refactor: reorganize flake structure and consolidate user config

Directory structure: - Move from src/ to root level (system/, user/) - Remove unused machines (workstation, vm, laptop) User configuration: - Add user/home.nix for shared defaults (pass, essentials, default modules) - Centralize user options in user/default.nix - Move submodules to consistent paths (bash/bash, git/git, neovim/nvim, vim/vim) Module reorganization: - Flatten nested module structures (remove /modules/ subdirs) - Split CLI vs GUI tools (dev/ for CLI, gui/dev/ for GUI) - Move neovim/vim to top-level modules (not under utils/) - Remove security.enable - pass now in user/home.nix - Remove utils.enable - essentials now in user/home.nix - Add security/yubikey module with yubikey-manager, age-plugin-yubikey - Move pcb, design to gui/dev/ - Replace penpot docker wrapper with nixpkgs penpot-desktop - Remove i3 config - Remove deprecated wsl.nativeSystemd option GUI improvements: - Browser-focused mimeApps in gui/default.nix - Each WM handles its own auto-start via profileExtra Cleanup: - Update README with new structure - Update justfile paths and valid systems - Fix submodule paths in .gitmodules
2026-03-23 16:29:42 -04:00 · 2026-03-14 15:26:18 -04:00 · 2026-03-14 15:26:18 -04:00 · 14efa80cab
commit 14efa80cab
parent ac95d1c23d
141 changed files with 505 additions and 1561 deletions
--- a/system/machines/server/modules/bitcoin/default.nix
+++ b/system/machines/server/modules/bitcoin/default.nix
@ -0,0 +1,80 @@
+{ pkgs, lib, config, ... }:
+
+with lib;
+let
+  cfg = config.modules.system.bitcoin;
+  nginx = config.modules.system.nginx;
+
+  home = "/var/lib/bitcoin";
+
+  bitcoinConf = pkgs.writeTextFile {
+    name = "bitcoin.conf";
+    text = builtins.readFile ./config/bitcoin.conf;
+  };
+
+in
+{ options.modules.system.bitcoin = { enable = mkEnableOption "Bitcoin Server"; };
+  config = mkIf cfg.enable {
+    modules.system.tor.enable = true;
+
+    environment.systemPackages = with pkgs; [
+      bitcoind
+    ];
+
+    users = {
+      users = {
+        "btc" = {
+          inherit home;
+          description = "Bitcoin Core system user";
+          isSystemUser = true;
+          group = "bitcoin";
+          extraGroups = [ "tor" ];
+          createHome = true;
+        };
+        "nginx" = {
+          extraGroups = mkIf nginx.enable [
+            "bitcoin"
+          ];
+        };
+      };
+      groups = {
+        "bitcoin" = {
+          members = [
+            "btc"
+            config.user.name
+          ];
+        };
+      };
+    };
+
+    programs.bash.shellAliases = {
+      btc = "bitcoin-cli";
+    };
+
+    services.bitcoind = {
+      "mainnet" = {
+        enable = true;
+        user = "btc";
+        group = "bitcoin";
+        configFile = bitcoinConf;
+        dataDir = home;
+        pidFile = "${home}/bitcoind.pid";
+      };
+    };
+
+    # Make data dir group-accessible so electrs/clightning can read cookie
+    systemd.tmpfiles.rules = [
+      "d ${home} 0750 btc bitcoin -"
+    ];
+
+    systemd.services.bitcoind-mainnet = {
+      wants = [ "tor.service" ];
+      after = [ "tor.service" ];
+      serviceConfig.ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/tor";
+    };
+
+    modules.system.backup.paths = [
+      "${home}/wallets"
+    ];
+  };
+}