Reducing modules to single flake to ensure nix-bitcoin inheritance

flake.nix

@@ -2,79 +2,136 @@
   description = "BTCPay server, NBXplorer, Bitcoin Core, etc. as a NixOS system/container image";
 
   inputs = {
-    nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release";
+    nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release-0.0.85"; # Pin to a stable release
     nixpkgs.follows = "nix-bitcoin/nixpkgs";
     nixos-generators.url = "github:nix-community/nixos-generators";
     flake-utils.url = "github:numtide/flake-utils";
   };
 
-  outputs = { self, nixpkgs, nix-bitcoin, nixos-generators, flake-utils, ... }:
-    let
-      system = "x86_64-linux";
-      pkgs = import nixpkgs { inherit system; };
+  outputs = {
+    self,
+    nixpkgs,
+    nix-bitcoin,
+    nixos-generators,
+    flake-utils,
+    ...
+  }: let
+    system = "x86_64-linux";
+    pkgs = import nixpkgs {inherit system;};
+  in {
+    nixosConfigurations.btc-pay-server = nixpkgs.lib.nixosSystem {
+      inherit system;
       modules = [
         nix-bitcoin.nixosModules.default
-        ./modules/bitcoind
-        ./modules/nbxplorer
-        ./modules/btcpay
-      ];
-    in {
-      nixosConfigurations.btc-pay-server = nixpkgs.lib.nixosSystem {
-        system = "x86_64-linux";
-        modules = modules ++ [
-          ({ config, ... }: {
-            boot.isContainer = true;
-            # boot.mountDebugFS = false;
-            system.stateVersion = "25.05";
-            # services.btcpay-full.enable = true;
-            users.users.root.openssh.authorizedKeys.keys = [
-              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix"
-              "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470"
-	      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
-            ];
-            # networking.firewall.allowedTCPPorts = [ 
-            #   23002 
-            #   22
-            #   24444 
-            #   8332 
-            #   5432 
-            #   28332 
-            #   28333 
-            #   ];
-            networking.firewall.allowedTCPPorts = [
-              config.services.btcpayserver.port
-              config.services.bitcoind.port
-            ];
-            systemd.suppressedSystemUnits = [
-              "dev-mqueue.mount"
-              "sys-kernel-debug.mount"
-              "sys-fs-fuse-connections.mount"
-            ];
-            services.openssh = {
-              enable = true;
-              settings = {
-                PermitRootLogin = "prohibit-password";
-                PasswordAuthentication = false;
-              };
-            };
-          })
-        ];
-      };
+        ({
+          config,
+          pkgs,
+          lib,
+          ...
+        }: {
+          nixpkgs.overlays = [nix-bitcoin.overlays.default];
 
