jeirmeister/btc-pay-server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Correction to network

Browse source
This commit is contained in:
jeirmeister 2025-09-12 12:57:05 -07:00
parent 816ecc0d23
commit b18c144017
1 changed files with 89 additions and 135 deletions
Download patch file Download diff file Expand all files Collapse all files

224
flake.nix
View file

@ -1,139 +1,93 @@
{ ({
description = "BTCPay server, NBXplorer, Bitcoin Core, etc. as a NixOS system/container image"; config,
pkgs,
lib,
...
}: {
nixpkgs.overlays = [nix-bitcoin.overlays.default];
inputs = { nix-bitcoin.generateSecrets = true;
nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release";
nixpkgs.follows = "nix-bitcoin/nixpkgs";
nixos-generators.url = "github:nix-community/nixos-generators";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { # Enable core services
self, services.bitcoind = {
nixpkgs, enable = true;
nix-bitcoin, dataDir = "/var/lib/bitcoind"; # Explicitly set to your existing path (it's the default, but this confirms reuse)
nixos-generators, address = "0.0.0.0";
flake-utils, port = 23002;
... listen = true;
}: let listenWhitelisted = true;
system = "x86_64-linux"; whitelistedPort = 8335;
pkgs = import nixpkgs {inherit system;}; rpc = {
in { address = "0.0.0.0";
nixosConfigurations.btc-pay-server = nixpkgs.lib.nixosSystem { port = 8332;
inherit system; threads = 16;
modules = [ allowip = ["10.1.1.0/24"]; # Adjust if needed
nix-bitcoin.nixosModules.default
({
config,
pkgs,
lib,
...
}: {
nixpkgs.overlays = [nix-bitcoin.overlays.default];
nix-bitcoin.generateSecrets = true;
# Enable core services
services.bitcoind = {
enable = true;
dataDir = "/var/lib/bitcoind"; # Explicitly set to your existing path (it's the default, but this confirms reuse)
address = "0.0.0.0";
port = 23002;
listen = true;
listenWhitelisted = true;
whitelistedPort = 8335;
rpc = {
address = "0.0.0.0";
port = 8332;
threads = 16;
allowip = ["10.1.1.0/24"]; # Adjust if needed
};
regtest = false;
network = "mainnet";
dataDirReadableByGroup = false;
disablewallet = null;
dbCache = 4000;
prune = 10000; # Matches your existing bitcoin.conf; set to 0 to disable pruning (needs more disk space)
zmqpubrawblock = "tcp://0.0.0.0:28332";
zmqpubrawtx = "tcp://0.0.0.0:28333";
user = "bitcoind";
group = "bitcoind";
};
services.nbxplorer = {
enable = true;
address = "0.0.0.0";
port = 24444;
user = "nbxplorer";
group = "nbxplorer";
};
services.btcpayserver = {
enable = true;
address = "0.0.0.0";
port = 23000;
lbtc = true; # If you want Liquid support
user = "btcpayserver";
group = "btcpayserver";
lightningBackend = "clightning"; # Or "lnd"
};
# PostgreSQL is handled automatically by nix-bitcoin's BTCPay module
# No need for custom postgresql module
# Container mode (if desired; test without first)
boot.isContainer = true;
# Firewall: Open necessary ports
networking.firewall.allowedTCPPorts = [
config.services.btcpayserver.port
config.services.bitcoind.port
config.services.nbxplorer.port
22 # SSH
];
# SSH setup
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
];
# Suppress unnecessary units (as in your original)
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
# State version
system.stateVersion = "25.05";
})
];
}; };
regtest = false;
# Your devShell remains the same # Remove this line: network = "mainnet"; # nix-bitcoin sets it by default
devShells = flake-utils.lib.eachDefaultSystem ( dataDirReadableByGroup = false;
system: let disablewallet = null;
pkgs = import nixpkgs {inherit system;}; dbCache = 4000;
in { prune = 10000; # Matches your existing bitcoin.conf; set to 0 to disable pruning (needs more disk space)
default = pkgs.mkShell { zmqpubrawblock = "tcp://0.0.0.0:28332";
buildInputs = [ zmqpubrawtx = "tcp://0.0.0.0:28333";
nixos-generators.packages.${system}.nixos-generate user = "bitcoind";
pkgs.just group = "bitcoind";
];
shellHook = ''
echo "💚 Devshell ready: nixos-generate, just available."
'';
};
}
);
}; };
}
services.nbxplorer = {
enable = true;
address = "0.0.0.0";
port = 24444;
user = "nbxplorer";
group = "nbxplorer";
};
services.btcpayserver = {
enable = true;
address = "0.0.0.0";
port = 23000;
lbtc = true; # If you want Liquid support
user = "btcpayserver";
group = "btcpayserver";
lightningBackend = "clightning"; # Or "lnd"
};
# PostgreSQL is handled automatically by nix-bitcoin's BTCPay module
# No need for custom postgresql module
# Container mode (if desired; test without first)
boot.isContainer = true;
# Firewall: Open necessary ports
networking.firewall.allowedTCPPorts = [
config.services.btcpayserver.port
config.services.bitcoind.port
config.services.nbxplorer.port
22 # SSH
];
# SSH setup
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
];
# Suppress unnecessary units (as in your original)
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
# State version
system.stateVersion = "25.05";
})