreachable after restarting.

Now the netns is no longer stopped when the service is stopped.
2021-11-08 12:46:27 +01:00
Erik Arvstedt
c30fe1919b
netns-isolation: don't auto-assign IPv6 addrs to peer links
This simplifies the host's address configuration.

This also removes unused addresses that are returned when resolving
container hostnames via nss-mymachines:
`getent ahosts nb-test`
2021-11-02 17:40:43 +01:00
Erik Arvstedt
aada35fc7b
minor improvements
- README: add matrix room

- examples/configuration.nix: explain why bitcoind is enabled by default

- btcpayserver: group lnd service settings

- clightning:
  Use public onion port only when the onion service is public

  This allows users to enable the onion service while announcing a
  non-onion public address.

- netns-isolation: move `readOnly` attr to the top

- tests: use mkDefault to allow for easier overriding

- tests/btcpayserver: test web server response
2021-10-30 15:34:48 +02:00
nixbitcoin
a10aa21c69
joinmarket: 0.9.2 -> 0.9.3 2021-10-27 16:02:59 +02:00
nixbitcoin
63836127c9
bitcoind: one-option i2p support 2021-10-12 10:22:09 +00:00
Erik Arvstedt
a92d6a8e80
netns: expose bridgeIp as an option
Previously, this variable was not accessible to other modules.
2021-10-04 00:33:26 +02:00
Erik Arvstedt
27c45b82cc
modules: move options to the top
This greatly improves readability and makes it easier to discover options.

This commit was genereated by running the following script inside the
repo root dir:

#!/usr/bin/env ruby

def transform(src)
  return false if src.include?('inherit options;')

  success = false

  options = nil
  src.sub!(/^  options.*?^  }.*?;/m) do |match|
    options = match
    "  inherit options;"
  end
  return false if !options

  src.sub!(/^with lib;\s*let\n+/m) do |match|
    success = true
    <<~EOF
      with lib;
      let
      #{options}

    EOF
  end

  success
end

Dir['modules/**/*.nix'].each do |f|
  src = File.read(f)
  if transform(src)
    puts "Changed file #{f}"
    File.write(f, src)
  end
end
2021-09-13 13:41:47 +02:00
nixbitcoin
00a0759884
joinmarket-ob-watcher: extra permissions & functionality for fidelity bonds 2021-08-30 13:37:04 +02:00
Erik Arvstedt
178a0dcf8f
services: use new 'tor' options 2021-08-14 10:46:41 +02:00
nixbitcoin
54810ce1bf
btcpayserver: add L-BTC support 2021-08-10 10:04:54 +00:00
Martin Milata
b666bb2903 charge-lnd: add module 2021-07-12 17:36:31 +02:00
kon
eb21012745 pool: add pkg, module & tests 2021-03-01 10:59:35 +01:00
Erik Arvstedt
0b5b29a2a3
netns-isolation: simplify permission definition for netns-exec
The new definition is equivalent to the old one.
2021-02-07 22:39:06 +01:00
Erik Arvstedt
af2040f4c4
netns-isolation: use 'true' for systemd option 2021-02-07 22:39:05 +01:00
nixbitcoin
8c125ec48c
joinmarket-obwatcher: add pkg & module 2021-01-17 17:40:12 +00:00
Erik Arvstedt
09e0042aa8
spark-wallet: add consistent address options 2021-01-14 13:25:05 +01:00
Erik Arvstedt
39f16c0b4a
liquidd: add consistent address options 2021-01-14 13:25:05 +01:00
Erik Arvstedt
8fa32b7f91
btcpayserver: add consistent address options 2021-01-14 13:25:04 +01:00
Erik Arvstedt
e78a609687
clightning: add consistent address options
Also remove option 'autolisten'. This option has no effect because
option 'bind-addr' is always set.
2021-01-14 13:25:04 +01:00
Erik Arvstedt
b41a720c28
lnd: add consistent address options
Also fix btcpayserver by connecting to the lnd restAddress instead of the p2p address.
2021-01-14 13:25:03 +01:00
Erik Arvstedt
dd4a0238f9
bitcoind: group rpc options under parent option 'rpc' 2021-01-14 13:25:03 +01:00
Erik Arvstedt
5b7e0d09b2
bitcoind: add consistent address options 2021-01-14 13:25:03 +01:00
Jonas Nick
79f4723cda
lightning-charge: remove package and module 2021-01-01 19:16:46 +00:00
Jonas Nick
58de79d401
nanopos: remove package and module 2021-01-01 17:37:30 +00:00
Erik Arvstedt
f1681f5b45
add option nix-bitcoin.pkgs, remove overlay
This works around a nixpkgs bug where overlays are ignored in containers.
2020-11-09 22:10:07 +01:00
Erik Arvstedt
0972af55f1
netns: fix setup service restarts 2020-11-03 21:55:13 +01:00
Erik Arvstedt
63a464431b
netns: fail when netns already exists
Under normal circumstances, service-specific netns should never exist
before the netns setup service starts.
An existing netns is a genuine error that should not be silently ignored.
2020-11-03 21:55:13 +01:00
Erik Arvstedt
b4b607dfa5
netns: simplify firewall setup 2020-10-29 22:36:20 +01:00
Erik Arvstedt
25639cec42
netns: fix error msg when starting netns
Previously, the failing initial `netns delete` resulted in a
"Cannot remove namespace file ..." error visible in the journal
and status output.
2020-10-29 21:21:30 +01:00
Erik Arvstedt
67068afd6b
netns: fix error when stopping netns
A short time after `netns delete` finishes, the peer link in the main
netns is automatically removed.
When `link del` is run before that, it fails with
`Cannot find device "nb-veth-br-*"` and the netns service enters a failed state.
2020-10-29 21:21:30 +01:00
Erik Arvstedt
8da01fe8a6
lightning-loop: allow RPC access from main netns
Note that this also exposes the REST server, which is secured by
macaroon auth like the RPC server.
2020-10-29 21:21:29 +01:00