jacobpascual/nix-bitcoin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge fort-nix/nix-bitcoin#450: Misc. improvements

Browse Source 
d959d5b558 secure-node: don't set `nix-bitcoin.secretsDir` (Erik Arvstedt)
7b0c3d48c9 docs/services.md: link to clightning plugin list (Erik Arvstedt)
7402212263 examples/configuration.nix: disable `passwordAuthentication` (Erik Arvstedt)
e093bb64d9 examples/configuration.nix: fix links to `docs/services.md` (Erik Arvstedt)
d41a550355 fetch-release: export GNUPGHOME (Erik Arvstedt)
397b372cf3 bitcoind: improve option `rpc.users` (Erik Arvstedt)
679e7b6544 bitcoind: remove unneeded tmpfile rule (Erik Arvstedt)
98f419233f bitcoind: don't log timestamps (Erik Arvstedt)
6f8b4d9ebe flake: optimize nixpkgs importing (Erik Arvstedt)
16e2d4c8b7 flake: remove unneeded indirection in legacyPackages (Erik Arvstedt)

Pull request description:

ACKs for top commit:
  jonasnick:
    ACK d959d5b558

Tree-SHA512: e62fcf36ac77df62b9f86279d0ebac807525d188cbf1ee5c13cf1406b3caadad0f2df7527b0c8713259cbc6d5cdfa006f01e90d5377f974213f204a2f85a8ae6
This commit is contained in:
Jonas Nick
2022-02-06 17:00:40 +00:00
parent 22bd5075ea d959d5b558
commit 0ac9d6f4c8
8 changed files with 64 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
modules/bitcoind.nix
View File

@@ -101,9 +101,14 @@ let
};
users = mkOption {
default = {};
description = ''
Allowed users for JSON-RPC connections.
'';
example = {
alice.passwordHMAC = "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae";
bob.passwordHMAC = "b2dd077cb54591a2f3139e69a897ac$4e71f08d48b4347cf8eff3815c0e25ae2e9a4340474079f55705f40574f4ec99";
alice = {
passwordHMAC = "f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae";
rpcwhitelist = [ "getnetworkinfo" "getpeerinfo" ];
};
};
type = with types; attrsOf (submodule ({ name, ... }: {
options = {
@@ -138,9 +143,6 @@ let
};
};
}));
description = ''
RPC user information for JSON-RPC connections.
'';
};
};
regtest = mkOption {
@@ -282,6 +284,7 @@ let
configFile = builtins.toFile "bitcoin.conf" ''
# We're already logging via journald
nodebuglogfile=1
logtimestamps=0
startupnotify=/run/current-system/systemd/bin/systemd-notify --ready
@@ -366,7 +369,6 @@ in {
systemd.tmpfiles.rules = [
"d '${cfg.dataDir}' 0770 ${cfg.user} ${cfg.group} - -"
"d '${cfg.dataDir}/blocks' 0770 ${cfg.user} ${cfg.group} - -"
];
systemd.services.bitcoind = {
@@ -386,7 +388,12 @@ in {
''
) (builtins.attrNames cfg.rpc.users);
in ''
${optionalString cfg.dataDirReadableByGroup "chmod -R g+rX '${cfg.dataDir}/blocks'"}
${optionalString cfg.dataDirReadableByGroup ''
if [[ -e '${cfg.dataDir}/blocks' ]]; then
chmod -R g+rX '${cfg.dataDir}/blocks'
fi
''}
cfg=$(
cat ${configFile}
${extraRpcauth}

3
modules/presets/secure-node.nix
View File

@@ -18,9 +18,6 @@ in {
};
config = {
# For backwards compatibility only
nix-bitcoin.secretsDir = mkDefault "/secrets";
networking.firewall.enable = true;
nix-bitcoin.security.dbusHideProcessInformation = true;

21
modules/versioning.nix
View File

@@ -181,6 +181,27 @@ let
once.
'';
}
{
version = "0.0.65";
condition = config.nix-bitcoin ? secure-node-preset-enabled &&
config.nix-bitcoin.secretsDir == "/etc/nix-bitcoin-secrets";
message = ''
The `secure-node.nix` preset does not set the secrets directory
to "/secrets" anymore.
Instead, the default location "/etc/nix-bitcoin-secrets" is used.
To upgrade, choose one of the following:
- Continue using "/secrets":
Add `nix-bitcoin.secretsDir = "/secrets";` to your configuration.nix.
- Move your secrets to the default location:
Run the following command as root on your node:
`rsync -a /secrets/ /etc/nix-bitcoin-secrets`.
You can delete the old "/secrets" directory after deploying the new system
config to your node.
'';
}
];
mkOnionServiceChange = service: {