diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 20feaed..5dad7cf 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -9,11 +9,6 @@ forgejo.enable = true; frigate.enable = false; immich.enable = true; - bitcoin = { - enable = true; - electrum.enable = true; - clightning.enable = true; - }; backup = { enable = true; diff --git a/src/system/modules/bitcoin/config/bitcoin.conf b/src/system/modules/bitcoin/config/bitcoin.conf index 756bfc1..641827a 100644 --- a/src/system/modules/bitcoin/config/bitcoin.conf +++ b/src/system/modules/bitcoin/config/bitcoin.conf @@ -1,12 +1,14 @@ server=1 -rpccookiefile=/var/lib/bitcoin/.cookie -rpccookieperms=group +mempoolfullrbf=1 +v2transport=1 + +rpcauth= + rpcbind=127.0.0.1 rpcallowip=127.0.0.1 dnsseed=0 -onlynet=onion bind=127.0.0.1 proxy=127.0.0.1:9050 @@ -14,5 +16,4 @@ proxy=127.0.0.1:9050 listen=1 listenonion=1 torcontrol=127.0.0.1:9051 - -txindex=1 +torenablecircuit=1 diff --git a/src/system/modules/bitcoin/default.nix b/src/system/modules/bitcoin/default.nix index e7e12a0..6a4b89e 100644 --- a/src/system/modules/bitcoin/default.nix +++ b/src/system/modules/bitcoin/default.nix @@ -5,7 +5,7 @@ let cfg = config.modules.system.bitcoin; nginx = config.modules.system.nginx; - home = "/var/lib/bitcoin"; + home = "/var/lib/bitcoind"; bitcoinConf = pkgs.writeTextFile { name = "bitcoin.conf"; @@ -15,10 +15,16 @@ let in { options.modules.system.bitcoin = { enable = mkEnableOption "Bitcoin Server"; }; config = mkIf cfg.enable { - modules.system.tor.enable = true; - - environment.systemPackages = with pkgs; [ - bitcoind + nixpkgs.overlays = [ + (final: prev: { + bitcoind = prev.bitcoind.overrideAttrs (old: rec { + version = "28.0"; + src = fetchTarball { + url = "https://github.com/bitcoin/bitcoin/archive/refs/tags/v${version}.tar.gz"; + sha256 = "sha256-LLtw6pMyqIJ3IWHiK4P3XoifLojB9yMNMo+MGNFGuRY="; + }; + }); + }) ]; users = { @@ -28,7 +34,6 @@ in description = "Bitcoin Core system user"; isSystemUser = true; group = "bitcoin"; - extraGroups = [ "tor" ]; createHome = true; }; "nginx" = { @@ -41,18 +46,17 @@ in "bitcoin" = { members = [ "btc" - config.user.name ]; }; }; }; programs.bash.shellAliases = { - btc = "bitcoin-cli"; + btc = "bitcoind"; }; services.bitcoind = { - "mainnet" = { + "btc" = { enable = true; user = "btc"; group = "bitcoin"; @@ -61,20 +65,5 @@ in pidFile = "${home}/bitcoind.pid"; }; }; - - # Make data dir group-accessible so electrs/clightning can read cookie - systemd.tmpfiles.rules = [ - "d ${home} 0750 btc bitcoin -" - ]; - - systemd.services.bitcoind-mainnet = { - wants = [ "tor.service" ]; - after = [ "tor.service" ]; - serviceConfig.ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/tor"; - }; - - modules.system.backup.paths = [ - "${home}/wallets" - ]; }; } diff --git a/src/system/modules/bitcoin/modules/clightning/config/lightning.conf b/src/system/modules/bitcoin/modules/clightning/config/lightning.conf deleted file mode 100644 index def24ec..0000000 --- a/src/system/modules/bitcoin/modules/clightning/config/lightning.conf +++ /dev/null @@ -1,31 +0,0 @@ -alias=OrdSux - -network=bitcoin -bitcoin-datadir=/var/lib/bitcoin -bitcoin-rpcconnect=127.0.0.1 -bitcoin-rpcport=8332 - -lightning-dir=/var/lib/clightning -plugin-dir=/var/lib/clightning/plugins - -log-file=/var/lib/clightning/lightningd.log -log-level=info -rpc-file-mode=0660 - -# Bind RPC locally only -bind-addr=127.0.0.1:9736 - -# Auto-create Tor hidden service for peer connections -addr=autotor:127.0.0.1:9051 - -# Route outbound through Tor -proxy=127.0.0.1:9050 -always-use-proxy=true - -large-channels -fee-base=1000 -fee-per-satoshi=10 -min-capacity-sat=10000 -htlc-minimum-msat=0 -funding-confirms=3 -max-concurrent-htlcs=30 diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix deleted file mode 100644 index f052e52..0000000 --- a/src/system/modules/bitcoin/modules/clightning/default.nix +++ /dev/null @@ -1,106 +0,0 @@ -{ lib, pkgs, config, ... }: - -with lib; -let - cfg = config.modules.system.bitcoin.clightning; - btc = config.modules.system.bitcoin; - nginx = config.modules.system.nginx; - home = "/var/lib/clightning"; - domain = "ramos.codes"; - - clnrest = pkgs.callPackage ./plugins/clnrest.nix { }; - - clnConfig = pkgs.writeTextFile { - name = "lightning.conf"; - text = '' - ${builtins.readFile ./config/lightning.conf} - bitcoin-cli=${pkgs.bitcoind}/bin/bitcoin-cli - - # CLNRest configuration - clnrest-port=3010 - clnrest-host=127.0.0.1 - clnrest-protocol=https - ''; - }; - -in -{ options.modules.system.bitcoin.clightning = { enable = mkEnableOption "Core Lightning Server"; }; - config = mkIf (cfg.enable && btc.enable) { - environment.systemPackages = with pkgs; [ - clightning - ]; - - users = { - users = { - "clightning" = { - inherit home; - description = "Core Lightning system user"; - isSystemUser = true; - group = "bitcoin"; - extraGroups = [ "tor" ]; - createHome = true; - }; - }; - groups = { - "bitcoin" = { - members = mkAfter [ - "clightning" - ]; - }; - }; - }; - - programs.bash.shellAliases = { - cln = "lightning-cli"; - }; - - systemd.services.lightningd = { - description = "Core Lightning Daemon"; - wantedBy = [ "multi-user.target" ]; - - wants = [ "bitcoind-mainnet.service" "tor.service" ]; - after = [ - "bitcoind-mainnet.service" - "tor.service" - "network.target" - ]; - - serviceConfig = { - ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/bitcoin /var/lib/tor ${home} ${home}/bitcoin"; - ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}"; - User = "clightning"; - Group = "bitcoin"; - WorkingDirectory = home; - - Type = "simple"; - KillMode = "process"; - TimeoutSec = 60; - Restart = "always"; - RestartSec = 60; - }; - }; - - # Ensure data directory exists with correct permissions - systemd.tmpfiles.rules = mkAfter [ - "d ${home} 0750 clightning bitcoin -" - "d ${home}/plugins 0750 clightning bitcoin -" - "L+ /home/${config.user.name}/.lightning - - - - ${home}" - "L+ ${home}/plugins/clnrest - - - - ${clnrest}/libexec/c-lightning/plugins/clnrest" - ]; - - modules.system.backup.paths = [ - "${home}/bitcoin/hsm_secret" - ]; - - services.nginx.virtualHosts."ln.${domain}" = mkIf nginx.enable { - useACMEHost = domain; - forceSSL = true; - locations."/" = { - proxyPass = "https://127.0.0.1:3010"; - extraConfig = '' - proxy_ssl_verify off; - ''; - }; - }; - }; -} diff --git a/src/system/modules/bitcoin/modules/clightning/plugins/clnrest.nix b/src/system/modules/bitcoin/modules/clightning/plugins/clnrest.nix deleted file mode 100644 index b4124cf..0000000 --- a/src/system/modules/bitcoin/modules/clightning/plugins/clnrest.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - lib, - rustPlatform, - fetchFromGitHub, - pkg-config, - openssl, - protobuf, -}: - -rustPlatform.buildRustPackage rec { - pname = "clnrest"; - version = "25.02.2"; - - src = fetchFromGitHub { - owner = "ElementsProject"; - repo = "lightning"; - rev = "v${version}"; - hash = "sha256-SiPYB463l9279+zawsxmql1Ui/dTdah5KgJgmrWsR2A="; - }; - - cargoLock = { - lockFile = "${src}/Cargo.lock"; - }; - - cargoBuildFlags = [ - "-p" - "clnrest" - ]; - cargoTestFlags = [ - "-p" - "clnrest" - ]; - - nativeBuildInputs = [ - pkg-config - protobuf - ]; - - buildInputs = [ openssl ]; - - postInstall = '' - mkdir -p $out/libexec/c-lightning/plugins - mv $out/bin/clnrest $out/libexec/c-lightning/plugins/ - rmdir $out/bin - ''; - - meta = { - description = "Transforms RPC calls into REST APIs"; - homepage = "https://docs.corelightning.org/docs/rest"; - license = lib.licenses.mit; - platforms = lib.platforms.linux; - mainProgram = "clnrest"; - }; -} diff --git a/src/system/modules/bitcoin/modules/electrum/config/config.toml