Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update nixpkgs-unstable, fix whitelisting local services #414

Merged
merged 4 commits into from
Oct 30, 2021
Merged

Update nixpkgs-unstable, fix whitelisting local services #414

merged 4 commits into from
Oct 30, 2021

Conversation

erikarvstedt
Copy link
Collaborator

No description provided.

@erikarvstedt
bitcoind: set onionPort in bitcoind module
cc3d43f 
This removes the module-level dependency from onion-services to
bitcoind.
Due to the `or false` fallback, there's no dependency added in
the reverse direction.

In particular, this allows us to not add a dependency on liquidd in
the following commit.
@nixbitcoin
Copy link
Member

Through manual testing I figured out that we need to add mempool to both the bitcoind & liquidd nbxplorer whitelist. Fixups

jonasnick
jonasnick reviewed Oct 29, 2021
View reviewed changes
Copy link
Member

@jonasnick jonasnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK mod nit

modules/liquid.nix Outdated Show resolved Hide resolved
@erikarvstedt
update nixpkgs-unstable
8c3a88b 
Switch back from nixpkgs master to unstable.

Pkg updates:
btcpayserver: 1.2.3 -> 1.2.4
electrs: 0.9.0 -> 0.9.1
elementsd: 0.18.1.12 -> 0.21.0
lightning-pool: 0.5.0-alpha -> 0.5.1-alpha
nbxplorer: 2.2.5 -> 2.2.11

- liquidd:
  add `onionPort` like in bitcoind

- tests/electrs:
  remove KillSignal workaround
@erikarvstedt erikarvstedt changed the title Update nixpkgs-unstable Update nixpkgs-unstable, fix whitelisting local services Oct 29, 2021
@erikarvstedt
Copy link
Collaborator Author

@nixbitcoin, I've implemented your suggestion via bitcoind, liquidd: add whitelisted socket.

@erikarvstedt
bitcoind, liquidd: add whitelisted socket
1da23cd 
This allows whitelisting local services without implicitly
whitelisting all inbound onion connections, which would happen when
setting bitcoind/liquidd option `whitelist=localhost`.

Used by electrs and nbxplorer, which requires the unsafe `mempool`
permission.
@erikarvstedt
minor improvements
aada35f 
- README: add matrix room

- examples/configuration.nix: explain why bitcoind is enabled by default

- btcpayserver: group lnd service settings

- clightning:
  Use public onion port only when the onion service is public

  This allows users to enable the onion service while announcing a
  non-onion public address.

- netns-isolation: move `readOnly` attr to the top

- tests: use mkDefault to allow for easier overriding

- tests/btcpayserver: test web server response
jonasnick
jonasnick reviewed Oct 30, 2021
View reviewed changes
Copy link
Member

@jonasnick jonasnick left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK aada35f

Nice, whitebinding is quite a bit more straightforward than expected.

@jonasnick jonasnick merged commit 3e018d0 into fort-nix:master Oct 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonasnick jonasnick jonasnick approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@erikarvstedt @nixbitcoin @jonasnick