fixed bitcoin modules, still need to fix cln

src/system/machines/server/system.nix

@@ -11,22 +11,19 @@
       bitcoin = {
         enable = true;
         electrum.enable = true;
-        clightning = {
-          enable = true;
-          rest.enable = true;
+        #clightning = {
+        #  enable = true;
+        #  rest.enable = true;
+        #};
       };
     };
   };
-  };
-
-  users.mutableUsers = false;
 
   users.users = {
     "${config.user.name}" = {
       isNormalUser = true;
       extraGroups = config.user.groups;
       openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
-      password = "123";
     };
   };
 

src/system/modules/bitcoin/config/bitcoin.conf

@@ -13,3 +13,5 @@ proxy=127.0.0.1:9050
 listen=1
 listenonion=1
 torcontrol=127.0.0.1:9051
+
+startupnotify=chmod g+r /var/lib/bitcoind/.cookie

src/system/modules/bitcoin/default.nix

@@ -28,17 +28,17 @@ in
           inherit home;
           description = "Bitcoin Core system user";
           isSystemUser = true;
-          group = "bitcoin";
+          group = "btc";
           createHome = true;
         };
         "${config.services.nginx.user}" = {
           extraGroups = mkIf nginx.enable [
-            "bitcoin"
+            "btc"
           ];
         };
       };
       groups = {
-        "bitcoin" = {
+        "btc" = {
           members = [
             "btc"
           ];
@@ -54,11 +54,16 @@ in
       "btc" = {
         enable = true;
         user = "btc";
-        group = "bitcoin";
+        group = "btc";
         configFile = ./config/bitcoin.conf;
         dataDir = home;
         pidFile = "${home}/bitcoind.pid";
       };
     };
+
+    services.tor = {
+      enable = true;
+      client.enable = true;
+    };
   };
 }

src/system/modules/bitcoin/modules/clightning/config/lightning.conf

@@ -1 +1,23 @@
-test
+alias=OrdSux
+
+daemon
+mainnet
+bitcoin-datadir=/var/lib/bitcoind
+lightning-dir=/var/lib/lightningd
+plugin-dir=/var/lib/lightningd/plugins
+
+log-file=/var/lib/lightningd/log
+log-level=info
+pid-file=/var/lib/lightning/lightningd.pid
+
+bind-addr=127.0.0.1:9734
+proxy=127.0.0.1:9050
+always-use-proxy=false
+
+large-channels
+fee-base=1000
+fee-per-satoshi=10
+min-capacity-sat=10000
+htlc-minimum-msat=0
+funding-confirms=3
+max-concurrent-htlcs=30

src/system/modules/bitcoin/modules/clightning/default.nix

@@ -39,18 +39,18 @@ in
 
     users = {
       users = {
-        "clightning" = {
-          home = "/var/lib/clightning";
+        "cln" = {
+          home = "/var/lib/lightningd";
           description = "Core Lightning system user";
           isSystemUser = true;
-          group = "bitcoin";
+          group = "btc";
           createHome = true;
         };
       };
       groups = {
-        "bitcoin" = {
-          members = mkAfter [
-            "clightning"
+        "btc" = {
+          members = [
+            "cln"
           ];
         };
       };
@@ -62,31 +62,29 @@ in
 
     systemd.services.lightningd = {
       description = "Core Lightning Daemon";
-
-      script = "${pkgs.clightning}/bin/lightningd";
-      scriptArgs = ''
-        --conf=${clnConfig}
-      '';
-
-      after = [
-        "bitcoind-btc.service"
-      ];
-
       serviceConfig = {
+        User = "cln";
+        Group = "btc";
 
-        User = "clightning";
-        Group = "bitcoin";
+        StateDirectory = "lightningd";
+        WorkingDirectory = "%S/lightningd";
+
+        ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}";
 
         Type = "simple";
         KillMode = "process";
         TimeoutSec = 60;
         Restart = "always";
-        RestartSec = 60;
+        RestartSec = 2;
       };
-      requisite = [
+
+      after = [
         "bitcoind-btc.service"
         "network.target"
       ];
+      requires = [ "bitcoind-btc.service" ];
+      partOf = [ "bitcoind-btc.service" ];
+      wantedBy = [ "multi-user.target" ];
     };
   };
 }

src/system/modules/bitcoin/modules/electrum/config/config.toml

@@ -2,13 +2,11 @@ network = "bitcoin"
 
 electrum_rpc_addr = "127.0.0.1:50001"
 
