diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 6597a90..ebb42bc 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -11,22 +11,19 @@ bitcoin = { enable = true; electrum.enable = true; - clightning = { - enable = true; - rest.enable = true; - }; + #clightning = { + # enable = true; + # rest.enable = true; + #}; }; }; }; - users.mutableUsers = false; - users.users = { "${config.user.name}" = { isNormalUser = true; extraGroups = config.user.groups; openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ]; - password = "123"; }; }; diff --git a/src/system/modules/bitcoin/config/bitcoin.conf b/src/system/modules/bitcoin/config/bitcoin.conf index c6769a7..85022a3 100644 --- a/src/system/modules/bitcoin/config/bitcoin.conf +++ b/src/system/modules/bitcoin/config/bitcoin.conf @@ -13,3 +13,5 @@ proxy=127.0.0.1:9050 listen=1 listenonion=1 torcontrol=127.0.0.1:9051 + +startupnotify=chmod g+r /var/lib/bitcoind/.cookie diff --git a/src/system/modules/bitcoin/default.nix b/src/system/modules/bitcoin/default.nix index f4570c4..19681c5 100644 --- a/src/system/modules/bitcoin/default.nix +++ b/src/system/modules/bitcoin/default.nix @@ -28,17 +28,17 @@ in inherit home; description = "Bitcoin Core system user"; isSystemUser = true; - group = "bitcoin"; + group = "btc"; createHome = true; }; "${config.services.nginx.user}" = { extraGroups = mkIf nginx.enable [ - "bitcoin" + "btc" ]; }; }; groups = { - "bitcoin" = { + "btc" = { members = [ "btc" ]; @@ -54,11 +54,16 @@ in "btc" = { enable = true; user = "btc"; - group = "bitcoin"; + group = "btc"; configFile = ./config/bitcoin.conf; dataDir = home; pidFile = "${home}/bitcoind.pid"; }; }; + + services.tor = { + enable = true; + client.enable = true; + }; }; } diff --git a/src/system/modules/bitcoin/modules/clightning/config/lightning.conf b/src/system/modules/bitcoin/modules/clightning/config/lightning.conf index 9daeafb..c58cb55 100644 --- a/src/system/modules/bitcoin/modules/clightning/config/lightning.conf +++ b/src/system/modules/bitcoin/modules/clightning/config/lightning.conf @@ -1 +1,23 @@ -test +alias=OrdSux + +daemon +mainnet +bitcoin-datadir=/var/lib/bitcoind +lightning-dir=/var/lib/lightningd +plugin-dir=/var/lib/lightningd/plugins + +log-file=/var/lib/lightningd/log +log-level=info +pid-file=/var/lib/lightning/lightningd.pid + +bind-addr=127.0.0.1:9734 +proxy=127.0.0.1:9050 +always-use-proxy=false + +large-channels +fee-base=1000 +fee-per-satoshi=10 +min-capacity-sat=10000 +htlc-minimum-msat=0 +funding-confirms=3 +max-concurrent-htlcs=30 diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix index 347d586..80457b6 100644 --- a/src/system/modules/bitcoin/modules/clightning/default.nix +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -39,18 +39,18 @@ in users = { users = { - "clightning" = { - home = "/var/lib/clightning"; + "cln" = { + home = "/var/lib/lightningd"; description = "Core Lightning system user"; isSystemUser = true; - group = "bitcoin"; + group = "btc"; createHome = true; }; }; groups = { - "bitcoin" = { - members = mkAfter [ - "clightning" + "btc" = { + members = [ + "cln" ]; }; }; @@ -62,31 +62,29 @@ in systemd.services.lightningd = { description = "Core Lightning Daemon"; - - script = "${pkgs.clightning}/bin/lightningd"; - scriptArgs = '' - --conf=${clnConfig} - ''; - - after = [ - "bitcoind-btc.service" - ]; - serviceConfig = { + User = "cln"; + Group = "btc"; - User = "clightning"; - Group = "bitcoin"; + StateDirectory = "lightningd"; + WorkingDirectory = "%S/lightningd"; + + ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}"; Type = "simple"; KillMode = "process"; TimeoutSec = 60; Restart = "always"; - RestartSec = 60; + RestartSec = 2; }; - requisite = [ + + after = [ "bitcoind-btc.service" "network.target" ]; + requires = [ "bitcoind-btc.service" ]; + partOf = [ "bitcoind-btc.service" ]; + wantedBy = [ "multi-user.target" ]; }; }; } diff --git a/src/system/modules/bitcoin/modules/electrum/config/config.toml