bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-03-24 00:29:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

fixed bitcoin modules, still need to fix cln

Browse source
This commit is contained in:
Bryan Ramos 2025-07-06 14:35:34 -04:00
parent d3baf7c8e2
commit 2d0612752d
Signed by: bryan
GPG key ID: 6ABDCD144D6643C8
8 changed files with 109 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/system/machines/server/system.nix
View file

@ -11,22 +11,19 @@
bitcoin = { bitcoin = {
enable = true; enable = true;
electrum.enable = true; electrum.enable = true;
clightning = { #clightning = {
enable = true; # enable = true;
rest.enable = true; # rest.enable = true;
}; #};
}; };
}; };
}; };
users.mutableUsers = false;
users.users = { users.users = {
"${config.user.name}" = { "${config.user.name}" = {
isNormalUser = true; isNormalUser = true;
extraGroups = config.user.groups; extraGroups = config.user.groups;
openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ]; openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
password = "123";
}; };
}; };

2
src/system/modules/bitcoin/config/bitcoin.conf
View file

@ -13,3 +13,5 @@ proxy=127.0.0.1:9050
listen=1 listen=1
listenonion=1 listenonion=1
torcontrol=127.0.0.1:9051 torcontrol=127.0.0.1:9051
startupnotify=chmod g+r /var/lib/bitcoind/.cookie

13
src/system/modules/bitcoin/default.nix
View file

@ -28,17 +28,17 @@ in
inherit home; inherit home;
description = "Bitcoin Core system user"; description = "Bitcoin Core system user";
isSystemUser = true; isSystemUser = true;
group = "bitcoin"; group = "btc";
createHome = true; createHome = true;
}; };
"${config.services.nginx.user}" = { "${config.services.nginx.user}" = {
extraGroups = mkIf nginx.enable [ extraGroups = mkIf nginx.enable [
"bitcoin" "btc"
]; ];
}; };
}; };
groups = { groups = {
"bitcoin" = { "btc" = {
members = [ members = [
"btc" "btc"
]; ];
@ -54,11 +54,16 @@ in
"btc" = { "btc" = {
enable = true; enable = true;
user = "btc"; user = "btc";
group = "bitcoin"; group = "btc";
configFile = ./config/bitcoin.conf; configFile = ./config/bitcoin.conf;
dataDir = home; dataDir = home;
pidFile = "${home}/bitcoind.pid"; pidFile = "${home}/bitcoind.pid";
}; };
}; };
services.tor = {
enable = true;
client.enable = true;
};
}; };
} }

24
src/system/modules/bitcoin/modules/clightning/config/lightning.conf
View file

@ -1 +1,23 @@
test alias=OrdSux
daemon
mainnet
bitcoin-datadir=/var/lib/bitcoind
lightning-dir=/var/lib/lightningd
plugin-dir=/var/lib/lightningd/plugins
log-file=/var/lib/lightningd/log
log-level=info
pid-file=/var/lib/lightning/lightningd.pid
bind-addr=127.0.0.1:9734
proxy=127.0.0.1:9050
always-use-proxy=false
large-channels
fee-base=1000
fee-per-satoshi=10
min-capacity-sat=10000
htlc-minimum-msat=0
funding-confirms=3
max-concurrent-htlcs=30

38
src/system/modules/bitcoin/modules/clightning/default.nix
View file

@ -39,18 +39,18 @@ in
users = { users = {
users = { users = {
"clightning" = { "cln" = {
home = "/var/lib/clightning"; home = "/var/lib/lightningd";
description = "Core Lightning system user"; description = "Core Lightning system user";
isSystemUser = true; isSystemUser = true;
group = "bitcoin"; group = "btc";
createHome = true; createHome = true;
}; };
}; };
groups = { groups = {
"bitcoin" = { "btc" = {
members = mkAfter [ members = [
"clightning" "cln"
]; ];
}; };
}; };
@ -62,31 +62,29 @@ in
systemd.services.lightningd = { systemd.services.lightningd = {
description = "Core Lightning Daemon"; description = "Core Lightning Daemon";
script = "${pkgs.clightning}/bin/lightningd";
scriptArgs = ''
--conf=${clnConfig}
'';
after = [
"bitcoind-btc.service"
];
serviceConfig = { serviceConfig = {
User = "cln";
Group = "btc";
User = "clightning"; StateDirectory = "lightningd";
Group = "bitcoin"; WorkingDirectory = "%S/lightningd";
ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}";
Type = "simple"; Type = "simple";
KillMode = "process"; KillMode = "process";
TimeoutSec = 60; TimeoutSec = 60;
Restart = "always"; Restart = "always";
RestartSec = 60; RestartSec = 2;
}; };
requisite = [
after = [
"bitcoind-btc.service" "bitcoind-btc.service"
"network.target" "network.target"
]; ];
requires = [ "bitcoind-btc.service" ];
partOf = [ "bitcoind-btc.service" ];
wantedBy = [ "multi-user.target" ];
}; };
}; };
} }

