From dab93c5ee0d9597c529b7463ad51de1eb80d8778 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Sun, 8 Mar 2026 11:04:30 -0400 Subject: [PATCH] revert server modules to pre-merge state Server work (frigate, bitcoin/clightning, forgejo, nginx) was merged before ready. Reverts these to de56423 state. Work is preserved on branches: cameras, lightning, server, bitcoind. --- src/system/machines/server/system.nix | 18 +-- .../modules/bitcoin/config/bitcoin.conf | 6 +- src/system/modules/bitcoin/default.nix | 26 ++--- .../modules/clightning/config/lightning.conf | 23 ---- .../bitcoin/modules/clightning/default.nix | 90 --------------- .../plugins/c-lightning-REST/default.nix | 35 ------ .../modules/clightning/plugins/default.nix | 5 - .../modules/electrum/config/config.toml | 10 +- .../bitcoin/modules/electrum/default.nix | 56 +++++----- src/system/modules/forgejo/default.nix | 22 +--- src/system/modules/frigate/default.nix | 100 ----------------- src/system/modules/nginx/default.nix | 104 ++++++++---------- 12 files changed, 107 insertions(+), 388 deletions(-) delete mode 100644 src/system/modules/bitcoin/modules/clightning/config/lightning.conf delete mode 100644 src/system/modules/bitcoin/modules/clightning/default.nix delete mode 100644 src/system/modules/bitcoin/modules/clightning/plugins/c-lightning-REST/default.nix delete mode 100644 src/system/modules/bitcoin/modules/clightning/plugins/default.nix delete mode 100644 src/system/modules/frigate/default.nix diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index a66d221..3f51b82 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -8,25 +8,18 @@ system = { nginx.enable = true; forgejo.enable = true; - frigate.enable = true; bitcoin = { enable = true; electrum.enable = true; - #clightning = { - # enable = true; - # rest.enable = true; - #}; }; }; }; - users.mutableUsers = false; users.users = { - "${config.user.name}" = { + ${config.user.name} = { isNormalUser = true; extraGroups = config.user.groups; openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ]; - password = "123"; }; }; @@ -69,7 +62,7 @@ fonts.packages = with pkgs; [ terminus_font - nerd-fonts.terminess-ttf + terminus-nerdfont ]; security.sudo = { @@ -109,13 +102,6 @@ }; }; - - virtualisation.vmVariant = { - virtualisation.forwardPorts = [ - { from = "host"; host.port = 5000; guest.port = 5000; } - ]; - }; - services.openssh = { enable = true; startWhenNeeded = true; diff --git a/src/system/modules/bitcoin/config/bitcoin.conf b/src/system/modules/bitcoin/config/bitcoin.conf index 85022a3..641827a 100644 --- a/src/system/modules/bitcoin/config/bitcoin.conf +++ b/src/system/modules/bitcoin/config/bitcoin.conf @@ -1,7 +1,10 @@ server=1 +mempoolfullrbf=1 v2transport=1 +rpcauth= + rpcbind=127.0.0.1 rpcallowip=127.0.0.1 @@ -13,5 +16,4 @@ proxy=127.0.0.1:9050 listen=1 listenonion=1 torcontrol=127.0.0.1:9051 - -startupnotify=chmod g+r /var/lib/bitcoind/.cookie +torenablecircuit=1 diff --git a/src/system/modules/bitcoin/default.nix b/src/system/modules/bitcoin/default.nix index 19681c5..6a4b89e 100644 --- a/src/system/modules/bitcoin/default.nix +++ b/src/system/modules/bitcoin/default.nix @@ -7,16 +7,21 @@ let home = "/var/lib/bitcoind"; + bitcoinConf = pkgs.writeTextFile { + name = "bitcoin.conf"; + text = builtins.readFile ./config/bitcoin.conf; + }; + in { options.modules.system.bitcoin = { enable = mkEnableOption "Bitcoin Server"; }; config = mkIf cfg.enable { nixpkgs.overlays = [ (final: prev: { bitcoind = prev.bitcoind.overrideAttrs (old: rec { - version = "29.0"; + version = "28.0"; src = fetchTarball { url = "https://github.com/bitcoin/bitcoin/archive/refs/tags/v${version}.tar.gz"; - sha256 = "sha256-XvoqYA5RYXbOjeidxV4Wxb8DhYv6Hz510XNMhmWkV1Y="; + sha256 = "sha256-LLtw6pMyqIJ3IWHiK4P3XoifLojB9yMNMo+MGNFGuRY="; }; }); }) @@ -28,17 +33,17 @@ in inherit home; description = "Bitcoin Core system user"; isSystemUser = true; - group = "btc"; + group = "bitcoin"; createHome = true; }; - "${config.services.nginx.user}" = { + "nginx" = { extraGroups = mkIf nginx.enable [ - "btc" + "bitcoin" ]; }; }; groups = { - "btc" = { + "bitcoin" = { members = [ "btc" ]; @@ -54,16 +59,11 @@ in "btc" = { enable = true; user = "btc"; - group = "btc"; - configFile = ./config/bitcoin.conf; + group = "bitcoin"; + configFile = bitcoinConf; dataDir = home; pidFile = "${home}/bitcoind.pid"; }; }; - - services.tor = { - enable = true; - client.enable = true; - }; }; } diff --git a/src/system/modules/bitcoin/modules/clightning/config/lightning.conf b/src/system/modules/bitcoin/modules/clightning/config/lightning.conf deleted file mode 100644 index c58cb55..0000000 --- a/src/system/modules/bitcoin/modules/clightning/config/lightning.conf +++ /dev/null @@ -1,23 +0,0 @@ -alias=OrdSux - -daemon -mainnet -bitcoin-datadir=/var/lib/bitcoind -lightning-dir=/var/lib/lightningd -plugin-dir=/var/lib/lightningd/plugins - -log-file=/var/lib/lightningd/log -log-level=info -pid-file=/var/lib/lightning/lightningd.pid - -bind-addr=127.0.0.1:9734 -proxy=127.0.0.1:9050 -always-use-proxy=false - -large-channels -fee-base=1000 -fee-per-satoshi=10 -min-capacity-sat=10000 -htlc-minimum-msat=0 -funding-confirms=3 -max-concurrent-htlcs=30 diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix deleted file mode 100644 index 80457b6..0000000 --- a/src/system/modules/bitcoin/modules/clightning/default.nix +++ /dev/null @@ -1,90 +0,0 @@ -{ lib, pkgs, config, ... }: - -with lib; -let - cfg = config.modules.system.bitcoin.clightning; - btc = config.modules.system.bitcoin; - - clnConfig = pkgs.writeTextFile { - name = "lightning.conf"; - text = builtins.readFile ./config/lightning.conf; - }; - -in -{ options.modules.system.bitcoin.clightning = { enable = mkEnableOption "Core Lightning Server"; }; - imports = [ ./plugins ]; - config = mkIf (cfg.enable && btc.enable) { - #nixpkgs.overlays = [ - # (final: prev: { - # clightning = prev.electrs.overrideAttrs (old: rec { - # version = "24.08"; - # src = pkgs.fetchFromGitHub { - # owner = "ElementsProject"; - # repo = "lightning"; - # rev = "82f4ad68e34a2428c556e63fc2632d48a914968c"; - # hash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g"; - # }; - # cargoDeps = old.cargoDeps.overrideAttrs (lib.const { - # name = "lightning-vendor.tar.gz"; - # inherit src; - # outputHash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g="; - # }); - # }); - # }) - #]; - - environment.systemPackages = with pkgs; [ - clightning - ]; - - users = { - users = { - "cln" = { - home = "/var/lib/lightningd"; - description = "Core Lightning system user"; - isSystemUser = true; - group = "btc"; - createHome = true; - }; - }; - groups = { - "btc" = { - members = [ - "cln" - ]; - }; - }; - }; - - programs.bash.shellAliases = { - cln = "lightningd"; - }; - - systemd.services.lightningd = { - description = "Core Lightning Daemon"; - serviceConfig = { - User = "cln"; - Group = "btc"; - - StateDirectory = "lightningd"; - WorkingDirectory = "%S/lightningd"; - - ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}"; - - Type = "simple"; - KillMode = "process"; - TimeoutSec = 60; - Restart = "always"; - RestartSec = 2; - }; - - after = [ - "bitcoind-btc.service" - "network.target" - ]; - requires = [ "bitcoind-btc.service" ]; - partOf = [ "bitcoind-btc.service" ]; - wantedBy = [ "multi-user.target" ]; - }; - }; -} diff --git a/src/system/modules/bitcoin/modules/clightning/plugins/c-lightning-REST/default.nix b/src/system/modules/bitcoin/modules/clightning/plugins/c-lightning-REST/default.nix deleted file mode 100644 index 3c756a5..0000000 --- a/src/system/modules/bitcoin/modules/clightning/plugins/c-lightning-REST/default.