jeirmeister/btc-pay-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Relaxing seccomp even more

Browse source
This commit is contained in:
jeirmeister 2025-09-12 13:12:50 -07:00
parent 80f18e67fb
commit 81939bd533
1 changed files with 2 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

9
flake.nix
View file

@ -33,7 +33,6 @@
nix-bitcoin.generateSecrets = true; nix-bitcoin.generateSecrets = true;
# Enable core services
services.bitcoind = { services.bitcoind = {
enable = true; enable = true;
dataDir = "/var/lib/bitcoind"; dataDir = "/var/lib/bitcoind";
@ -81,13 +80,11 @@
systemd.services.btcpayserver.serviceConfig = { systemd.services.btcpayserver.serviceConfig = {
SystemCallFilter = []; SystemCallFilter = [];
PrivateMounts = false; PrivateMounts = false;
ProtectSystem = false; ProtectSystem = lib.mkForce false; # Overrides nix-bitcoin's "strict" value
}; };
# Container mode (required for your Proxmox LXC)
boot.isContainer = true; boot.isContainer = true;
# Firewall: Open necessary ports
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
config.services.btcpayserver.port config.services.btcpayserver.port
config.services.bitcoind.port config.services.bitcoind.port
@ -95,7 +92,6 @@
22 22
]; ];
# SSH setup
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {
@ -103,20 +99,19 @@
PasswordAuthentication = false; PasswordAuthentication = false;
}; };
}; };
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
]; ];
# Suppress unnecessary units
systemd.suppressedSystemUnits = [ systemd.suppressedSystemUnits = [
"dev-mqueue.mount" "dev-mqueue.mount"
"sys-kernel-debug.mount" "sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount" "sys-fs-fuse-connections.mount"
]; ];
# State version
system.stateVersion = "25.05"; system.stateVersion = "25.05";
}) })
]; ];