From 7b22f399e0a49785b94f2bdc7710fe4957dd60ab Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 21:42:32 -0400 Subject: [PATCH 01/20] minimal bitcoin config --- .../modules/bitcoin/config/bitcoin.conf | 2 +- src/system/modules/bitcoin/default.nix | 28 +++--- .../bitcoin/modules/clightning/default.nix | 92 +++++++++++++++++++ .../bitcoin/modules/electrum/default.nix | 4 +- src/system/modules/tor/default.nix | 29 ++++++ 5 files changed, 140 insertions(+), 15 deletions(-) create mode 100644 src/system/modules/bitcoin/modules/clightning/default.nix create mode 100644 src/system/modules/tor/default.nix diff --git a/src/system/modules/bitcoin/config/bitcoin.conf b/src/system/modules/bitcoin/config/bitcoin.conf index 641827a..c2c002c 100644 --- a/src/system/modules/bitcoin/config/bitcoin.conf +++ b/src/system/modules/bitcoin/config/bitcoin.conf @@ -3,7 +3,7 @@ server=1 mempoolfullrbf=1 v2transport=1 -rpcauth= +rpcauth=btc:a5070cab96db882e8f63cb131ce3bbfa$20c7fd4653597b0c4ffc2c47b2d5d6751a6725ff644dd0d0ffcb9bebff96b913 rpcbind=127.0.0.1 rpcallowip=127.0.0.1 diff --git a/src/system/modules/bitcoin/default.nix b/src/system/modules/bitcoin/default.nix index 6a4b89e..020045c 100644 --- a/src/system/modules/bitcoin/default.nix +++ b/src/system/modules/bitcoin/default.nix @@ -5,7 +5,7 @@ let cfg = config.modules.system.bitcoin; nginx = config.modules.system.nginx; - home = "/var/lib/bitcoind"; + home = "/var/lib/bitcoin"; bitcoinConf = pkgs.writeTextFile { name = "bitcoin.conf"; @@ -15,16 +15,10 @@ let in { options.modules.system.bitcoin = { enable = mkEnableOption "Bitcoin Server"; }; config = mkIf cfg.enable { - nixpkgs.overlays = [ - (final: prev: { - bitcoind = prev.bitcoind.overrideAttrs (old: rec { - version = "28.0"; - src = fetchTarball { - url = "https://github.com/bitcoin/bitcoin/archive/refs/tags/v${version}.tar.gz"; - sha256 = "sha256-LLtw6pMyqIJ3IWHiK4P3XoifLojB9yMNMo+MGNFGuRY="; - }; - }); - }) + modules.system.tor.enable = true; + + environment.systemPackages = with pkgs; [ + bitcoind ]; users = { @@ -34,6 +28,7 @@ in description = "Bitcoin Core system user"; isSystemUser = true; group = "bitcoin"; + extraGroups = [ "tor" ]; createHome = true; }; "nginx" = { @@ -56,7 +51,7 @@ in }; services.bitcoind = { - "btc" = { + "mainnet" = { enable = true; user = "btc"; group = "bitcoin"; @@ -65,5 +60,14 @@ in pidFile = "${home}/bitcoind.pid"; }; }; + + systemd.services.bitcoind-mainnet = { + wants = [ "tor.service" ]; + after = [ "tor.service" ]; + }; + + modules.system.backup.paths = [ + "${home}/wallets" + ]; }; } diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix new file mode 100644 index 0000000..cc175e9 --- /dev/null +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -0,0 +1,92 @@ +{ lib, pkgs, config, ... }: + +with lib; +let + cfg = config.modules.system.bitcoin.clightning; + btc = config.modules.system.bitcoin; + + clnConfig = pkgs.writeTextFile { + name = "lightning.conf"; + text = builtins.readFile ./config/lightning.conf; + }; + +in +{ options.modules.system.bitcoin.clightning = { enable = mkEnableOption "Core Lightning Server"; }; + imports = [ ./plugins ]; + config = mkIf (cfg.enable && btc.enable) { + #nixpkgs.overlays = [ + # (final: prev: { + # clightning = prev.electrs.overrideAttrs (old: rec { + # version = "24.08"; + # src = pkgs.fetchFromGitHub { + # owner = "ElementsProject"; + # repo = "lightning"; + # rev = "82f4ad68e34a2428c556e63fc2632d48a914968c"; + # hash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g"; + # }; + # cargoDeps = old.cargoDeps.overrideAttrs (lib.const { + # name = "lightning-vendor.tar.gz"; + # inherit src; + # outputHash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g="; + # }); + # }); + # }) + #]; + + environment.systemPackages = with pkgs; [ + clightning + ]; + + users = { + users = { + "clightning" = { + home = "/var/lib/clightning"; + description = "Core Lightning system user"; + isSystemUser = true; + group = "bitcoin"; + createHome = true; + }; + }; + groups = { + "bitcoin" = { + members = mkAfter [ + "clightning" + ]; + }; + }; + }; + + programs.bash.shellAliases = { + cln = "lightningd"; + }; + + systemd.services.lightningd = { + description = "Core Lightning Daemon"; + + script = "${pkgs.clightning}/bin/lightningd"; + scriptArgs = '' + --conf=${clnConfig} + ''; + + after = [ + "bitcoind-mainnet.service" + ]; + + serviceConfig = { + + User = "clightning"; + Group = "bitcoin"; + + Type = "simple"; + KillMode = "process"; + TimeoutSec = 60; + Restart = "always"; + RestartSec = 60; + }; + requisite = [ + "bitcoind-mainnet.service" + "network.target" + ]; + }; + }; +} diff --git a/src/system/modules/bitcoin/modules/electrum/default.nix b/src/system/modules/bitcoin/modules/electrum/default.nix index 9b210ce..a5b2bd0 100644 --- a/src/system/modules/bitcoin/modules/electrum/default.nix +++ b/src/system/modules/bitcoin/modules/electrum/default.nix @@ -68,7 +68,7 @@ in scriptArgs = "--conf=${electrsConfig}"; after = [ - "bitcoind-btc.service" + "bitcoind-mainnet.service" ]; serviceConfig = { @@ -83,7 +83,7 @@ in RestartSec = 60; }; requisite = [ - "bitcoind-btc.service" + "bitcoind-mainnet.service" "network.target" ]; }; diff --git a/src/system/modules/tor/default.nix b/src/system/modules/tor/default.nix new file mode 100644 index 0000000..3e984b9 --- /dev/null +++ b/src/system/modules/tor/default.nix @@ -0,0 +1,29 @@ +{ pkgs, lib, config, ... }: + +with lib; +let + cfg = config.modules.system.tor; + +in +{ + options.modules.system.tor = { + enable = mkEnableOption "Tor"; + }; + + config = mkIf cfg.enable { + services.tor = { + enable = true; + + client = { + enable = true; + # SOCKS proxy on 127.0.0.1:9050 + }; + + settings = { + ControlPort = 9051; + CookieAuthentication = true; + CookieAuthFileGroupReadable = true; + }; + }; + }; +} From cfbd0e03f990d1f1ef34694e58e7c58f773a4eb6 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 22:03:27 -0400 Subject: [PATCH 02/20] bitcoin init --- src/system/machines/server/system.nix | 1 + .../modules/bitcoin/config/bitcoin.conf | 8 +- .../bitcoin/modules/clightning/default.nix | 92 ------------------- .../modules/electrum/config/config.toml | 14 --- .../bitcoin/modules/electrum/default.nix | 91 ------------------ 5 files changed, 4 insertions(+), 202 deletions(-) delete mode 100644 src/system/modules/bitcoin/modules/clightning/default.nix delete mode 100644 src/system/modules/bitcoin/modules/electrum/config/config.toml delete mode 100644 src/system/modules/bitcoin/modules/electrum/default.nix diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 5dad7cf..155098a 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -9,6 +9,7 @@ forgejo.enable = true; frigate.enable = false; immich.enable = true; + bitcoin.enable = true; backup = { enable = true; diff --git a/src/system/modules/bitcoin/config/bitcoin.conf b/src/system/modules/bitcoin/config/bitcoin.conf index c2c002c..72ca181 100644 --- a/src/system/modules/bitcoin/config/bitcoin.conf +++ b/src/system/modules/bitcoin/config/bitcoin.conf @@ -1,14 +1,11 @@ server=1 -mempoolfullrbf=1 -v2transport=1 - rpcauth=btc:a5070cab96db882e8f63cb131ce3bbfa$20c7fd4653597b0c4ffc2c47b2d5d6751a6725ff644dd0d0ffcb9bebff96b913 - rpcbind=127.0.0.1 rpcallowip=127.0.0.1 dnsseed=0 +onlynet=onion bind=127.0.0.1 proxy=127.0.0.1:9050 @@ -16,4 +13,5 @@ proxy=127.0.0.1:9050 listen=1 listenonion=1 torcontrol=127.0.0.1:9051 -torenablecircuit=1 + +txindex=1 diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix deleted file mode 100644 index cc175e9..0000000 --- a/src/system/modules/bitcoin/modules/clightning/default.