Now all services that access secrets only run after the secrets setup
has finished.
Previously, we assumed that the systemd `after` dependency is
transitive, i.e. that adding an `after = [ "bitcoind.service" ]`
to a service implicitly pulled in the `after` dependency to
`nix-bitcoin-secrets.target` (which is defined for `bitcoind`).
This is not the case. Services could start before secrets setup
had finished, leading to service failure.
By disabling `trustedcoin.tor.proxy` and enabling `clightning.tor.proxy`,
`trustedcoin` can be used without Tor proxying, while clighting still
uses Tor for lightning layer connections.
Previously, disabling Tor for `trustedcoin` required to also disable
Tor for clightning.
Also fix the workaround in the docs for the trustedcoin Tor connection issues:
The previous config snippet only affected systemd hardening settings,
but didn't disable Tor for trustedcoin.
This decouples modules `clightning` and `trustedcoin`.
`clightning` no longer depends on `trustedcoin`, which restores
the acyclic dependency graph described in `modules.nix`
lnd and lightning-loop resolve `localhost` to an IPv4 address when
creating RPC sockets.
Since NixOS 23.05, RTL (nodejs) resolves `localhost` to an IPv6
address when connecting to lnd and lightning-loop, which leads to
connection errors.
To fix these and other potential errors, replace all instances
of `localhost` with `127.0.0.1`.
A convenience helper which allows running most `sudo` cmds while
`doas` is enabled.
This is safe because all args supported by both `sudo` and
`doas` that lead to command execution (like `-u <user>`)
have identical semantics.
- Generate lndconnect URLs with protocol `c-lightning-rest` for clightning.
(Zeus now auto-detects the lightning implementation by the URL protocol.)
- Use improved QR code format (via qrencode) .
For both lnd and clightning-rest, `lndconnectOnion` is replaced by
options `lndconnect.enable` and `lndconnect.onion`.
This allows using lndconnect without Tor.
This still hides the proc subdirectories for other processes.
Without this setting, fulcrum fails when the config value of
`fast-sync` is greater than 2^31 bytes.
Previously, when merging different definitions of `extraConfig`,
only the top-level attrset was merged.
Example:
The two separate settings
nodes.lnd.extraConfig.Settings.userPersona = "MERCHANT";
nodes.lnd.extraConfig.Settings.logLevel = "DEBUG";
were previously merged into
nodes.lnd.extraConfig.Settings = { logLevel = "DEBUG" };
(The last definition has precedence.)
