diff --git a/src/system/modules/bitcoin/config/bitcoin.conf b/src/system/modules/bitcoin/config/bitcoin.conf index 641827a..c2c002c 100644 --- a/src/system/modules/bitcoin/config/bitcoin.conf +++ b/src/system/modules/bitcoin/config/bitcoin.conf @@ -3,7 +3,7 @@ server=1 mempoolfullrbf=1 v2transport=1 -rpcauth= +rpcauth=btc:a5070cab96db882e8f63cb131ce3bbfa$20c7fd4653597b0c4ffc2c47b2d5d6751a6725ff644dd0d0ffcb9bebff96b913 rpcbind=127.0.0.1 rpcallowip=127.0.0.1 diff --git a/src/system/modules/bitcoin/default.nix b/src/system/modules/bitcoin/default.nix index 6a4b89e..020045c 100644 --- a/src/system/modules/bitcoin/default.nix +++ b/src/system/modules/bitcoin/default.nix @@ -5,7 +5,7 @@ let cfg = config.modules.system.bitcoin; nginx = config.modules.system.nginx; - home = "/var/lib/bitcoind"; + home = "/var/lib/bitcoin"; bitcoinConf = pkgs.writeTextFile { name = "bitcoin.conf"; @@ -15,16 +15,10 @@ let in { options.modules.system.bitcoin = { enable = mkEnableOption "Bitcoin Server"; }; config = mkIf cfg.enable { - nixpkgs.overlays = [ - (final: prev: { - bitcoind = prev.bitcoind.overrideAttrs (old: rec { - version = "28.0"; - src = fetchTarball { - url = "https://github.com/bitcoin/bitcoin/archive/refs/tags/v${version}.tar.gz"; - sha256 = "sha256-LLtw6pMyqIJ3IWHiK4P3XoifLojB9yMNMo+MGNFGuRY="; - }; - }); - }) + modules.system.tor.enable = true; + + environment.systemPackages = with pkgs; [ + bitcoind ]; users = { @@ -34,6 +28,7 @@ in description = "Bitcoin Core system user"; isSystemUser = true; group = "bitcoin"; + extraGroups = [ "tor" ]; createHome = true; }; "nginx" = { @@ -56,7 +51,7 @@ in }; services.bitcoind = { - "btc" = { + "mainnet" = { enable = true; user = "btc"; group = "bitcoin"; @@ -65,5 +60,14 @@ in pidFile = "${home}/bitcoind.pid"; }; }; + + systemd.services.bitcoind-mainnet = { + wants = [ "tor.service" ]; + after = [ "tor.service" ]; + }; + + modules.system.backup.paths = [ + "${home}/wallets" + ]; }; } diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix new file mode 100644 index 0000000..cc175e9 --- /dev/null +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -0,0 +1,92 @@ +{ lib, pkgs, config, ... }: + +with lib; +let + cfg = config.modules.system.bitcoin.clightning; + btc = config.modules.system.bitcoin; + + clnConfig = pkgs.writeTextFile { + name = "lightning.conf"; + text = builtins.readFile ./config/lightning.conf; + }; + +in +{ options.modules.system.bitcoin.clightning = { enable = mkEnableOption "Core Lightning Server"; }; + imports = [ ./plugins ]; + config = mkIf (cfg.enable && btc.enable) { + #nixpkgs.overlays = [ + # (final: prev: { + # clightning = prev.electrs.overrideAttrs (old: rec { + # version = "24.08"; + # src = pkgs.fetchFromGitHub { + # owner = "ElementsProject"; + # repo = "lightning"; + # rev = "82f4ad68e34a2428c556e63fc2632d48a914968c"; + # hash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g"; + # }; + # cargoDeps = old.cargoDeps.overrideAttrs (lib.const { + # name = "lightning-vendor.tar.gz"; + # inherit src; + # outputHash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g="; + # }); + # }); + # }) + #]; + + environment.systemPackages = with pkgs; [ + clightning + ]; + + users = { + users = { + "clightning" = { + home = "/var/lib/clightning"; + description = "Core Lightning system user"; + isSystemUser = true; + group = "bitcoin"; + createHome = true; + }; + }; + groups = { + "bitcoin" = { + members = mkAfter [ + "clightning" + ]; + }; + }; + }; + + programs.bash.shellAliases = { + cln = "lightningd"; + }; + + systemd.services.lightningd = { + description = "Core Lightning Daemon"; + + script = "${pkgs.clightning}/bin/lightningd"; + scriptArgs = '' + --conf=${clnConfig} + ''; + + after = [ + "bitcoind-mainnet.service" + ]; + + serviceConfig = { + + User = "clightning"; + Group = "bitcoin"; + + Type = "simple"; + KillMode = "process"; + TimeoutSec = 60; + Restart = "always"; + RestartSec = 60; + }; + requisite = [ + "bitcoind-mainnet.service" + "network.target" + ]; + }; + }; +} diff --git a/src/system/modules/bitcoin/modules/electrum/default.nix b/src/system/modules/bitcoin/modules/electrum/default.nix index 9b210ce..a5b2bd0 100644 --- a/src/system/modules/bitcoin/modules/electrum/default.nix +++ b/src/system/modules/bitcoin/modules/electrum/default.nix @@ -68,7 +68,7 @@ in scriptArgs = "--conf=${electrsConfig}"; after = [ - "bitcoind-btc.service" + "bitcoind-mainnet.service" ]; serviceConfig = { @@ -83,7 +83,7 @@ in RestartSec = 60; }; requisite = [ - "bitcoind-btc.service" + "bitcoind-mainnet.service" "network.target" ]; }; diff --git a/src/system/modules/tor/default.nix b/src/system/modules/tor/default.nix new file mode 100644 index 0000000..3e984b9 --- /dev/null +++ b/src/system/modules/tor/default.nix @@ -0,0 +1,29 @@ +{ pkgs, lib, config, ... }: + +with lib; +let + cfg = config.modules.system.tor; + +in +{ + options.modules.system.tor = { + enable = mkEnableOption "Tor"; + }; + + config = mkIf cfg.enable { + services.tor = { + enable = true; + + client = { + enable = true; + # SOCKS proxy on 127.0.0.1:9050 + }; + + settings = { + ControlPort = 9051; + CookieAuthentication = true; + CookieAuthFileGroupReadable = true; + }; + }; + }; +}