Merge #312: Refactorings, cleanups

0a2c8e4864 run-tests: add option --copy-src (Erik Arvstedt) 803584a288 backups: don't use hardcoded secrets dir (Erik Arvstedt) c29d44b49a ci: use 'cachix watch-exec' (Erik Arvstedt) 6a32812412 services: add names for systemd helper scripts (Erik Arvstedt) 6982699613 services: use consistent layout (Erik Arvstedt) a43534dda0 services: improve config file setup (Erik Arvstedt) 18f2002cf0 joinmarket-yieldgenerator: improve systemd journal output (Erik Arvstedt) 9d0b8c8f6f joinmarket-ob-watcher: use DynamicUser (Erik Arvstedt) e9c98f415c joinmarket: explain need for tor control socket (Erik Arvstedt) d9c87b6a8f joinmarket: fix wallet creation (Erik Arvstedt) 7458350108 treewide: remove deprecated types.loaOf (Erik Arvstedt) 9cf038939c treewide: use mkEnableOption (Erik Arvstedt) 7a97304f13 treewide: remove unit descriptions (Erik Arvstedt) a942177ecf treewide: remove user descriptions (Erik Arvstedt) 4f6ff408ef treewide: remove unneeded string literals (Erik Arvstedt) e6a6c721c1 treewide: streamline 'extraConfig' descriptions (Erik Arvstedt) e774c045de treewide: fix formatting (Erik Arvstedt) 0b5b29a2a3 netns-isolation: simplify permission definition for netns-exec (Erik Arvstedt) a587a2b02a defaultHardening: explain where @system-service is defined (Erik Arvstedt) bb3a69797e README: minor improvements (Erik Arvstedt) 13fc9dfabf examples: improve introductory comments (Erik Arvstedt) af2040f4c4 netns-isolation: use 'true' for systemd option (Erik Arvstedt) c246bbb36e bitcoind, clightning, lnd: improve descriptions (Erik Arvstedt) 7533f12ef1 bitcoind, clightning, run-tests: minor refactoring (Erik Arvstedt) 41fe9b0c1d elementsd: minor refactoring (Erik Arvstedt) f0850d3f23 btcpayserver: reorder config settings (Erik Arvstedt) d1c0ea9f85 btcpayserver: add missing systemd postgresql dependency (Erik Arvstedt) Pull request description: ACKs for top commit: jonasnick: ACK 0a2c8e4864 Tree-SHA512: 5c81b36042fbb2f016c8e58ba9e05ef3389d5376b8df713d3258d2cd0b6a9239904531171aca8e49bea7039341d5fa91aa9474c6d98de849c25ede52deccc5a3
2021-02-08 20:31:56 +00:00 · 2021-02-08 20:31:56 +00:00 · f9683889d9
commit f9683889d9
parent 2ebd1129a5 0a2c8e4864
25 changed files with 236 additions and 263 deletions
--- a/pkgs/elementsd/default.nix
+++ b/pkgs/elementsd/default.nix
@ -3,20 +3,20 @@
 , withGui }:

 with stdenv.lib;
-stdenv.mkDerivation rec{
-  name = "elements" + (toString (optional (!withGui) "d")) + "-" + version;
+stdenv.mkDerivation rec {
+  pname = "elements${optionalString (!withGui) "d"}";
  version = "0.18.1.9";

  src = fetchurl {
-    urls = [
-            "https://github.com/ElementsProject/elements/archive/elements-${version}.tar.gz"
-           ];
+    url = "https://github.com/ElementsProject/elements/archive/elements-${version}.tar.gz";
+    # Use ./get-sha256.sh to fetch latest (verified) sha256
    sha256 = "c6f1b040a896a1aaa7340f5cd48e119c84fef88df5d4c17d5ad5c13783f5b6c7";
-   };
+  };

  nativeBuildInputs =
    [ pkgconfig autoreconfHook ]
    ++ optional withGui wrapQtAppsHook;
+
  buildInputs = [ openssl db48 boost zlib zeromq
                  miniupnpc protobuf libevent]
                  ++ optionals stdenv.isLinux [ utillinux ]
@ -27,10 +27,10 @@ stdenv.mkDerivation rec{
                   ] ++ optionals (!doCheck) [
                     "--disable-tests"
                     "--disable-gui-tests"
-                   ]
-                     ++ optionals withGui [ "--with-gui=qt5"
-                                            "--with-qt-bindir=${qtbase.dev}/bin:${qttools.dev}/bin"
-                                          ];
+                   ] ++ optionals withGui [
+                     "--with-gui=qt5"
+                     "--with-qt-bindir=${qtbase.dev}/bin:${qttools.dev}/bin"
+                   ];

  checkInputs = [ rapidcheck python3 ];

--- a/pkgs/lib.nix
+++ b/pkgs/lib.nix
@ -28,8 +28,9 @@ let self = {
      CapabilityBoundingSet = "";
      # @system-service whitelist and docker seccomp blacklist (except for "clone"
      # which is a core requirement for systemd services)
+      # @system-service is defined in src/shared/seccomp-util.c (systemd source)
      SystemCallFilter = [ "@system-service" "~add_key clone3 get_mempolicy kcmp keyctl mbind move_pages name_to_handle_at personality process_vm_readv process_vm_writev request_key set_mempolicy setns unshare userfaultfd" ];
-      SystemCallArchitectures= "native";
+      SystemCallArchitectures = "native";
  };

  # nodejs applications apparently rely on memory write execute
@ -51,13 +52,13 @@ let self = {
    '';
  };

-  script = src: pkgs.writers.writeBash "script" ''
+  script = name: src: pkgs.writers.writeBash name ''
    set -eo pipefail
    ${src}
  '';

  # Used for ExecStart*
-  privileged = src: "+${self.script src}";
+  privileged = name: src: "+${self.script name src}";

  cliExec = mkOption {
    # Used by netns-isolation to execute the cli in the service's private netns
--- a/pkgs/python-packages/chromalog/default.nix
+++ b/pkgs/python-packages/chromalog/default.nix
@ -6,7 +6,7 @@ buildPythonPackage rec {
  src = fetchFromGitHub {
    owner = "freelan-developers";
    repo = "chromalog";
-    rev = "${version}";
+    rev = version;
    sha256 = "0pj4s52rgwlvwkzrj85y92c5r9c84pz8gga45jl5spysrv41y9p0";
  };