-cookie-file = "/var/lib/bitcoind/.cookie"
-
+cookie_file = "/var/lib/bitcoind/.cookie"
 db_dir = "/var/lib/electrs"
 
 log_filters = "INFO"
-timestamp = true
 
-daemon-rpc-addr = "127.0.0.1:8332"
-daemon-p2p-addr = "127.0.0.1:8333"
-daemon-dir = "/var/lib/bitcoind"
+daemon_rpc_addr = "127.0.0.1:8332"
+daemon_p2p_addr = "127.0.0.1:8333"
+daemon_dir = "/var/lib/bitcoind"

src/system/modules/bitcoin/modules/electrum/default.nix

@@ -42,13 +42,13 @@ in
           home = "/var/lib/electrs";
           description = "Electrs system user";
           isSystemUser = true;
-          group = "bitcoin";
+          group = "btc";
           createHome = true;
         };
       };
       groups = {
-        "bitcoin" = {
-          members = mkAfter [
+        "btc" = {
+          members = [
             "electrs"
           ];
         };
@@ -58,29 +58,28 @@ in
 
     systemd.services.electrs = {
       description = "Electrs Bitcoin Indexer";
-
-      script = "${pkgs.electrs}/bin/electrs";
-      scriptArgs = "--conf=${electrsConfig}";
-
-      after = [
-        "bitcoind-btc.service"
-      ];
-
       serviceConfig = {
-
         User = "electrs";
-        Group = "bitcoin";
+        Group = "btc";
+
+        StateDirectory   = "electrs";
+        WorkingDirectory = "%S/electrs";
+
+        ExecStart = "${pkgs.electrs}/bin/electrs --conf=${electrsConfig}";
 
         Type = "simple";
         KillMode = "process";
         TimeoutSec = 60;
-        Restart = "always";
-        RestartSec = 60;
+        Restart = "on-failure";
+        RestartSec = 2;
       };
-      requisite = [
-        "bitcoind-btc.service"
+      after = [
         "network.target"
+        "bitcoind-btc.service"
       ];
+      requires = [ "bitcoind-btc.service" ];
+      partOf = [ "bitcoind-btc.service" ];
+      wantedBy = [ "multi-user.target" ];
     };
   };
 }

src/system/modules/nginx/default.nix

@@ -39,8 +39,7 @@ in
       };
     };
 
-    security.acme = 
-    {
+    security.acme = {
       acceptTerms = true;
       defaults = {
         email = "${config.user.email}";
@@ -49,19 +48,15 @@ in
       };
       certs = {
         "ramos.codes" = {
-          extraDomainNames = attrNames config.services.nginx.virtualHosts;
+          extraDomainNames = [
+            "git.ramos.codes"
+            "btc.ramos.codes"
+          ];
         };
       };
     };
 
-    services.nginx = {
-      enable = true;
-      user = "nginx";
-      group = "web";
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-
-      virtualHosts = 
+    services.nginx = 
     let
       certPath = config.security.acme.certs."ramos.codes".directory;
       sslCertificate = "${certPath}/fullchain.pem";
@@ -71,8 +66,15 @@ in
         inherit sslCertificate sslCertificateKey;
         forceSSL = true;
       }) hosts;
-      in withSSL
+    in
     {
+      enable = true;
+      user = "nginx";
+      group = "web";
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+
+      virtualHosts = withSSL {
         "git.ramos.codes" = mkIf module.forgejo.enable {
           locations = {
             "/" = {
@@ -80,14 +82,22 @@ in
             };
           };
         };
-        #"btc.ramos.codes" = mkIf module.bitcoin.electrum.enable {
-        #  locations = {
-        #   "/" = {
-        #     proxyPass = "";
-        #   };
-        #  };
-        #};
       };
+
+      streamConfig = ''
+        ${lib.optionalString module.bitcoin.electrum.enable ''
+          server {
+            listen 0.0.0.0:50002 ssl;
+            proxy_pass 127.0.0.1:50001;
+
+            ssl_certificate ${sslCertificate};
+            ssl_certificate_key ${sslCertificateKey};
+          }
+        ''}
+      '';
     };
+    networking.firewall.allowedTCPPorts = [
+      50002
+    ];
   };
 }