Giving up on LXC, switching to VM config
This commit is contained in:
parent
81939bd533
commit
4dafb111b9
1 changed files with 75 additions and 133 deletions
70
flake.nix
70
flake.nix
|
|
@ -1,38 +1,14 @@
|
|||
{
|
||||
description = "BTCPay server, NBXplorer, Bitcoin Core, etc. as a NixOS system/container image";
|
||||
|
||||
inputs = {
|
||||
nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release";
|
||||
nixpkgs.follows = "nix-bitcoin/nixpkgs";
|
||||
nixos-generators.url = "github:nix-community/nixos-generators";
|
||||
flake-utils.url = "github:numtide/flake-utils";
|
||||
};
|
||||
|
||||
outputs = {
|
||||
self,
|
||||
nixpkgs,
|
||||
nix-bitcoin,
|
||||
nixos-generators,
|
||||
flake-utils,
|
||||
...
|
||||
}: let
|
||||
system = "x86_64-linux";
|
||||
pkgs = import nixpkgs {inherit system;};
|
||||
in {
|
||||
nixosConfigurations.btc-pay-server = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
nix-bitcoin.nixosModules.default
|
||||
({
|
||||
({
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
}: {
|
||||
nixpkgs.overlays = [nix-bitcoin.overlays.default];
|
||||
|
||||
nix-bitcoin.generateSecrets = true;
|
||||
|
||||
# Enable core services
|
||||
services.bitcoind = {
|
||||
enable = true;
|
||||
dataDir = "/var/lib/bitcoind";
|
||||
|
|
@ -76,15 +52,7 @@
|
|||
lightningBackend = "clightning";
|
||||
};
|
||||
|
||||
# Relax seccomp and namespaces for BTCPayServer to avoid SIGSYS in LXC
|
||||
systemd.services.btcpayserver.serviceConfig = {
|
||||
SystemCallFilter = [];
|
||||
PrivateMounts = false;
|
||||
ProtectSystem = lib.mkForce false; # Overrides nix-bitcoin's "strict" value
|
||||
};
|
||||
|
||||
boot.isContainer = true;
|
||||
|
||||
# Firewall: Open necessary ports
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
config.services.btcpayserver.port
|
||||
config.services.bitcoind.port
|
||||
|
|
@ -92,6 +60,7 @@
|
|||
22
|
||||
];
|
||||
|
||||
# SSH setup
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
|
@ -106,32 +75,5 @@
|
|||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
|
||||
];
|
||||
|
||||
systemd.suppressedSystemUnits = [
|
||||
"dev-mqueue.mount"
|
||||
"sys-kernel-debug.mount"
|
||||
"sys-fs-fuse-connections.mount"
|
||||
];
|
||||
|
||||
system.stateVersion = "25.05";
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
# Your devShell remains the same
|
||||
devShells = flake-utils.lib.eachDefaultSystem (
|
||||
system: let
|
||||
pkgs = import nixpkgs {inherit system;};
|
||||
in {
|
||||
default = pkgs.mkShell {
|
||||
buildInputs = [
|
||||
nixos-generators.packages.${system}.nixos-generate
|
||||
pkgs.just
|
||||
];
|
||||
shellHook = ''
|
||||
echo "💚 Devshell ready: nixos-generate, just available."
|
||||
'';
|
||||
};
|
||||
}
|
||||
);
|
||||
};
|
||||
}
|
||||
})
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue