bryan/nixos
0
0
Fork 0
mirror of https://github.com/itme-brain/nixos.git synced 2026-03-24 08:39:42 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'bitcoind'

Browse source
This commit is contained in:
Bryan Ramos 2024-05-13 23:34:22 -04:00
commit df6e65c534
Signed by: bryan
GPG key ID: 6ABDCD144D6643C8
29 changed files with 155 additions and 448 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
*.qcow2
result

18
flake.nix
View file

@ -41,6 +41,15 @@
]; ];
}; };
server = nixpkgs.lib.nixosSystem {
inherit system pkgs;
modules = [
./src/system/machines/server
home-manager.nixosModules.home-manager
(import ./src/system/machines/server/modules/home-manager)
];
};
wsl = nixpkgs.lib.nixosSystem { wsl = nixpkgs.lib.nixosSystem {
inherit system pkgs; inherit system pkgs;
modules = [ modules = [
@ -51,15 +60,6 @@
(import ./src/system/machines/wsl/home.nix) (import ./src/system/machines/wsl/home.nix)
]; ];
}; };
server = nixpkgs.lib.nixosSystem {
inherit system pkgs;
modules = [
./src/system/machines/server
home-manager.nixosModules.home-manager
(import ./src/system/machines/server/home.nix)
];
};
}; };
homeConfigurations."work" = home-manager.lib.homeManagerConfiguration { homeConfigurations."work" = home-manager.lib.homeManagerConfiguration {

48
justfile
View file

@ -1,10 +1,26 @@
SYSTEM := "$(echo $HOSTNAME)" SYSTEM := "$(echo $HOSTNAME)"
# Print this list
default: default:
@just --list @just --list
# Clean up build artifacts
clean:
#!/usr/bin/env bash
set -euo pipefail
echo "Cleaning build artifacts"
if [ -d result ]; then
echo "Removing result directory..."
rm ./result;
fi
if ls *.qcow2 1> /dev/null 2>&1; then
echo "Removing virtual disk..."
rm ./*.qcow2;
fi
echo "All clean!"
# Output what derivations will be built # Output what derivations will be built
test SYSTEM TYPE="nix": test SYSTEM TYPE="nixos":
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
case "{{TYPE}}" in case "{{TYPE}}" in
@ -38,11 +54,11 @@ test SYSTEM TYPE="nix":
esac esac
# Build the nix expression and hydrate the results directory - pass VM flag to build a VM # Build the nix expression and hydrate the results directory - pass VM flag to build a VM
build SYSTEM TYPE="nix": make SYSTEM TYPE="nixos":
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
case "{{TYPE}}" in case "{{TYPE}}" in
"nix") "nixos")
if [ "{{SYSTEM}}" = "desktop" ] || [ "{{SYSTEM}}" = "server" ] || [ "{{SYSTEM}}" = "wsl" ] || [ "{{SYSTEM}}" = "laptop" ]; then if [ "{{SYSTEM}}" = "desktop" ] || [ "{{SYSTEM}}" = "server" ] || [ "{{SYSTEM}}" = "wsl" ] || [ "{{SYSTEM}}" = "laptop" ]; then
echo "Hydrating resulting NixOS configuration for {{SYSTEM}}..." echo "Hydrating resulting NixOS configuration for {{SYSTEM}}..."
nix build .#nixosConfigurations."{{SYSTEM}}".config.system.build.toplevel -L nix build .#nixosConfigurations."{{SYSTEM}}".config.system.build.toplevel -L
@ -87,30 +103,48 @@ build SYSTEM TYPE="nix":
;; ;;
esac esac
# grep nixpkgs for PKG
search PKG: search PKG:
nix search nixpkgs {{PKG}} nix search nixpkgs {{PKG}}
# Open nixos packages in the browser
pkgs: pkgs:
@xdg-open https://search.nixos.org/packages @xdg-open https://search.nixos.org/packages
# Open nixos options in the browser
options: options:
@xdg-open https://search.nixos.org/options @xdg-open https://search.nixos.org/options
# NixOS-rebuild switch short-hand # NixOS-rebuild switch for the current system
switch: switch:
@echo -e "\033[32m->> Switching to next generation ->>\033[0m" @echo -e "\033[32m->> Switching to next generation ->>\033[0m"
@sudo nixos-rebuild switch --flake .#{{SYSTEM}} @sudo nixos-rebuild switch --flake .#{{SYSTEM}}
# NixOS-rebuild boot short-hand # NixOS-rebuild boot for the current system
boot: boot:
@echo -e "\033[34m->> Reboot to new generation ->>\033[0m" @echo -e "\033[34m->> Reboot to new generation ->>\033[0m"
@echo "Switching to next generation on reboot" @echo "Switching to next generation on reboot"
@sudo nixos-rebuild boot --flake .#{{SYSTEM}} @sudo nixos-rebuild boot --flake .#{{SYSTEM}}
# Commit all changes and push to upstream # Commit all changes and push to upstream
gh MESSAGE: gh COMMIT_MESSAGE:
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
git add -A git add -A
git commit -m "{{MESSAGE}}" git commit -m "{{COMMIT_MESSAGE}}"
git push git push
#Fetch resources and compute sha256 hash
hash URL:
#!/usr/bin/env bash
set -euo pipefail
if echo "{{URL}}" | grep -E '\.(tar\.gz|tgz|zip)$'; then
CONTENTS=$(nix-prefetch-url --unpack {{URL}} | tail -n 1)
else
CONTENTS=$(nix-prefetch-url {{URL}} | tail -n 1)
fi
HASH=$(nix hash to-sri --type sha256 "$CONTENTS")
echo -e "\033[32m$HASH\033[0m"

