93 lines
2.5 KiB
Nix
93 lines
2.5 KiB
Nix
({
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}: {
|
|
nixpkgs.overlays = [nix-bitcoin.overlays.default];
|
|
|
|
nix-bitcoin.generateSecrets = true;
|
|
|
|
# Enable core services
|
|
services.bitcoind = {
|
|
enable = true;
|
|
dataDir = "/var/lib/bitcoind"; # Explicitly set to your existing path (it's the default, but this confirms reuse)
|
|
address = "0.0.0.0";
|
|
port = 23002;
|
|
listen = true;
|
|
listenWhitelisted = true;
|
|
whitelistedPort = 8335;
|
|
rpc = {
|
|
address = "0.0.0.0";
|
|
port = 8332;
|
|
threads = 16;
|
|
allowip = ["10.1.1.0/24"]; # Adjust if needed
|
|
};
|
|
regtest = false;
|
|
# Remove this line: network = "mainnet"; # nix-bitcoin sets it by default
|
|
dataDirReadableByGroup = false;
|
|
disablewallet = null;
|
|
dbCache = 4000;
|
|
prune = 10000; # Matches your existing bitcoin.conf; set to 0 to disable pruning (needs more disk space)
|
|
zmqpubrawblock = "tcp://0.0.0.0:28332";
|
|
zmqpubrawtx = "tcp://0.0.0.0:28333";
|
|
user = "bitcoind";
|
|
group = "bitcoind";
|
|
};
|
|
|
|
services.nbxplorer = {
|
|
enable = true;
|
|
address = "0.0.0.0";
|
|
port = 24444;
|
|
user = "nbxplorer";
|
|
group = "nbxplorer";
|
|
};
|
|
|
|
services.btcpayserver = {
|
|
enable = true;
|
|
address = "0.0.0.0";
|
|
port = 23000;
|
|
lbtc = true; # If you want Liquid support
|
|
user = "btcpayserver";
|
|
group = "btcpayserver";
|
|
lightningBackend = "clightning"; # Or "lnd"
|
|
};
|
|
|
|
# PostgreSQL is handled automatically by nix-bitcoin's BTCPay module
|
|
# No need for custom postgresql module
|
|
|
|
# Container mode (if desired; test without first)
|
|
boot.isContainer = true;
|
|
|
|
# Firewall: Open necessary ports
|
|
networking.firewall.allowedTCPPorts = [
|
|
config.services.btcpayserver.port
|
|
config.services.bitcoind.port
|
|
config.services.nbxplorer.port
|
|
22 # SSH
|
|
];
|
|
|
|
# SSH setup
|
|
services.openssh = {
|
|
enable = true;
|
|
settings = {
|
|
PermitRootLogin = "prohibit-password";
|
|
PasswordAuthentication = false;
|
|
};
|
|
};
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPs/pdZLlCbv0vgtFA4hHGuWz1EeSn2kKhBJthlZ5lww devnix"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDw6ilma4321EdQvguZKA7ijn9xF9QlfMfkES4bGCLTp jeirmeister@devnix-t470"
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAaV7JtUWkWrjo5FfCcpTCCEY/OJ+T1mJOLbe4avg0XH sysadmin@skrybit.io"
|
|
];
|
|
|
|
# Suppress unnecessary units (as in your original)
|
|
systemd.suppressedSystemUnits = [
|
|
"dev-mqueue.mount"
|
|
"sys-kernel-debug.mount"
|
|
"sys-fs-fuse-connections.mount"
|
|
];
|
|
|
|
# State version
|
|
system.stateVersion = "25.05";
|
|
})
|