b/src/system/modules/bitcoin/modules/electrum/config/config.toml index c030e25..a485ccc 100644 --- a/src/system/modules/bitcoin/modules/electrum/config/config.toml +++ b/src/system/modules/bitcoin/modules/electrum/config/config.toml @@ -2,13 +2,11 @@ network = "bitcoin" electrum_rpc_addr = "127.0.0.1:50001" -cookie-file = "/var/lib/bitcoind/.cookie" - +cookie_file = "/var/lib/bitcoind/.cookie" db_dir = "/var/lib/electrs" log_filters = "INFO" -timestamp = true -daemon-rpc-addr = "127.0.0.1:8332" -daemon-p2p-addr = "127.0.0.1:8333" -daemon-dir = "/var/lib/bitcoind" +daemon_rpc_addr = "127.0.0.1:8332" +daemon_p2p_addr = "127.0.0.1:8333" +daemon_dir = "/var/lib/bitcoind" diff --git a/src/system/modules/bitcoin/modules/electrum/default.nix b/src/system/modules/bitcoin/modules/electrum/default.nix index e1cab04..51c10d6 100644 --- a/src/system/modules/bitcoin/modules/electrum/default.nix +++ b/src/system/modules/bitcoin/modules/electrum/default.nix @@ -42,13 +42,13 @@ in home = "/var/lib/electrs"; description = "Electrs system user"; isSystemUser = true; - group = "bitcoin"; + group = "btc"; createHome = true; }; }; groups = { - "bitcoin" = { - members = mkAfter [ + "btc" = { + members = [ "electrs" ]; }; @@ -58,29 +58,28 @@ in systemd.services.electrs = { description = "Electrs Bitcoin Indexer"; - - script = "${pkgs.electrs}/bin/electrs"; - scriptArgs = "--conf=${electrsConfig}"; - - after = [ - "bitcoind-btc.service" - ]; - serviceConfig = { - User = "electrs"; - Group = "bitcoin"; + Group = "btc"; + + StateDirectory = "electrs"; + WorkingDirectory = "%S/electrs"; + + ExecStart = "${pkgs.electrs}/bin/electrs --conf=${electrsConfig}"; Type = "simple"; KillMode = "process"; TimeoutSec = 60; - Restart = "always"; - RestartSec = 60; + Restart = "on-failure"; + RestartSec = 2; }; - requisite = [ - "bitcoind-btc.service" + after = [ "network.target" + "bitcoind-btc.service" ]; + requires = [ "bitcoind-btc.service" ]; + partOf = [ "bitcoind-btc.service" ]; + wantedBy = [ "multi-user.target" ]; }; }; } diff --git a/src/system/modules/nginx/default.nix b/src/system/modules/nginx/default.nix index 6145a87..51829d3 100644 --- a/src/system/modules/nginx/default.nix +++ b/src/system/modules/nginx/default.nix @@ -39,8 +39,7 @@ in }; }; - security.acme = - { + security.acme = { acceptTerms = true; defaults = { email = "${config.user.email}"; @@ -49,30 +48,33 @@ in }; certs = { "ramos.codes" = { - extraDomainNames = attrNames config.services.nginx.virtualHosts; + extraDomainNames = [ + "git.ramos.codes" + "btc.ramos.codes" + ]; }; }; }; - services.nginx = { + services.nginx = + let + certPath = config.security.acme.certs."ramos.codes".directory; + sslCertificate = "${certPath}/fullchain.pem"; + sslCertificateKey = "${certPath}/key.pem"; + + withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // { + inherit sslCertificate sslCertificateKey; + forceSSL = true; + }) hosts; + in + { enable = true; user = "nginx"; group = "web"; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts = - let - certPath = config.security.acme.certs."ramos.codes".directory; - sslCertificate = "${certPath}/fullchain.pem"; - sslCertificateKey = "${certPath}/key.pem"; - - withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // { - inherit sslCertificate sslCertificateKey; - forceSSL = true; - }) hosts; - in withSSL - { + virtualHosts = withSSL { "git.ramos.codes" = mkIf module.forgejo.enable { locations = { "/" = { @@ -80,14 +82,22 @@ in }; }; }; - #"btc.ramos.codes" = mkIf module.bitcoin.electrum.enable { - # locations = { - # "/" = { - # proxyPass = ""; - # }; - # }; - #}; }; + + streamConfig = '' + ${lib.optionalString module.bitcoin.electrum.enable '' + server { + listen 0.0.0.0:50002 ssl; + proxy_pass 127.0.0.1:50001; + + ssl_certificate ${sslCertificate}; + ssl_certificate_key ${sslCertificateKey}; + } + ''} + ''; }; + networking.firewall.allowedTCPPorts = [ + 50002 + ]; }; }