jeirmeister/btc-pay-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added disko config

Browse source
This commit is contained in:
jeirmeister 2025-09-12 13:46:30 -07:00
parent 4dafb111b9
commit 2c61985a3b
1 changed files with 173 additions and 75 deletions
Download patch file Download diff file Expand all files Collapse all files

248
flake.nix
View file

@ -1,79 +1,177 @@
({ {
config, description = "BTCPay server, NBXplorer, Bitcoin Core, etc. as a NixOS system/container image with disko";
pkgs,
lib,
...
}: {
nixpkgs.overlays = [nix-bitcoin.overlays.default];
nix-bitcoin.generateSecrets = true; inputs = {
nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release";
nixpkgs.follows = "nix-bitcoin/nixpkgs";
nixos-generators.url = "github:nix-community/nixos-generators";
flake-utils.url = "github:numtide/flake-utils";
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
};
# Enable core services outputs = {
services.bitcoind = { self,
enable = true; nixpkgs,
dataDir = "/var/lib/bitcoind"; nix-bitcoin,
address = "0.0.0.0"; nixos-generators,
port = 23002; flake-utils,
listen = true; disko,
listenWhitelisted = true; ...
whitelistedPort = 8335; }: let
rpc = { system = "x86_64-linux";
address = "0.0.0.0"; pkgs = import nixpkgs {inherit system;};
port = 8332; in {
threads = 16; nixosConfigurations.btc-pay-server = pkgs.lib.nixosSystem {
allowip = ["10.1.1.0/24"]; inherit system;
modules = [
nix-bitcoin.nixosModules.default
disko.nixosModules.default
({
config,
pkgs,
lib,
...
}: {
nixpkgs.overlays = [nix-bitcoin.overlays.default];
nix-bitcoin.generateSecrets = true;
disko.devices = {
disk.root = {
device = "/dev/sda";
format = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
format = "vfat";
content = {
type = "filesystem";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
lvm_vg.root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = ["defaults"];
};
};
};
};
disk.data = {
device = "/dev/sdb";
format = "gpt";
partitions = {
data = {
size = "100%";
type = "8300"; # Linux filesystem
format = "xfs";
mountpoint = "/var/lib/bitcoind";
options = ["noatime"];
};
};
growPartition = true; # Enables growpart for resizing
};
};
growpart.enable = true; # Enables the growpart service
services.bitcoind = {
enable = true;
dataDir = "/var/lib/bitcoind";
address = "0.0.0.0";
port = 23002;
listen = true;
listenWhitelisted = true;
whitelistedPort = 8335;
rpc = {
address = "0.0.0.0";
port = 8332;
threads = 16;
allowip = ["10.1.1.0/24"];
};
regtest = false;
dataDirReadableByGroup = false;
disablewallet = null;
dbCache = 4000;
prune = 10000;
zmqpubrawblock = "tcp://0.0.0.0:28332";
zmqpubrawtx = "tcp://0.0.0.0:28333";
user = "bitcoind";
group = "bitcoind";
};
services.nbxplorer = {
enable = true;
address = "0.0.0.0";
port = 24444;
user = "nbxplorer";
group = "nbxplorer";
};
services.btcpayserver = {
enable = true;
address = "0.0.0.0";
port = 23000;
lbtc = true;
user = "btcpayserver";
group = "btcpayserver";
lightningBackend = "clightning";
};
networking.firewall.allowedTCPPorts = [
config.services.btcpayserver.port
config.services.bitcoind.port
config.services.nbxplorer.port
22
];
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
];
system.stateVersion = "25.05";
})
];
}; };
regtest = false;
dataDirReadableByGroup = false; devShells = flake-utils.lib.eachDefaultSystem (system: let
disablewallet = null; pkgs = import nixpkgs {inherit system;};
dbCache = 4000; in {
prune = 10000; default = pkgs.mkShell {
zmqpubrawblock = "tcp://0.0.0.0:28332"; buildInputs = [
zmqpubrawtx = "tcp://0.0.0.0:28333"; nixos-generators.packages.${system}.nixos-generate
user = "bitcoind"; pkgs.just
group = "bitcoind"; ];
shellHook = ''
echo "💚 Devshell ready: nixos-generate, just available."
'';
};
});
}; };
}
services.nbxplorer = {
enable = true;
address = "0.0.0.0";
port = 24444;
user = "nbxplorer";
group = "nbxplorer";
};
services.btcpayserver = {
enable = true;
address = "0.0.0.0";
port = 23000;
lbtc = true;
user = "btcpayserver";
group = "btcpayserver";
lightningBackend = "clightning";
};
# Firewall: Open necessary ports
networking.firewall.allowedTCPPorts = [
config.services.btcpayserver.port
config.services.bitcoind.port
config.services.nbxplorer.port
22
];
# SSH setup
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
];
system.stateVersion = "25.05";
})