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ lib, pkgs, config, ... }: - -with lib; -let - cfg = config.modules.system.bitcoin.clightning.rest; - cln = config.modules.system.bitcoin.clightning; - -in -{ options.modules.system.bitcoin.clightning.rest = { enable = mkEnableOption "C-Lightning REST API Server"; }; - config = mkIf (cfg.enable && cln.enable) { - nixpkgs.overlays = [ - (final: prev: { - clightning-REST = prev.buildNpmPackage rec { - pname = "c-lightning-rest"; - version = "0.10.7"; - src = prev.fetchFromGitHub { - owner = "Ride-The-Lightning"; - repo = "c-lightning-REST"; - rev = "v${version}"; - hash = "sha256-Z3bLH/nqhO2IPE1N4TxYhEDh2wHR0nT801kztfYoj+s="; - }; - - npmDepsHash = "sha256-svt5hjhTriGhehxC36yGwrqcjax/9UqqVzxEhHnoM0M="; - dontNpmBuild = true; - - meta = with lib; { - description = "REST APIs for Core Lightning written with node.js "; - homepage = "https://github.com/Ride-The-Lightning/c-lightning-REST"; - license = licenses.mit; - }; - }; - }) - ]; - }; -} diff --git a/src/system/modules/bitcoin/modules/clightning/plugins/default.nix b/src/system/modules/bitcoin/modules/clightning/plugins/default.nix deleted file mode 100644 index 2b2fd49..0000000 --- a/src/system/modules/bitcoin/modules/clightning/plugins/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./c-lightning-REST - ]; -} diff --git a/src/system/modules/bitcoin/modules/electrum/config/config.toml b/src/system/modules/bitcoin/modules/electrum/config/config.toml index a485ccc..c030e25 100644 --- a/src/system/modules/bitcoin/modules/electrum/config/config.toml +++ b/src/system/modules/bitcoin/modules/electrum/config/config.toml @@ -2,11 +2,13 @@ network = "bitcoin" electrum_rpc_addr = "127.0.0.1:50001" -cookie_file = "/var/lib/bitcoind/.cookie" +cookie-file = "/var/lib/bitcoind/.cookie" + db_dir = "/var/lib/electrs" log_filters = "INFO" +timestamp = true -daemon_rpc_addr = "127.0.0.1:8332" -daemon_p2p_addr = "127.0.0.1:8333" -daemon_dir = "/var/lib/bitcoind" +daemon-rpc-addr = "127.0.0.1:8332" +daemon-p2p-addr = "127.0.0.1:8333" +daemon-dir = "/var/lib/bitcoind" diff --git a/src/system/modules/bitcoin/modules/electrum/default.nix b/src/system/modules/bitcoin/modules/electrum/default.nix index 51c10d6..9b210ce 100644 --- a/src/system/modules/bitcoin/modules/electrum/default.nix +++ b/src/system/modules/bitcoin/modules/electrum/default.nix @@ -3,6 +3,8 @@ with lib; let cfg = config.modules.system.bitcoin.electrum; + home = "/var/lib/electrs"; + btc = config.modules.system.bitcoin; electrsConfig = pkgs.writeTextFile { @@ -13,21 +15,24 @@ let in { options.modules.system.bitcoin.electrum = { enable = mkEnableOption "Electrs Server"; }; config = mkIf (cfg.enable && btc.enable) { + #TODO: Fix the failing overlay due to `cargoHash/cargoSha256` #nixpkgs.overlays = [ # (final: prev: { # electrs = prev.electrs.overrideAttrs (old: rec { - # version = "0.10.6"; + # pname = "electrs"; + # version = "0.10.8"; # src = pkgs.fetchFromGitHub { # owner = "romanz"; - # repo = "electrs"; + # repo = pname; # rev = "v${version}"; - # hash = "sha256-yp9fKD7zH9Ne2+WQUupaxvUx39RWE8RdY4U6lHuDGSc="; + # hash = "sha256-L26jzAn8vwnw9kFd6ciyYS/OLEFTbN8doNKy3P8qKRE="; # }; - # cargoDeps = old.cargoDeps.overrideAttrs (lib.const { - # name = "electrs-vendor.tar.gz"; - # inherit src; - # outputHash = "sha256-qQKAQHOAeYWQ5YVtx12hIAjNA7Aj1MW1m+WimlBWPv0="; - # }); + # #cargoDeps = old.cargoDeps.overrideAttrs (const { + # # name = "electrs-${version}.tar.gz"; + # # inherit src; + # # sha256 = ""; + # #}); + # cargoHash = "sha256-lBRcq73ri0HR3duo6Z8PdSjnC8okqmG5yWeHxH/LmcU="; # }); # }) #]; @@ -39,16 +44,16 @@ in users = { users = { "electrs" = { - home = "/var/lib/electrs"; + inherit