2
src/system/machines/desktop/system.nix
View file

@ -81,7 +81,7 @@
hardwareClockInLocalTime = true; hardwareClockInLocalTime = true;
}; };
services.timesyncd = { services.timesyncd = lib.mkDefault {
enable = true; enable = true;
servers = [ servers = [
"0.pool.ntp.org" "0.pool.ntp.org"

31
src/system/machines/server/hardware.nix Normal file
View file

@ -0,0 +1,31 @@
{ config, lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/79093c66-1283-44d4-b03c-f87956bbada1";
fsType = "ext4";
};
"/home" = {
device = "/dev/disk/by-uuid/1e2d04b2-9a02-4de6-88cc-1e35d0838036";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-uuid/0509-1D1F";
fsType = "vfat";
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "performance";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

2
src/system/modules/tor/modules/default.nix → src/system/machines/server/modules/default.nix
View file

@ -1,5 +1,5 @@
{ {
imports = [ imports = [
./relay ./home
]; ];
} }

13
src/system/machines/server/home.nix → src/system/machines/server/modules/home-manager/default.nix
View file

@ -4,9 +4,7 @@
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.${config.user.name} = { home-manager.users.${config.user.name} = {
imports = [ imports = [ ../../../../../user ];
../../../user
];
programs.home-manager.enable = true; programs.home-manager.enable = true;
programs.bash.shellAliases = { programs.bash.shellAliases = {
@ -22,11 +20,16 @@
user = { user = {
bash.enable = true; bash.enable = true;
git.enable = true; git.enable = true;
gui.enable = false;
security = {
gpg.enable = true; gpg.enable = true;
utils.enable = true; };
utils = {
enable = true;
vim.enable = true; vim.enable = true;
}; };
}; };
}; };
};
} }

13
src/system/machines/server/system.nix
View file

@ -2,16 +2,11 @@
{ system.stateVersion = "23.11"; { system.stateVersion = "23.11";
imports = [ imports = [ ../../modules ];
../modules
];
modules = { modules = {
bitcoin = { system = {
enable = true; bitcoin.enable = true;
clightning = true;
electrs = true;
sparrow-server = true;
}; };
}; };
@ -68,7 +63,7 @@
hardwareClockInLocalTime = true; hardwareClockInLocalTime = true;
}; };
services.timesyncd = { services.timesyncd = lib.mkDefault {
enable = true; enable = true;
servers = [ servers = [
"0.pool.ntp.org" "0.pool.ntp.org"

2
src/system/machines/wsl/system.nix
View file

@ -47,7 +47,7 @@
timeZone = "America/New_York"; timeZone = "America/New_York";
}; };
services.timesyncd = { services.timesyncd = lib.mkDefault {
enable = true; enable = true;
servers = [ servers = [
"0.pool.ntp.org" "0.pool.ntp.org"

22
src/system/modules/bitcoin/config/default.nix Normal file
View file

@ -0,0 +1,22 @@
''
server=1
daemon=1
mempoolfullrbf=1
v2transport=1
rpcauth=
rpcbind=127.0.0.1
rpcallowip=127.0.0.1
dnsseed=0
bind=127.0.0.1
proxy=127.0.0.1:9050
listen=1
listenonion=1
torcontrol=127.0.0.1:9051
torenablecircuit=1
''

