Added disko config

2025-09-12 13:46:30 -07:00 · 2025-09-12 13:46:30 -07:00 · 2c61985a3b
commit 2c61985a3b
parent 4dafb111b9
1 changed files with 173 additions and 75 deletions
--- a/flake.nix
+++ b/flake.nix
@ -1,79 +1,177 @@
-({
-  config,
-  pkgs,
-  lib,
-  ...
-}: {
-  nixpkgs.overlays = [nix-bitcoin.overlays.default];
+{
+  description = "BTCPay server, NBXplorer, Bitcoin Core, etc. as a NixOS system/container image with disko";

-  nix-bitcoin.generateSecrets = true;
+  inputs = {
+    nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release";
+    nixpkgs.follows = "nix-bitcoin/nixpkgs";
+    nixos-generators.url = "github:nix-community/nixos-generators";
+    flake-utils.url = "github:numtide/flake-utils";
+    disko.url = "github:nix-community/disko";
+    disko.inputs.nixpkgs.follows = "nixpkgs";
+  };

-  # Enable core services
-  services.bitcoind = {
-    enable = true;
-    dataDir = "/var/lib/bitcoind";
-    address = "0.0.0.0";
-    port = 23002;
-    listen = true;
-    listenWhitelisted = true;
-    whitelistedPort = 8335;
-    rpc = {
-      address = "0.0.0.0";
-      port = 8332;
-      threads = 16;
-      allowip = ["10.1.1.0/24"];
+  outputs = {
+    self,
+    nixpkgs,
+    nix-bitcoin,
+    nixos-generators,
+    flake-utils,
+    disko,
+    ...
+  }: let
+    system = "x86_64-linux";
+    pkgs = import nixpkgs {inherit system;};
+  in {
+    nixosConfigurations.btc-pay-server = pkgs.lib.nixosSystem {
+      inherit system;
+      modules = [
+        nix-bitcoin.nixosModules.default
+        disko.nixosModules.default
+        ({
+          config,
+          pkgs,
+          lib,
+          ...
+        }: {
+          nixpkgs.overlays = [nix-bitcoin.overlays.default];
+
+          nix-bitcoin.generateSecrets = true;
+
+          disko.devices = {
+            disk.root = {
+              device = "/dev/sda";
+              format = "gpt";
+              partitions = {
+                ESP = {
+                  size = "512M";
+                  type = "EF00";
+                  format = "vfat";
+                  content = {
+                    type = "filesystem";
+                    mountpoint = "/boot";
+                  };
+                };
+                root = {
+                  size = "100%";
+                  content = {
+                    type = "lvm_pv";
+                    vg = "root_vg";
+                  };
+                };
+              };
+            };
+            lvm_vg.root_vg = {
+              type = "lvm_vg";
+              lvs = {
+                root = {
+                  size = "100%FREE";
+                  content = {
+                    type = "filesystem";
+                    format = "ext4";
+                    mountpoint = "/";
+                    mountOptions = ["defaults"];
+                  };
+                };
+              };
+            };
+            disk.data = {
+              device = "/dev/sdb";
+              format = "gpt";
+              partitions = {
+                data = {
+                  size = "100%";
+                  type = "8300"; # Linux filesystem
+                  format = "xfs";
+                  mountpoint = "/var/lib/bitcoind";
+                  options = ["noatime"];
+                };
+              };
+              growPartition = true; # Enables growpart for resizing
+            };
+          };
+          growpart.enable = true; # Enables the growpart service
+
+          services.bitcoind = {
+            enable = true;
+            dataDir = "/var/lib/bitcoind";
+            address = "0.0.0.0";
+            port = 23002;
+            listen = true;
+            listenWhitelisted = true;
+            whitelistedPort = 8335;
+            rpc = {
+              address = "0.0.0.0";
+              port = 8332;
+              threads = 16;
+              allowip = ["10.1.1.0/24"];
+            };
+            regtest = false;
+            dataDirReadableByGroup = false;
+            disablewallet = null;
+            dbCache = 4000;
+            prune = 10000;
+            zmqpubrawblock = "tcp://0.0.0.0:28332";
+            zmqpubrawtx = "tcp://0.0.0.0:28333";
+            user = "bitcoind";
+            group = "bitcoind";
+          };
+
+          services.nbxplorer = {
+            enable = true;
+            address = "0.0.0.0";
+            port = 24444;
+            user = "nbxplorer";
+            group = "nbxplorer";
+          };
+
+          services.btcpayserver = {
+            enable = true;
+            address = "0.0.0.0";
+            port = 23000;
+            lbtc = true;
+            user = "btcpayserver";
+            group = "btcpayserver";
+            lightningBackend = "clightning";
+          };
+
+          networking.firewall.allowedTCPPorts = [
+            config.services.btcpayserver.port
+            config.services.bitcoind.port
+            config.services.nbxplorer.port
+            22
+          ];
+
+          services.openssh = {
+            enable = true;
+            settings = {
+              PermitRootLogin = "prohibit-password";
+              PasswordAuthentication = false;
+            };
+          };
+
+          users.users.root.openssh.authorizedKeys.keys = [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix"
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470"
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
+          ];
+
+          system.stateVersion = "25.05";
+        })
+      ];
    };
-    regtest = false;
-    dataDirReadableByGroup = false;
-    disablewallet = null;
-    dbCache = 4000;
-    prune = 10000;
-    zmqpubrawblock = "tcp://0.0.0.0:28332";
-    zmqpubrawtx = "tcp://0.0.0.0:28333";
-    user = "bitcoind";
-    group = "bitcoind";
+
+    devShells = flake-utils.lib.eachDefaultSystem (system: let
+      pkgs = import nixpkgs {inherit system;};
+    in {
+      default = pkgs.mkShell {
+        buildInputs = [
+          nixos-generators.packages.${system}.nixos-generate
+          pkgs.just
+        ];
+        shellHook = ''
+          echo "💚 Devshell ready: nixos-generate, just available."
+        '';
+      };
+    });
  };
-
-  services.nbxplorer = {
-    enable = true;
-    address = "0.0.0.0";
-    port = 24444;
-    user = "nbxplorer";
-    group = "nbxplorer";
-  };
-
-  services.btcpayserver = {
-    enable = true;
-    address = "0.0.0.0";
-    port = 23000;
-    lbtc = true;
-    user = "btcpayserver";
-    group = "btcpayserver";
-    lightningBackend = "clightning";
-  };
-
-  # Firewall: Open necessary ports
-  networking.firewall.allowedTCPPorts = [
-    config.services.btcpayserver.port
-    config.services.bitcoind.port
-    config.services.nbxplorer.port
-    22
-  ];
-
-  # SSH setup
-  services.openssh = {
-    enable = true;
-    settings = {
-      PermitRootLogin = "prohibit-password";
-      PasswordAuthentication = false;
-    };
-  };
-
-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
-  ];
-
-  system.stateVersion = "25.05";
-})
+}