home; description = "Electrs system user"; isSystemUser = true; - group = "btc"; + group = "bitcoin"; createHome = true; }; }; groups = { - "btc" = { - members = [ + "bitcoin" = { + members = mkAfter [ "electrs" ]; }; @@ -58,28 +63,29 @@ in systemd.services.electrs = { description = "Electrs Bitcoin Indexer"; + + script = "${pkgs.electrs}/bin/electrs"; + scriptArgs = "--conf=${electrsConfig}"; + + after = [ + "bitcoind-btc.service" + ]; + serviceConfig = { + User = "electrs"; - Group = "btc"; - - StateDirectory = "electrs"; - WorkingDirectory = "%S/electrs"; - - ExecStart = "${pkgs.electrs}/bin/electrs --conf=${electrsConfig}"; + Group = "bitcoin"; Type = "simple"; KillMode = "process"; TimeoutSec = 60; - Restart = "on-failure"; - RestartSec = 2; + Restart = "always"; + RestartSec = 60; }; - after = [ - "network.target" + requisite = [ "bitcoind-btc.service" + "network.target" ]; - requires = [ "bitcoind-btc.service" ]; - partOf = [ "bitcoind-btc.service" ]; - wantedBy = [ "multi-user.target" ]; }; }; } diff --git a/src/system/modules/forgejo/default.nix b/src/system/modules/forgejo/default.nix index 384e140..f9a3eca 100644 --- a/src/system/modules/forgejo/default.nix +++ b/src/system/modules/forgejo/default.nix @@ -10,25 +10,24 @@ in config = mkIf cfg.enable { users = { users = { - "${config.services.forgejo.user}" = { + "git" = { description = "Git server system user"; - home = config.services.forgejo.stateDir; isSystemUser = true; - group = "${config.services.forgejo.user}"; + group = "git"; extraGroups = mkIf nginx.enable [ "web" ]; }; - "${config.services.nginx.user}" = { + "nginx" = { extraGroups = mkIf nginx.enable [ - "${config.services.forgejo.group}" + "git" ]; }; }; groups = { - "${config.services.forgejo.group}" = { + "git" = { members = [ - "${config.services.forgejo.user}" + "git" ]; }; }; @@ -45,24 +44,15 @@ in PROTOCOL = "http+unix"; DOMAIN = "127.0.0.1"; HTTP_ADDR = "/run/forgejo/forgejo.sock"; - ROOT_URL = "https://git.ramos.codes"; }; }; database = { - name = "git"; inherit user; type = "sqlite3"; path = "${stateDir}/data/forgejo.db"; createDatabase = true; }; - - dump = { - enable = true; - file = "git.bkup"; - type = "tar.gz"; - interval = "weekly"; - }; }; }; } diff --git a/src/system/modules/frigate/default.nix b/src/system/modules/frigate/default.nix deleted file mode 100644 index 2be689f..0000000 --- a/src/system/modules/frigate/default.nix +++ /dev/null @@ -1,100 +0,0 @@ -{ pkgs, lib, config, ... }: - -with lib; -let - cfg = config.modules.system.frigate; - nginx = config.modules.system.nginx; - -in -{ options.modules.system.frigate = { enable = mkEnableOption "Enable Frigate NVR"; }; - config = mkIf cfg.enable { - services.frigate = { - enable = true; - hostname = "frigate"; - settings = { - web = { - bind_address = "0.0.0.0"; - port = "5000"; - }; - mqtt = { - enabled = true; - host = "localhost"; - }; - cameras = { - "Doorbell" = { - ffmpeg = { - inputs = [ - { - path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=0"; - roles = [ "record" ]; - } - { - path = "rtsp://admin:ocu?u3Su@192.168.0.134/cam/realmonitor?channel=1&subtype=1"; - roles = [ "detect" ]; - } - ]; - }; - }; - "Living Room" = { - ffmpeg = { - inputs = [ - { - path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=0"; - roles = [ "record" ]; - } - { - path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=1&subtype=1"; - roles = [ "detect" ]; - } - ]; - }; - }; - "Kitchen" = { - ffmpeg = { - inputs = [ - { - path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=0"; - roles = [ "record" ]; - } - { - path = "rtsp://admin:ocu?u3Su@192.168.0.181/cam/realmonitor?channel=2&subtype=1"; - roles = [ "detect" ]; - } - ]; - }; - }; - "Parking Lot" = { - ffmpeg = { - inputs = [ - { - path = "rtsp://admin:ocu?u3Su@192.168.0.60/cam/realmonitor?channel=1&subtype=0"; - roles = [ "record" ]; - } - { - path = "rtsp://admin:ocu?u3Su@192.168.0.60/cam/realmonitor?channel=1&subtype=1"; - roles = [ "detect" ]; - } - ]; - }; - }; - "Porch" = { - ffmpeg = { - inputs = [ - { - path = "rtsp://admin:ocu?u3Su@192.168.0.108/cam/realmonitor?channel=1&subtype=0"; - roles = [ "record" ]; - } - { - path = "rtsp://admin:ocu?u3Su@192.168.0.108/cam/realmonitor?channel=1&subtype=1"; - roles = [ "detect" ]; - } - ]; - }; - }; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 5000 ]; - }; -} diff --git a/src/system/modules/nginx/default.nix b/src/system/modules/nginx/default.nix index 51829d3..bb35cca 100644 --- a/src/system/modules/nginx/default.nix +++ b/src/system/modules/nginx/default.nix @@ -4,100 +4,86 @@ with lib; let cfg = config.modules.system.nginx; module = config.modules.system; - forgejo = config.services.forgejo; in { options.modules.system.nginx = { enable = mkEnableOption "Nginx Reverse Proxy"; }; config = mkIf cfg.enable { users = { users = { - "${config.services.nginx.user}" = { + "nginx" = { description = "Web server system user"; isSystemUser = true; - group = mkForce "${config.services.nginx.group}"; - extraGroups = [ - "${config.security.acme.defaults.group}" - ]; + group = mkForce "web"; }; "btc" = { extraGroups = mkIf module.bitcoin.enable [ - "${config.services.nginx.group}" + "web" ]; }; - "${forgejo.user}" = { + "git" = { extraGroups = mkIf module.forgejo.enable [ - "${config.services.nginx.group}" + "web" ]; }; }; groups = { - "${config.services.nginx.group}" = { + "web" = { members = [ - "${config.services.nginx.user}" + "nginx" ]; }; }; }; - security.acme = { - acceptTerms = true; - defaults = { - email = "${config.user.email}"; - validMinDays = 90; - listenHTTP = ":80"; - }; - certs = { - "ramos.codes" = { - extraDomainNames = [ - "git.ramos.codes" - "btc.ramos.codes" - ]; - }; - }; - }; - - services.nginx = + security.acme = let - certPath = config.security.acme.certs."ramos.codes".directory; - sslCertificate = "${certPath}/fullchain.pem"; - sslCertificateKey = "${certPath}/key.pem"; - - withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // { - inherit sslCertificate sslCertificateKey; - forceSSL = true; - }) hosts; + acmeDir = "/var/lib/acme"; in { - enable = true; - user = "nginx"; - group = "web"; - recommendedProxySettings = true; - recommendedTlsSettings = true; + acceptTerms = true; + certs = { + "ramos.codes" = { + #webroot = "${acmeDir}/acme-challenge"; + directory = "${acmeDir}/ramos.codes"; + email = config.user.email; + group = "web"; + validMinDays = 90; + extraDomainNames = attrNames config.services.nginx.virtualHosts; + listenHTTP = ":80"; + }; + }; + }; - virtualHosts = withSSL { + services.nginx = { + enable = true; + virtualHosts = + let + certPath = config.security.acme.certs."ramos.codes".directory; + sslCertificate = "${certPath}/fullchain.pem"; + sslCertificateKey = "${certPath}/key.pem"; + + withSSL = hosts: mapAttrs (name: hostConfig: hostConfig // { + inherit sslCertificate sslCertificateKey; + forceSSL = true; + }) hosts; + + in withSSL + { "git.ramos.codes" = mkIf module.forgejo.enable { locations = { "/" = { - proxyPass = "http://unix:${forgejo.settings.server.HTTP_ADDR}"; + proxyPass = "http://unix:${config.services.forgejo.settings.server.HTTP_ADDR}"; }; }; }; + #"btc.ramos.codes" = mkIf module.bitcoin.electrum.enable { + # locations = { + # "/" = { + # proxyPass = ""; + # }; + # }; + #}; }; - - streamConfig = '' - ${lib.optionalString module.bitcoin.electrum.enable '' - server { - listen 0.0.0.0:50002 ssl; - proxy_pass 127.0.0.1:50001; - - ssl_certificate ${sslCertificate}; - ssl_certificate_key ${sslCertificateKey}; - } - ''} - ''; }; - networking.firewall.allowedTCPPorts = [ - 50002 - ]; }; }