bitcoin: add myself as an authenticated rpcuser
This commit is contained in:
parent
28d0a72c62
commit
36638e80a3
|
@ -1,5 +1,16 @@
|
||||||
# as of 2023/12/02: complete blockchain is 530 GiB (on-disk size may be larger)
|
# as of 2023/12/02: complete blockchain is 530 GiB (on-disk size may be larger)
|
||||||
{ ... }:
|
#
|
||||||
|
# rpc setup:
|
||||||
|
# - generate a password
|
||||||
|
# - use: <https://github.com/bitcoin/bitcoin/blob/master/share/rpcauth/rpcauth.py>
|
||||||
|
# (rpcauth.py is not included in the `'.#bitcoin'` package result)
|
||||||
|
# - `wget https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py`
|
||||||
|
# - `python ./rpcauth.py colin`
|
||||||
|
# - copy the hash here. it's SHA-256, so safe to be public.
|
||||||
|
# - add "rpcuser=colin" and "rpcpassword=<output>" to secrets/servo/bitcoin.conf (i.e. ~/.bitcoin/bitcoin.conf)
|
||||||
|
# - bitcoin.conf docs: <https://github.com/bitcoin/bitcoin/blob/master/doc/bitcoin-conf.md>
|
||||||
|
# - validate with `bitcoin-cli -netinfo`
|
||||||
|
{ config, sane-lib, ... }:
|
||||||
{
|
{
|
||||||
sane.persist.sys.byStore.ext = [
|
sane.persist.sys.byStore.ext = [
|
||||||
# /var/lib/monero/lmdb is what consumes most of the space
|
# /var/lib/monero/lmdb is what consumes most of the space
|
||||||
|
@ -16,7 +27,16 @@
|
||||||
services.bitcoind.mainnet = {
|
services.bitcoind.mainnet = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# TODO: set `rpc.users` to include my user
|
# TODO: set `rpc.users` to include my user
|
||||||
|
rpc.users.colin = {
|
||||||
|
# see docs at top of file for how to generate this
|
||||||
|
passwordHMAC = "30002c05d82daa210550e17a182db3f3$6071444151281e1aa8a2729f75e3e2d224e9d7cac3974810dab60e7c28ffaae4";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sane.users.colin.fs.".bitcoin/bitcoin.conf" = sane-lib.fs.wantedSymlinkTo config.sops.secrets."bitcoin.conf".path;
|
||||||
|
sops.secrets."bitcoin.conf" = {
|
||||||
|
mode = "0600";
|
||||||
|
owner = "colin";
|
||||||
|
group = "users";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
32
secrets/servo/bitcoin.conf.bin
Normal file
32
secrets/servo/bitcoin.conf.bin
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{
|
||||||
|
"data": "ENC[AES256_GCM,data:Bzz0jnUca1zVCu8D6dOvwVxptu65NsdcrTF9h3MGLx0V/QVppGTducNNhZBQIB6epbjZgUBHVwNZ14esFwuFvb4iBuXLtA==,iv:yJwGAtIUzceJ0n+cYxQhyLF8Xcd27itbSnFvQ8MZLa8=,tag:2pMxehMHnkIjINOcVBsmMw==,type:str]",
|
||||||
|
"sops": {
|
||||||
|
"kms": null,
|
||||||
|
"gcp_kms": null,
|
||||||
|
"azure_kv": null,
|
||||||
|
"hc_vault": null,
|
||||||
|
"age": [
|
||||||
|
{
|
||||||
|
"recipient": "age1tnl4jfgacwkargzeqnhzernw29xx8mkv73xh6ufdyde6q7859slsnzf24x",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkOCtCQzg5V3hXQlNZT1lo\nWUxMT1VlUmVUZmd3blFLN1ZnV1BJZWRIaURvCmJ3ZzhvRGpjQldrTUpsMnY5TklI\nMGp2aThKY1duR2RzdTMyVXpibzB5WTgKLS0tIDd4b2NyTU9XcTF0VWdvVjZNdlZs\nT1VxZk9qOVIyN0lXVDNFSC84T0JKeGcKr1zdv6lha2iJRJKszz/HeAz7labzdMI7\n+zP/CjXf0/q2cQeZoxuuSsQwc8+3DRJBJwsB//wh5Uo16kKLnAiynQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1j2pqnl8j0krdzk6npe93s4nnqrzwx978qrc0u570gzlamqpnje9sc8le2g",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtNWx0eG83UHhET0Z2YWtM\nTm5BTTByUC9TT1UwSnQ0Y2c0VTVBMk5pSGlrCkc1cVR6MzZ3KzY1eU5sSXlXN0Vj\nQTFsemFMU0dFdk1qeFBXTTFwZndnN1EKLS0tIFVTTG9EdzFuNzdnMGNCb00rb0xy\nYXVsa3FQdG1qSjBTWmdQUHRhaDFocHcKeit4PvcXUHCHVniojD1on0Nkwf8kcW96\nrOeSfFs2A20GZB5KPbB3j8D+6csdY1lHqZuaVCWtpuheE74MQQSOaw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1z8fauff34cdecr6sjkre260luzxcca05kpcwvhx988d306tpcejsp63znu",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtOXJualdaNUpsYUVtU2ZM\nQnNjYkE3OTI2SWZZOGhwSHh6ODZSQjVZVEZjCnNpbjhVMlhsVWZnZVVkQmtsdmta\neURqNjZXZmtJQ0FIWVhydFovblVPZmMKLS0tIFpKVVBVQUtzR1RNVmE0dURGMVAw\nc0wxWHlmMjVVVEVsNmQrODR2OHczam8KrgIhu3Rhco0bgZA8TotzfGqnlio0L9G/\nvCJ/gP05o6zqaFqJV8Q7W5YdLwyI+ao9QnTn+QdTbM6HLImLPz9KBA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1tzlyex2z6t88tg9h82943e39shxhmqeyr7ywhlwpdjmyqsndv3qq27x0rf",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEdjhnSVg1eWhOK0toTmpR\nK3V6cGxnSWd0RFBUWjYrSysvdWcvbjhtZVdFCmxyUm1ISnBKMlMwM1pmZlZweUJz\nVE5HRGcxZUI1dTlZLzQ0L0JiWStwVmcKLS0tIGkwamRHZ2oxZ1dLV1B4ZW41Yk0y\ncTZHTTJGSDNEczRYYmZVdkxPTzVOc2MKI7lMn2a1XR6jvbH6P4bJS4FMFc0lBsxo\nzAO8oLcJpX+OxiiAB/tp2Jr3/7ik7KmxpF+EWHOuWT3z2D29A8ZLDw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"lastmodified": "2024-01-02T18:10:48Z",
|
||||||
|
"mac": "ENC[AES256_GCM,data:F647PM6jSQ6BceuPt3KILW7goKtG4eHPUYj+qGQ9wp0aDQX7edx+HBh+E0jZQxALVrIyy/Ym9Muw5ChBZYPerkI3gpf3uAU0ek4+kj/LAWFG1Kc1cxpII+rQgM+GxO8ixpNw5yJZ1hnkTBrieBZNN1ThRA/irwVOUT6f3gK+ZyY=,iv:REcQw8EO8XgJuXo0u0M1IxEpGZjhiAULMlS/ncpgVCY=,tag:5e9sdVzHWLylUFV4Vj935A==,type:str]",
|
||||||
|
"pgp": null,
|
||||||
|
"unencrypted_suffix": "_unencrypted",
|
||||||
|
"version": "3.8.1"
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user