10
src/system/modules/bitcoin/modules/electrum/config/config.toml
View file

@ -2,13 +2,11 @@ network = "bitcoin"
electrum_rpc_addr = "127.0.0.1:50001" electrum_rpc_addr = "127.0.0.1:50001"
cookie-file = "/var/lib/bitcoind/.cookie" cookie_file = "/var/lib/bitcoind/.cookie"
db_dir = "/var/lib/electrs" db_dir = "/var/lib/electrs"
log_filters = "INFO" log_filters = "INFO"
timestamp = true
daemon-rpc-addr = "127.0.0.1:8332" daemon_rpc_addr = "127.0.0.1:8332"
daemon-p2p-addr = "127.0.0.1:8333" daemon_p2p_addr = "127.0.0.1:8333"
daemon-dir = "/var/lib/bitcoind" daemon_dir = "/var/lib/bitcoind"

33
src/system/modules/bitcoin/modules/electrum/default.nix
View file

@ -42,13 +42,13 @@ in
home = "/var/lib/electrs"; home = "/var/lib/electrs";
description = "Electrs system user"; description = "Electrs system user";
isSystemUser = true; isSystemUser = true;
group = "bitcoin"; group = "btc";
createHome = true; createHome = true;
}; };
}; };
groups = { groups = {
"bitcoin" = { "btc" = {
members = mkAfter [ members = [
"electrs" "electrs"
]; ];
}; };
@ -58,29 +58,28 @@ in
systemd.services.electrs = { systemd.services.electrs = {
description = "Electrs Bitcoin Indexer"; description = "Electrs Bitcoin Indexer";
script = "${pkgs.electrs}/bin/electrs";
scriptArgs = "--conf=${electrsConfig}";
after = [
"bitcoind-btc.service"
];
serviceConfig = { serviceConfig = {
User = "electrs"; User = "electrs";
Group = "bitcoin"; Group = "btc";
StateDirectory = "electrs";
WorkingDirectory = "%S/electrs";
ExecStart = "${pkgs.electrs}/bin/electrs --conf=${electrsConfig}";
Type = "simple"; Type = "simple";
KillMode = "process"; KillMode = "process";
TimeoutSec = 60; TimeoutSec = 60;
Restart = "always"; Restart = "on-failure";
RestartSec = 60; RestartSec = 2;
}; };
requisite = [ after = [
"bitcoind-btc.service"
"network.target" "network.target"
"bitcoind-btc.service"
]; ];
requires = [ "bitcoind-btc.service" ];
partOf = [ "bitcoind-btc.service" ];
wantedBy = [ "multi-user.target" ];
}; };
}; };
} }

56
src/system/modules/nginx/default.nix
View file

@ -39,8 +39,7 @@ in
}; };
}; };
security.acme = security.acme = {
{
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {
email = "${config.user.email}"; email = "${config.user.email}";
@ -49,30 +48,33 @@ in
}; };
certs = { certs = {
"ramos.codes" = { "ramos.codes" = {
extraDomainNames = attrNames config.services.nginx.virtualHosts; extraDomainNames = [
"git.ramos.codes"
"btc.ramos.codes"
];
}; };
}; };
}; };
services.nginx = { services.nginx =
let
certPath = config.security.acme.certs."ramos.codes".directory;
sslCertificate = "${certPath}/fullchain.pem";
sslCertificateKey = "${certPath}/key.pem";
withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // {
inherit sslCertificate sslCertificateKey;
forceSSL = true;
}) hosts;
in
{
enable = true; enable = true;
user = "nginx"; user = "nginx";
group = "web"; group = "web";
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = virtualHosts = withSSL {
let
certPath = config.security.acme.certs."ramos.codes".directory;
sslCertificate = "${certPath}/fullchain.pem";
sslCertificateKey = "${certPath}/key.pem";
withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // {
inherit sslCertificate sslCertificateKey;
forceSSL = true;
}) hosts;
in withSSL
{
"git.ramos.codes" = mkIf module.forgejo.enable { "git.ramos.codes" = mkIf module.forgejo.enable {
locations = { locations = {
"/" = { "/" = {
@ -80,14 +82,22 @@ in
}; };
}; };
}; };
#"btc.ramos.codes" = mkIf module.bitcoin.electrum.enable {
# locations = {
# "/" = {
# proxyPass = "";
# };
# };
#};
}; };
streamConfig = ''
${lib.optionalString module.bitcoin.electrum.enable ''
server {
listen 0.0.0.0:50002 ssl;
proxy_pass 127.0.0.1:50001;
ssl_certificate ${sslCertificate};
ssl_certificate_key ${sslCertificateKey};
}
''}
'';
}; };
networking.firewall.allowedTCPPorts = [
50002
];
}; };
} }