diff --git a/flake.nix b/flake.nix index 9a597ce..1910011 100644 --- a/flake.nix +++ b/flake.nix @@ -1,139 +1,93 @@ -{ - description = "BTCPay server, NBXplorer, Bitcoin Core, etc. as a NixOS system/container image"; +({ + config, + pkgs, + lib, + ... +}: { + nixpkgs.overlays = [nix-bitcoin.overlays.default]; - inputs = { - nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release"; - nixpkgs.follows = "nix-bitcoin/nixpkgs"; - nixos-generators.url = "github:nix-community/nixos-generators"; - flake-utils.url = "github:numtide/flake-utils"; - }; + nix-bitcoin.generateSecrets = true; - outputs = { - self, - nixpkgs, - nix-bitcoin, - nixos-generators, - flake-utils, - ... - }: let - system = "x86_64-linux"; - pkgs = import nixpkgs {inherit system;}; - in { - nixosConfigurations.btc-pay-server = nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - nix-bitcoin.nixosModules.default - ({ - config, - pkgs, - lib, - ... - }: { - nixpkgs.overlays = [nix-bitcoin.overlays.default]; - - nix-bitcoin.generateSecrets = true; - - # Enable core services - services.bitcoind = { - enable = true; - dataDir = "/var/lib/bitcoind"; # Explicitly set to your existing path (it's the default, but this confirms reuse) - address = "0.0.0.0"; - port = 23002; - listen = true; - listenWhitelisted = true; - whitelistedPort = 8335; - rpc = { - address = "0.0.0.0"; - port = 8332; - threads = 16; - allowip = ["10.1.1.0/24"]; # Adjust if needed - }; - regtest = false; - network = "mainnet"; - dataDirReadableByGroup = false; - disablewallet = null; - dbCache = 4000; - prune = 10000; # Matches your existing bitcoin.conf; set to 0 to disable pruning (needs more disk space) - zmqpubrawblock = "tcp://0.0.0.0:28332"; - zmqpubrawtx = "tcp://0.0.0.0:28333"; - user = "bitcoind"; - group = "bitcoind"; - }; - - services.nbxplorer = { - enable = true; - address = "0.0.0.0"; - port = 24444; - user = "nbxplorer"; - group = "nbxplorer"; - }; - - services.btcpayserver = { - enable = true; - address = "0.0.0.0"; - port = 23000; - lbtc = true; # If you want Liquid support - user = "btcpayserver"; - group = "btcpayserver"; - lightningBackend = "clightning"; # Or "lnd" - }; - - # PostgreSQL is handled automatically by nix-bitcoin's BTCPay module - # No need for custom postgresql module - - # Container mode (if desired; test without first) - boot.isContainer = true; - - # Firewall: Open necessary ports - networking.firewall.allowedTCPPorts = [ - config.services.btcpayserver.port - config.services.bitcoind.port - config.services.nbxplorer.port - 22 # SSH - ]; - - # SSH setup - services.openssh = { - enable = true; - settings = { - PermitRootLogin = "prohibit-password"; - PasswordAuthentication = false; - }; - }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io" - ]; - - # Suppress unnecessary units (as in your original) - systemd.suppressedSystemUnits = [ - "dev-mqueue.mount" - "sys-kernel-debug.mount" - "sys-fs-fuse-connections.mount" - ]; - - # State version - system.stateVersion = "25.05"; - }) - ]; + # Enable core services + services.bitcoind = { + enable = true; + dataDir = "/var/lib/bitcoind"; # Explicitly set to your existing path (it's the default, but this confirms reuse) + address = "0.0.0.0"; + port = 23002; + listen = true; + listenWhitelisted = true; + whitelistedPort = 8335; + rpc = { + address = "0.0.0.0"; + port = 8332; + threads = 16; + allowip = ["10.1.1.0/24"]; # Adjust if needed }; - - # Your devShell remains the same - devShells = flake-utils.lib.eachDefaultSystem ( - system: let - pkgs = import nixpkgs {inherit system;}; - in { - default = pkgs.mkShell { - buildInputs = [ - nixos-generators.packages.${system}.nixos-generate - pkgs.just - ]; - shellHook = '' - echo "💚 Devshell ready: nixos-generate, just available." - ''; - }; - } - ); + regtest = false; + # Remove this line: network = "mainnet"; # nix-bitcoin sets it by default + dataDirReadableByGroup = false; + disablewallet = null; + dbCache = 4000; + prune = 10000; # Matches your existing bitcoin.conf; set to 0 to disable pruning (needs more disk space) + zmqpubrawblock = "tcp://0.0.0.0:28332"; + zmqpubrawtx = "tcp://0.0.0.0:28333"; + user = "bitcoind"; + group = "bitcoind"; }; -} + + services.nbxplorer = { + enable = true; + address = "0.0.0.0"; + port = 24444; + user = "nbxplorer"; + group = "nbxplorer"; + }; + + services.btcpayserver = { + enable = true; + address = "0.0.0.0"; + port = 23000; + lbtc = true; # If you want Liquid support + user = "btcpayserver"; + group = "btcpayserver"; + lightningBackend = "clightning"; # Or "lnd" + }; + + # PostgreSQL is handled automatically by nix-bitcoin's BTCPay module + # No need for custom postgresql module + + # Container mode (if desired; test without first) + boot.isContainer = true; + + # Firewall: Open necessary ports + networking.firewall.allowedTCPPorts = [ + config.services.btcpayserver.port + config.services.bitcoind.port + config.services.nbxplorer.port + 22 # SSH + ]; + + # SSH setup + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + }; + }; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io" + ]; + + # Suppress unnecessary units (as in your original) + systemd.suppressedSystemUnits = [ + "dev-mqueue.mount" + "sys-kernel-debug.mount" + "sys-fs-fuse-connections.mount" + ]; + + # State version + system.stateVersion = "25.05"; +})