-      devShells = flake-utils.lib.eachDefaultSystem (system:
-        let
-          pkgs = import nixpkgs { inherit system; };
-        in {
-          default = pkgs.mkShell {
-            buildInputs = [
-              nixos-generators.packages.${system}.nixos-generate
-              pkgs.just
-            ];
-            shellHook = ''
-              echo "💚 Devshell ready: nixos-generate, just available."
-            '';
+          # Enable core services
+          services.bitcoind = {
+            enable = true;
+            dataDir = "/var/lib/bitcoind"; # Explicitly set to your existing path (it's the default, but this confirms reuse)
+            address = "0.0.0.0";
+            port = 23002;
+            listen = true;
+            listenWhitelisted = true;
+            whitelistedPort = 8335;
+            rpc = {
+              address = "0.0.0.0";
+              port = 8332;
+              threads = 4;
+              allowip = ["10.1.1.0/24"]; # Adjust if needed
+            };
+            regtest = false;
+            network = "mainnet";
+            dataDirReadableByGroup = false;
+            disablewallet = null;
+            dbCache = 4000;
+            prune = 10000; # Matches your existing bitcoin.conf; set to 0 to disable pruning (needs more disk space)
+            zmqpubrawblock = "tcp://0.0.0.0:28332";
+            zmqpubrawtx = "tcp://0.0.0.0:28333";
+            user = "bitcoind";
+            group = "bitcoind";
           };
-        }
-      );
+
+          services.nbxplorer = {
+            enable = true;
+            address = "0.0.0.0";
+            port = 24444;
+            user = "nbxplorer";
+            group = "nbxplorer";
+          };
+
+          services.btcpayserver = {
+            enable = true;
+            address = "0.0.0.0";
+            port = 23000;
+            lbtc = true; # If you want Liquid support
+            user = "btcpayserver";
+            group = "btcpayserver";
+            lightningBackend = "clightning"; # Or "lnd"
+          };
+
+          # PostgreSQL is handled automatically by nix-bitcoin's BTCPay module
+          # No need for custom postgresql module
+
+          # Container mode (if desired; test without first)
+          boot.isContainer = true;
+
+          # Firewall: Open necessary ports
+          networking.firewall.allowedTCPPorts = [
+            config.services.btcpayserver.port
+            config.services.bitcoind.port
+            config.services.nbxplorer.port
+            22 # SSH
+          ];
+
+          # SSH setup
+          services.openssh = {
+            enable = true;
+            settings = {
+              PermitRootLogin = "prohibit-password";
+              PasswordAuthentication = false;
+            };
+          };
+          users.users.root.openssh.authorizedKeys.keys = [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix"
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470"
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
+          ];
+
+          # Suppress unnecessary units (as in your original)
+          systemd.suppressedSystemUnits = [
+            "dev-mqueue.mount"
+            "sys-kernel-debug.mount"
+            "sys-fs-fuse-connections.mount"
+          ];
+
+          # State version
+          system.stateVersion = "25.05";
+        })
+      ];
     };
+
+    # Your devShell remains the same
+    devShells = flake-utils.lib.eachDefaultSystem (
+      system: let
+        pkgs = import nixpkgs {inherit system;};
+      in {
+        default = pkgs.mkShell {
+          buildInputs = [
+            nixos-generators.packages.${system}.nixos-generate
+            pkgs.just
+          ];
+          shellHook = ''
+            echo "💚 Devshell ready: nixos-generate, just available."
+          '';
+        };
+      }
+    );
+  };
 }

justfile

@@ -1,25 +1,37 @@
-REMOTE_HOST := "root@10.1.1.163"
+# Default command: lists all available just commands
+default:
+    just --list
 
+# Rebuild the local NixOS system using a flake configuration
 rebuild:
-    nixos-rebuild switch --flake .#btc-pay-server --extra-experimental-features 'nix-command flakes'
+    nixos-rebuild switch --flake .#btc-pay-server
 
+# Build the NixOS system configuration without switching
 build:
     nix build .#nixosConfigurations.btc-pay-server.config.system.build.toplevel
 
-deploy:
-    nixos-rebuild switch --flake .#btc-pay-server --target-host {{REMOTE_HOST}} --option experimental-features "nix-command flakes"
+# Deploy (rebuild) the NixOS system on the remote host
+# Usage: just deploy root@10.1.1.163
+deploy host:
+    nixos-rebuild switch --fast --flake .#btc-pay-server --target-host {{host}} --build-host {{host}} --use-remote-sudo
 
-status:
-    ssh {{REMOTE_HOST}} "systemctl status bitcoind btcpayserver"
+# Check the status of bitcoind and btcpayserver services on the remote host
+# Usage: just status root@10.1.1.163
+status host:
+    ssh {{host}} "systemctl status bitcoind btcpayserver"
 
+# Encrypt the secrets.yaml file in place using sops
 encrypt-secrets:
     sops -e -i secrets.yaml
 
+# Open the secrets.yaml file for editing with sops
 edit-secrets:
     sops secrets.yaml
 
+# Open a developer shell with the nix flake's environment
 shell:
     nix develop
 
+# Open a PostgreSQL client to the local nbxplorer database
 psql:
     psql -h localhost -U nbxplorer -d nbxplorer

modules/bitcoind/default.nix

@@ -1,34 +0,0 @@
-{ config, specialConfig, lib, pkgs, ... }:
-{
-    #################################
-    # Bitcoin Core (bitcoind)
-    #################################
-    services.bitcoind = {
-      enable = true;
-      address = "0.0.0.0";
-      port = 23002;
-      listen = true;
-      listenWhitelisted = true;
-      whitelistedPort = 8335;
-      # dataDir = "/var/lib/bitcoind";
-      rpc = {
-        address = "0.0.0.0";
-        port = 8332;
-        threads = 4;
-        allowip = [
-          "0.0.0.0"
-        ];
-      };
-      regtest = false;
-      # network = "regtest"; # or "mainnet"
-      dataDirReadableByGroup = false;
-      disablewallet = null;
-      dbCache = 4000;
-      prune = 10000;
-      # txindex = true;
-      zmqpubrawblock = "tcp://0.0.0.0:28332";
-      zmqpubrawtx = "tcp://0.0.0.0:28333";
-      user = "bitcoind";
-      group = "bitcoind";
-    };
-}

modules/btcpay/default.nix

@@ -1,18 +0,0 @@
-{ config, specialConfig, lib, pkgs, ... }:
-{
-
-    nix-bitcoin.generateSecrets = true;
-    # nix-bitcoin.secretsDir = "/var/lib/secrets";
-    services.btcpayserver = {
-      enable = true;
-      address = "0.0.0.0";
-      port = 23000;
-      # dataDir = "/var/lib/btcpayserver";
-      lbtc = true;
-      user = "btcpayserver";
-      group = "btcpayserver";
-      # If needed, direct BTCPay to same PostgreSQL:
-      # explorerpostgres = "User ID=nbxplorer;Host=localhost;Port=5432;Database=nbxplorermainnet;";
-      # Set environment variables as needed for additional DB, etc.
-    };
-}

modules/nbxplorer/default.nix

@@ -1,15 +0,0 @@
-{ config, specialConfig, lib, pkgs, ... }:
-{
-    services.nbxplorer = {
-      enable = true;
-      address = "0.0.0.0";
-      port = 24444;
-      # dataDir = "/var/lib/nbxplorer";
-      user = "nbxplorer";
-      group = "nbxplorer";
-      # Database connection string to external/local PostgreSQL:
-      # postgres = "User ID=nbxplorer;Host=0.0.0.0;Port=5432;Database=nbxplorermainnet;";
-      # chains = [ "btc" "ltc" "lbtc" ];
-      # Additional NBXplorer server args/overrides can go here.
-    };
-}

modules/postgresql/default.nix

@@ -1,19 +0,0 @@
-{ config, lib, pkgs, specialConfig, ... }:
-{
-  # Disable local postgres (so NixOS won't start or manage it)
-  services = {
-      postgresql = {
-      enable = true;
-      ensureDatabases = [ "nbxplorermainnet" "btcpaydb" ];
-      ensureUsers = [
-        { name = "nbxplorer"; ensureDBOwnership = true; }
-        { name = "btcpay"; ensureDBOwnership = true; }
-      ];
-      authentication = ''
-        local all        all                      trust
-        host  all        all     0.0.0.1/32     trust
-        host  all        all     ::1/128          trust
-      '';
-    };
-  };
-}

secrets.yaml

@@ -1,2 +0,0 @@
-nbxplorer-pg-password: >-
-  f%Rn^g!o*d0U3UjXNN&1dG&H

shell.nix

@@ -1,22 +0,0 @@
-{ pkgs ? import <nixpkgs> {} }:
-
-pkgs.mkShell {
-  buildInputs = with pkgs; [
-    just           # task runner
-    sops           # secrets management
-    postgresql     # includes psql client utility[6][9]
-    bitcoin        # Bitcoin Core CLI tools (bitcoind, bitcoin-cli)
-    curl           # For HTTP API testing
-    jq             # For manipulating test output
-    git
-    # dotnet-sdk   # IF you develop/plugins for NBXplorer, uncomment this
-  ];
-
-  shellHook = ''
-    export SSH_CONFIG_FILE="$PWD/ssh-config-dev"
-    alias ssh="ssh -F $SSH_CONFIG_FILE"
-    alias scp="scp -F $SSH_CONFIG_FILE"
-    echo "Repo-local SSH config active: using $SSH_CONFIG_FILE for ssh/scp."
-  '';
-}
-