61
src/system/modules/bitcoin/default.nix
View file

@ -4,59 +4,56 @@ with lib;
let let
cfg = config.modules.system.bitcoin; cfg = config.modules.system.bitcoin;
home = "/var/lib/bitcoind";
conf = pkgs.writeText "bitcoin.conf" (import ./config);
in in
{ options.modules.system.bitcoin = { enable = mkEnableOption "system.bitcoin"; }; { options.modules.system.bitcoin = { enable = mkEnableOption "system.bitcoin"; };
imports = [ ./modules ];
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.bash.shellAliases = { nixpkgs.overlays = [
btc = "bitcoin-cli"; (final: prev: {
bitcoind = prev.bitcoind.overrideAttrs (old: rec {
version = "27.0";
src = fetchTarball {
url = "https://github.com/bitcoin/bitcoin/archive/refs/tags/v${version}.tar.gz";
sha256 = "sha256-U2tR3WySD3EssA3a14wUtA3e0t/5go0isqNZSSma7m4=";
}; };
});
})
];
users = { users = {
users = { users = {
"bitcoind" = { "btc" = {
description = "bitcoind system user"; inherit home;
description = "Bitcoin Core system user";
isSystemUser = true; isSystemUser = true;
group = "bitcoin"; group = "bitcoin";
home = /var/lib/bitcoind;
createHome = true; createHome = true;
}; };
}; };
groups = { groups = {
"bitcoin" = { "bitcoin" = {
members = [ "clightning" "electrs" ]; members = [
"btc"
];
}; };
}; };
}; };
programs.bash.shellAliases = {
btc = "bitcoind";
};
networking.firewall.allowedTCPPorts = [ 8333 ];
services.bitcoind = { services.bitcoind = {
"bitcoind" = { "btc" = {
enable = true; enable = true;
testnet = false; user = "btc";
user = "bitcoind";
group = "bitcoin"; group = "bitcoin";
configFile = /var/lib/bitcoind/bitcoin.conf; configFile = conf;
rpc = {
port = 8332;
};
extraConfig = ''
server=1
mempoolfullrbf=1
v2transport=1
rpcbind=127.0.0.1
rpcallowip=127.0.0.1
proxy=127.0.0.1:9050
listen=1
listenonion=1
torcontrol=127.0.0.1:9051
torenablecircuit=1
'';
}; };
}; };
}; };

73
src/system/modules/bitcoin/modules/core-lightning/default.nix
View file

@ -1,73 +0,0 @@
{ lib, pkgs, config, ... }:
#TODO: c-lightning config file
with lib;
let cfg = config.modules.system.bitcoin.core-lightning;
in
{ options.modules.system.bitcoin.core-lightning = { enable = mkEnableOption "system.bitcoin.core-lightning"; };
config = mkIf cfg.enable {
imports = [ ./modules ];
programs.bash.shellAliases = {
cln = "lightningd";
};
environment.systemPackages = with pkgs; [
clightning
];
users = {
users = {
"c-lightning" = {
description = "core-lightning system user";
isSystemUser = true;
group = "bitcoin";
home = /var/lib/c-lightning;
createHome = true;
};
};
};
systemd.services.lightningd = {
Unit = {
Description = "Core Lightning daemon";
Requires = [ "bitcoind.service" ];
After = [ "bitcoind.service" "network-online.target" ];
Wants = [ "network-online.target" ];
};
Service = {
ExecStartPre =
let
lightningConf = ''
''; #put lightning conf here
in
"${pkgs.writeShellScript "prepare-clightning-config" ''
mkdir -p /var/lib/c-lightning/.lightning
chown -R c-lightning:bitcoin /var/lib/c-lightning
echo "${lightningConf}" > /var/lib/c-lightning/.lightning/config
chmod 600 /var/lib/c-lightning/.lightning/config
''}";
ExecStart = "${pkgs.clightning}/bin/lightningd --conf=/var/lib/c-lightning/.lightning/config";
RuntimeDirectory = "lightningd";
User = "c-lightning";
Group = "bitcoin";
Type = "forking";
PIDFile = "/run/lightningd/lightningd.pid";
Restart = "on-failute";
PrivateTmp = true;
ProtectSystem = "full";
NoNewPrivileges = true;
PrivateDevies = true;
MemoryDenyWriteAccess = false;
};
Install = {
WantedBy = [ "multi-user.target" ];
};
};
};
}

18
src/system/modules/bitcoin/modules/core-lightning/modules/c-lightning-REST/default.nix
View file

