diff --git a/flake.nix b/flake.nix index 5cd6f33..f585a6c 100644 --- a/flake.nix +++ b/flake.nix @@ -1,79 +1,177 @@ -({ - config, - pkgs, - lib, - ... -}: { - nixpkgs.overlays = [nix-bitcoin.overlays.default]; +{ + description = "BTCPay server, NBXplorer, Bitcoin Core, etc. as a NixOS system/container image with disko"; - nix-bitcoin.generateSecrets = true; + inputs = { + nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release"; + nixpkgs.follows = "nix-bitcoin/nixpkgs"; + nixos-generators.url = "github:nix-community/nixos-generators"; + flake-utils.url = "github:numtide/flake-utils"; + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + }; - # Enable core services - services.bitcoind = { - enable = true; - dataDir = "/var/lib/bitcoind"; - address = "0.0.0.0"; - port = 23002; - listen = true; - listenWhitelisted = true; - whitelistedPort = 8335; - rpc = { - address = "0.0.0.0"; - port = 8332; - threads = 16; - allowip = ["10.1.1.0/24"]; + outputs = { + self, + nixpkgs, + nix-bitcoin, + nixos-generators, + flake-utils, + disko, + ... + }: let + system = "x86_64-linux"; + pkgs = import nixpkgs {inherit system;}; + in { + nixosConfigurations.btc-pay-server = pkgs.lib.nixosSystem { + inherit system; + modules = [ + nix-bitcoin.nixosModules.default + disko.nixosModules.default + ({ + config, + pkgs, + lib, + ... + }: { + nixpkgs.overlays = [nix-bitcoin.overlays.default]; + + nix-bitcoin.generateSecrets = true; + + disko.devices = { + disk.root = { + device = "/dev/sda"; + format = "gpt"; + partitions = { + ESP = { + size = "512M"; + type = "EF00"; + format = "vfat"; + content = { + type = "filesystem"; + mountpoint = "/boot"; + }; + }; + root = { + size = "100%"; + content = { + type = "lvm_pv"; + vg = "root_vg"; + }; + }; + }; + }; + lvm_vg.root_vg = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = ["defaults"]; + }; + }; + }; + }; + disk.data = { + device = "/dev/sdb"; + format = "gpt"; + partitions = { + data = { + size = "100%"; + type = "8300"; # Linux filesystem + format = "xfs"; + mountpoint = "/var/lib/bitcoind"; + options = ["noatime"]; + }; + }; + growPartition = true; # Enables growpart for resizing + }; + }; + growpart.enable = true; # Enables the growpart service + + services.bitcoind = { + enable = true; + dataDir = "/var/lib/bitcoind"; + address = "0.0.0.0"; + port = 23002; + listen = true; + listenWhitelisted = true; + whitelistedPort = 8335; + rpc = { + address = "0.0.0.0"; + port = 8332; + threads = 16; + allowip = ["10.1.1.0/24"]; + }; + regtest = false; + dataDirReadableByGroup = false; + disablewallet = null; + dbCache = 4000; + prune = 10000; + zmqpubrawblock = "tcp://0.0.0.0:28332"; + zmqpubrawtx = "tcp://0.0.0.0:28333"; + user = "bitcoind"; + group = "bitcoind"; + }; + + services.nbxplorer = { + enable = true; + address = "0.0.0.0"; + port = 24444; + user = "nbxplorer"; + group = "nbxplorer"; + }; + + services.btcpayserver = { + enable = true; + address = "0.0.0.0"; + port = 23000; + lbtc = true; + user = "btcpayserver"; + group = "btcpayserver"; + lightningBackend = "clightning"; + }; + + networking.firewall.allowedTCPPorts = [ + config.services.btcpayserver.port + config.services.bitcoind.port + config.services.nbxplorer.port + 22 + ]; + + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + }; + }; + + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io" + ]; + + system.stateVersion = "25.05"; + }) + ]; }; - regtest = false; - dataDirReadableByGroup = false; - disablewallet = null; - dbCache = 4000; - prune = 10000; - zmqpubrawblock = "tcp://0.0.0.0:28332"; - zmqpubrawtx = "tcp://0.0.0.0:28333"; - user = "bitcoind"; - group = "bitcoind"; + + devShells = flake-utils.lib.eachDefaultSystem (system: let + pkgs = import nixpkgs {inherit system;}; + in { + default = pkgs.mkShell { + buildInputs = [ + nixos-generators.packages.${system}.nixos-generate + pkgs.just + ]; + shellHook = '' + echo "💚 Devshell ready: nixos-generate, just available." + ''; + }; + }); }; - - services.nbxplorer = { - enable = true; - address = "0.0.0.0"; - port = 24444; - user = "nbxplorer"; - group = "nbxplorer"; - }; - - services.btcpayserver = { - enable = true; - address = "0.0.0.0"; - port = 23000; - lbtc = true; - user = "btcpayserver"; - group = "btcpayserver"; - lightningBackend = "clightning"; - }; - - # Firewall: Open necessary ports - networking.firewall.allowedTCPPorts = [ - config.services.btcpayserver.port - config.services.bitcoind.port - config.services.nbxplorer.port - 22 - ]; - - # SSH setup - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "prohibit-password"; - PasswordAuthentication = false; - }; - }; - - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io" - ]; - - system.stateVersion = "25.05"; -}) +}