b/src/system/modules/bitcoin/modules/electrum/config/config.toml index 9f05fe2..c030e25 100644 --- a/src/system/modules/bitcoin/modules/electrum/config/config.toml +++ b/src/system/modules/bitcoin/modules/electrum/config/config.toml @@ -2,12 +2,13 @@ network = "bitcoin" electrum_rpc_addr = "127.0.0.1:50001" -cookie_file = "/var/lib/bitcoin/.cookie" +cookie-file = "/var/lib/bitcoind/.cookie" db_dir = "/var/lib/electrs" log_filters = "INFO" +timestamp = true -daemon_rpc_addr = "127.0.0.1:8332" -daemon_p2p_addr = "127.0.0.1:8333" -daemon_dir = "/var/lib/bitcoin" +daemon-rpc-addr = "127.0.0.1:8332" +daemon-p2p-addr = "127.0.0.1:8333" +daemon-dir = "/var/lib/bitcoind" diff --git a/src/system/modules/bitcoin/modules/electrum/default.nix b/src/system/modules/bitcoin/modules/electrum/default.nix index 6673f4f..9b210ce 100644 --- a/src/system/modules/bitcoin/modules/electrum/default.nix +++ b/src/system/modules/bitcoin/modules/electrum/default.nix @@ -3,11 +3,9 @@ with lib; let cfg = config.modules.system.bitcoin.electrum; - nginx = config.modules.system.nginx; home = "/var/lib/electrs"; btc = config.modules.system.bitcoin; - domain = "ramos.codes"; electrsConfig = pkgs.writeTextFile { name = "config.toml"; @@ -65,20 +63,18 @@ in systemd.services.electrs = { description = "Electrs Bitcoin Indexer"; - wantedBy = [ "multi-user.target" ]; - wants = [ "bitcoind-mainnet.service" ]; + script = "${pkgs.electrs}/bin/electrs"; + scriptArgs = "--conf=${electrsConfig}"; + after = [ - "bitcoind-mainnet.service" - "network.target" + "bitcoind-btc.service" ]; serviceConfig = { - ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/bitcoin"; - ExecStart = "${pkgs.electrs}/bin/electrs --conf=${electrsConfig}"; + User = "electrs"; Group = "bitcoin"; - WorkingDirectory = home; Type = "simple"; KillMode = "process"; @@ -86,29 +82,10 @@ in Restart = "always"; RestartSec = 60; }; + requisite = [ + "bitcoind-btc.service" + "network.target" + ]; }; - - # Ensure db directory exists with correct permissions - systemd.tmpfiles.rules = [ - "d ${home} 0750 electrs bitcoin -" - ]; - - # Nginx SSL proxy for Electrum protocol (TCP) - networking.firewall.allowedTCPPorts = mkIf nginx.enable [ 50002 ]; - - services.nginx.streamConfig = mkIf nginx.enable '' - map $ssl_server_name $electrs_backend { - electrum.${domain} 127.0.0.1:50001; - default ""; - } - - server { - listen 50002 ssl; - proxy_pass $electrs_backend; - - ssl_certificate /var/lib/acme/${domain}/fullchain.pem; - ssl_certificate_key /var/lib/acme/${domain}/key.pem; - } - ''; }; } diff --git a/src/system/modules/default.nix b/src/system/modules/default.nix index c8ecd1a..13da930 100644 --- a/src/system/modules/default.nix +++ b/src/system/modules/default.nix @@ -4,11 +4,10 @@ let entries = builtins.readDir dir; names = builtins.attrNames entries; - isModuleDir = path: + isModuleDir = path: builtins.pathExists path && builtins.readFileType path == "directory" && - builtins.baseNameOf path != "config" && - builtins.baseNameOf path != "plugins"; + builtins.baseNameOf path != "config"; isModule = file: file == "default.nix"; isNix = file: builtins.match ".*\\.nix" file != null && file != "default.nix"; diff --git a/src/system/modules/tor/default.nix b/src/system/modules/tor/default.nix deleted file mode 100644 index 37c2e95..0000000 --- a/src/system/modules/tor/default.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ pkgs, lib, config, ... }: - -with lib; -let - cfg = config.modules.system.tor; - -in -{ - options.modules.system.tor = { - enable = mkEnableOption "Tor"; - }; - - config = mkIf cfg.enable { - services.tor = { - enable = true; - - client = { - enable = true; - # SOCKS proxy on 127.0.0.1:9050 - }; - - settings = { - ControlPort = 9051; - CookieAuthentication = true; - CookieAuthFileGroupReadable = true; - DataDirectoryGroupReadable = true; - }; - }; - }; -}