@ -1,18 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.modules.system.bitcoin.core-lightning.REST;
cln = config.modules.system.bitcoin.core-lightning;
c-lightning-REST = import ./derivation.nix { inherit pkgs; };
in
{ options.modules.system.bitcoin.core-lightning.REST = {
enable = mkEnableOption "system.bitcoin.core-lightning.REST";
};
config = mkIf (cfg.enable && cln.enable) {
environment.systemPackages = with pkgs; [
c-lightning-REST
];
};
}

28
src/system/modules/bitcoin/modules/core-lightning/modules/c-lightning-REST/derivation.nix
View file

@ -1,28 +0,0 @@
{ pkgs, ... }:
with pkgs;
stdenv.mkDerivation rec {
pname = "c-lightning-REST";
version = "0.10.7";
src = fetchurl {
url = "https://github.com/Ride-The-Lightning/c-lightning-REST/archive/refs/tags/v${version}.tar.gz";
sha256 = "1swg53vbacsrsgy79lni07dy2h44b0yf2kad7j4fv17az4gwnxk7";
};
buildInputs = with pkgs; [
nodejs
];
installPhase = ''
mkdir -p $out
cp -r * $out/
'';
meta = {
description = "c-lighting REST API";
homepage = "https://github.com/Ride-The-Lightning/c-lightning-REST";
license = stdenv.lib.licenses.mit;
platforms = stdenv.lib.platforms.linux;
};
}

5
src/system/modules/bitcoin/modules/core-lightning/modules/default.nix
View file

@ -1,5 +0,0 @@
{
imports = [
./c-lightning-REST
];
}

7
src/system/modules/bitcoin/modules/default.nix
View file

@ -1,7 +0,0 @@
{
imports = [
./core-lightning
./electrs
./sparrow-server
];
}

49
src/system/modules/bitcoin/modules/electrs/default.nix
View file

@ -1,49 +0,0 @@
{ lib, pkgs, config, ... }:
#TODO: electrs configuration file
with lib;
let cfg = config.modules.bitcoin.electrs;
in
{ options.modules.bitcoin.electrs = { enable = mkEnableOption "bitcoin.electrs"; };
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
electrs
];
users = {
users = {
"electrs" = {
description = "electrs system user";
isSystemUser = true;
group = "bitcoin";
home = /var/lib/electrs;
createHome = true;
};
};
};
systemd.services.electrs = {
Unit = {
Description = "Electrs Bitcoin Indexer";
After = [ "network.target" "bitcoind.service" ];
Requires = [ "bitcoind.service" ];
};
Service = {
ExecStartPre = "/usr/bin/sleep 10";
ExecStart = "${pkgs.electrs}/bin/electrs";
User = "electrs";
Group = "bitcoin";
Type = "simple";
KillMode = "process";
TimeoutSec = 60;
Restart = "always";
RestartSec = 60;
};
Install = {
WantedBy = [ "multi-user.target" ];
};
};
};
}

14
src/system/modules/bitcoin/modules/sparrow-server/default.nix
View file

@ -1,14 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.modules.system.bitcoin.sparrow-server;
sparrow-server = import ./derivation.nix { inherit pkgs; };
in
{ options.modules.system.bitcoin.sparrow-server = { enable = mkEnableOption "system.bitcoin.sparrow-server"; };
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
sparrow-server
];
};
}

24
src/system/modules/bitcoin/modules/sparrow-server/derivation.nix
View file

@ -1,24 +0,0 @@
{ pkgs, ... }:
with pkgs;
stdenv.mkDerivation rec {
pname = "sparrow-server";
version = "1.8.2";
src = fetchurl {
url = "https://github.com/sparrowwallet/sparrow/releases/download/${version}/sparrow-server-${version}-x86_64.tar.gz";
sha256 = "16hyrf8j7mv3m1ry7r2k3w70yxbf6smgcm5d35xy2hjqfmahv65m";
};
installPhase = ''
mkdir -p $out/bin
cp -r * $out/bin
'';
meta = {
description = "Sparrow Server";
homepage = "https://sparrowwallet.com/";
license = stdenv.lib.licenses.mit;
platforms = stdenv.lib.platforms.linux;
};
}

2
src/system/modules/default.nix
View file

@ -1,7 +1,5 @@
{ {
imports = [ imports = [
./bitcoin ./bitcoin
./nginx
./tor
]; ];
} }

