{ description = "BTCPay server, NBXplorer, Bitcoin Core, etc. as a NixOS system/container image with disko"; inputs = { nix-bitcoin.url = "github:fort-nix/nix-bitcoin/release"; nixpkgs.follows = "nix-bitcoin/nixpkgs"; nixos-generators.url = "github:nix-community/nixos-generators"; flake-utils.url = "github:numtide/flake-utils"; disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { self, nixpkgs, nix-bitcoin, nixos-generators, flake-utils, disko, ... }: let system = "x86_64-linux"; pkgs = import nixpkgs {inherit system;}; in { nixosConfigurations.btc-pay-server = nixpkgs.lib.nixosSystem { inherit system; modules = [ nix-bitcoin.nixosModules.default disko.nixosModules.default ({ config, pkgs, lib, ... }: { nixpkgs.overlays = [nix-bitcoin.overlays.default]; nix-bitcoin.generateSecrets = true; disko.devices = { disk.root = { type = "disk"; device = "/dev/sda"; content = { type = "gpt"; partitions = { bios_boot = { size = "2M"; type = "EF02"; # BIOS boot partition (unformatted) content = null; # No filesystem }; ESP = { # Optional for hybrid, but harmless size = "512M"; type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; }; }; root = { size = "100%"; content = { type = "lvm_pv"; vg = "root_vg"; }; }; }; }; }; lvm_vg.root_vg = { type = "lvm_vg"; lvs = { root = { size = "100%FREE"; content = { type = "filesystem"; format = "ext4"; mountpoint = "/"; mountOptions = ["defaults"]; }; }; }; }; disk.data = { type = "disk"; device = "/dev/sdb"; content = { type = "gpt"; partitions = { data = { size = "100%"; type = "8300"; content = { type = "filesystem"; format = "xfs"; mountpoint = "/var/lib/bitcoind"; mountOptions = ["noatime"]; }; }; }; }; }; }; boot.loader = { grub = { enable = true; device = "/dev/sda"; # Install only on sda (avoids sdb) useOSProber = false; # Don't scan other disks }; }; services.bitcoind = { enable = true; dataDir = "/var/lib/bitcoind"; address = "0.0.0.0"; port = 23002; listen = true; listenWhitelisted = true; whitelistedPort = 8335; rpc = { address = "0.0.0.0"; port = 8332; threads = 16; allowip = ["10.1.1.0/24"]; }; regtest = false; dataDirReadableByGroup = false; disablewallet = null; dbCache = 4000; prune = 10000; zmqpubrawblock = "tcp://0.0.0.0:28332"; zmqpubrawtx = "tcp://0.0.0.0:28333"; user = "bitcoind"; group = "bitcoind"; }; services.nbxplorer = { enable = true; address = "0.0.0.0"; port = 24444; user = "nbxplorer"; group = "nbxplorer"; }; services.btcpayserver = { enable = true; address = "0.0.0.0"; port = 23000; lbtc = true; user = "btcpayserver"; group = "btcpayserver"; lightningBackend = "clightning"; }; networking.firewall.allowedTCPPorts = [ config.services.btcpayserver.port config.services.bitcoind.port config.services.nbxplorer.port 22 ]; services.openssh = { enable = true; settings = { PermitRootLogin = "prohibit-password"; PasswordAuthentication = false; }; }; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io" ]; system.stateVersion = "25.05"; }) ]; }; devShells = flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs {inherit system;}; in { default = pkgs.mkShell { buildInputs = [ nixos-generators.packages.${system}.nixos-generate pkgs.just ]; shellHook = '' echo "💚 Devshell ready: nixos-generate, just available." ''; }; }); }; }