21
src/system/modules/nginx/default.nix
View file

@ -1,21 +0,0 @@
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.modules.system.nginx;
in
{ options.modules.system.nginx = { enable = mkEnableOption "system.nginx"; };
config = mkIf cfg.enable {
imports = [ ./sites ];
security.acme = {
defaults = {
email = config.user.email;
};
};
services.nginx = {
enable = true;
package = pkgs.nginxMainLine;
};
};
}

5
src/system/modules/nginx/sites/default.nix
View file

@ -1,5 +0,0 @@
{
imports = [
./mySite
];
}

30
src/system/modules/nginx/sites/mySite/default.nix
View file

@ -1,30 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.modules.system.nginx.mySite;
nginxCfg = config.modules.system.nginx;
in
{ options.modules.system.nginx.mySite = { enable = mkEnableOption "system.nginx.mySite"; };
config = mkIf (cfg.enable && nginxCfg) {
security.acme = {
certs = {
"*.ramos.codes" = {
#TODO: configure ACME certs
};
};
};
services.nginx = {
#TODO: check if configure as vhost or stream
virtualHosts = {
"*.ramos.codes" = {
addSSL = true;
onlySSL = true;
forceSSL = true;
acmeRoot = null;
};
};
};
};
}

31
src/system/modules/nginx/sites/mySite/modules/btc/default.nix
View file

@ -1,31 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.modules.system.nginx.mySite.btc;
mySiteCfg = config.modules.system.nginx.mySite;
btcCfg = config.modules.system.bitcoin;
in
{ options.modules.system.nginx.mySite.btc = { enable = mkEnableOption "system.nginx.mySite.btc"; };
config = mkIf (cfg.enable && mySiteCfg && btcCfg) {
#security.acme = {
# certs = {
# "btc.ramos.codes" = {
# #TODO: configure ACME certs
# };
# };
#};
#services.nginx = {
# #TODO: check if configure as vhost or stream
# virtualHosts = {
# "btc.ramos.codes" = {
# addSSL = true;
# onlySSL = true;
# forceSSL = true;
# acmeRoot = null;
# };
# };
#};
};
}

30
src/system/modules/nginx/sites/mySite/modules/git/default.nix
View file

@ -1,30 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.modules.system.nginx.mySite.git;
mySiteCfg = config.modules.system.nginx.mySite;
in
{ options.modules.system.nginx.mySite.git = { enable = mkEnableOption "system.nginx.mySite.git"; };
config = mkIf (cfg.enable && mySiteCfg) {
#security.acme = {
# certs = {
# "ramos.codes" = {
# #TODO: configure ACME certs
# };
# };
#};
#services.nginx = {
# #TODO: check if configure as vhost or stream
# streamConfig = services.nginx.streamConfig ++ {
# "*.ramos.codes" = {
# addSSL = true;
# onlySSL = true;
# forceSSL = true;
# acmeRoot = null;
# };
# };
#};
};
}

23
src/system/modules/tor/default.nix
View file

@ -1,23 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.modules.system.tor;
in
{ options.modules.system.tor = { enable = mkEnableOption "system.tor"; };
config = mkIf cfg.enable {
imports = [ ./modules ];
services.tor = {
enable = true;
client = {
enable = lib.mkDefault true;
dns.enable = mkIf services.tor.client.enable true;
};
relay.enable = lib.mkDefault false;
enableGeoIP = false;
DoSConnectionEnabled = true;
DoSCircuitCreationEnabled = true;
};
};
}

16
src/system/modules/tor/modules/relay.nix
View file

@ -1,16 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.modules.system.tor.relay;
torCfg = config.modules.system.tor;
in
{ options.modules.system.tor.relay = { enable = mkEnableOption "system.tor.relay"; };
config = mkIf (cfg.enable && torCfg.enable) {
services.tor = {
client.enable = false;
relay.enable = true;
};
};
}

5
src/user/modules/git/default.nix
View file

@ -13,15 +13,14 @@ in
extraConfig = { extraConfig = {
init = { defaultBranch = "master"; }; init = { defaultBranch = "master"; };
format = { pretty = "oneline"; }; format = { pretty = "oneline"; };
log = { abbrevCommit = true; };
mergetool = { mergetool = {
vimdiff = { vimdiff = {
trustExitCode = true; trustExitCode = true;
}; };
}; };
merge = { tool = "vimdiff"; }; merge = { tool = "vimdiff"; };
safe = { safe = { directory = "/etc/nixos"; };
directory = "/etc/nixos";
};
}; };
ignores = [ ignores = [
"node_modules" "node_modules"