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ lib, pkgs, config, ... }: - -with lib; -let - cfg = config.modules.system.bitcoin.clightning; - btc = config.modules.system.bitcoin; - - clnConfig = pkgs.writeTextFile { - name = "lightning.conf"; - text = builtins.readFile ./config/lightning.conf; - }; - -in -{ options.modules.system.bitcoin.clightning = { enable = mkEnableOption "Core Lightning Server"; }; - imports = [ ./plugins ]; - config = mkIf (cfg.enable && btc.enable) { - #nixpkgs.overlays = [ - # (final: prev: { - # clightning = prev.electrs.overrideAttrs (old: rec { - # version = "24.08"; - # src = pkgs.fetchFromGitHub { - # owner = "ElementsProject"; - # repo = "lightning"; - # rev = "82f4ad68e34a2428c556e63fc2632d48a914968c"; - # hash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g"; - # }; - # cargoDeps = old.cargoDeps.overrideAttrs (lib.const { - # name = "lightning-vendor.tar.gz"; - # inherit src; - # outputHash = "sha256-MWU75e55Zt/P4aaIuMte7iRcrFGMw0P81b8VNHQBe2g="; - # }); - # }); - # }) - #]; - - environment.systemPackages = with pkgs; [ - clightning - ]; - - users = { - users = { - "clightning" = { - home = "/var/lib/clightning"; - description = "Core Lightning system user"; - isSystemUser = true; - group = "bitcoin"; - createHome = true; - }; - }; - groups = { - "bitcoin" = { - members = mkAfter [ - "clightning" - ]; - }; - }; - }; - - programs.bash.shellAliases = { - cln = "lightningd"; - }; - - systemd.services.lightningd = { - description = "Core Lightning Daemon"; - - script = "${pkgs.clightning}/bin/lightningd"; - scriptArgs = '' - --conf=${clnConfig} - ''; - - after = [ - "bitcoind-mainnet.service" - ]; - - serviceConfig = { - - User = "clightning"; - Group = "bitcoin"; - - Type = "simple"; - KillMode = "process"; - TimeoutSec = 60; - Restart = "always"; - RestartSec = 60; - }; - requisite = [ - "bitcoind-mainnet.service" - "network.target" - ]; - }; - }; -} diff --git a/src/system/modules/bitcoin/modules/electrum/config/config.toml b/src/system/modules/bitcoin/modules/electrum/config/config.toml deleted file mode 100644 index c030e25..0000000 --- a/src/system/modules/bitcoin/modules/electrum/config/config.toml +++ /dev/null @@ -1,14 +0,0 @@ -network = "bitcoin" - -electrum_rpc_addr = "127.0.0.1:50001" - -cookie-file = "/var/lib/bitcoind/.cookie" - -db_dir = "/var/lib/electrs" - -log_filters = "INFO" -timestamp = true - -daemon-rpc-addr = "127.0.0.1:8332" -daemon-p2p-addr = "127.0.0.1:8333" -daemon-dir = "/var/lib/bitcoind" diff --git a/src/system/modules/bitcoin/modules/electrum/default.nix b/src/system/modules/bitcoin/modules/electrum/default.nix deleted file mode 100644 index a5b2bd0..0000000 --- a/src/system/modules/bitcoin/modules/electrum/default.nix +++ /dev/null @@ -1,91 +0,0 @@ -{ lib, pkgs, config, ... }: - -with lib; -let - cfg = config.modules.system.bitcoin.electrum; - home = "/var/lib/electrs"; - - btc = config.modules.system.bitcoin; - - electrsConfig = pkgs.writeTextFile { - name = "config.toml"; - text = builtins.readFile ./config/config.toml; - }; - -in -{ options.modules.system.bitcoin.electrum = { enable = mkEnableOption "Electrs Server"; }; - config = mkIf (cfg.enable && btc.enable) { - #TODO: Fix the failing overlay due to `cargoHash/cargoSha256` - #nixpkgs.overlays = [ - # (final: prev: { - # electrs = prev.electrs.overrideAttrs (old: rec { - # pname = "electrs"; - # version = "0.10.8"; - # src = pkgs.fetchFromGitHub { - # owner = "romanz"; - # repo = pname; - # rev = "v${version}"; - # hash = "sha256-L26jzAn8vwnw9kFd6ciyYS/OLEFTbN8doNKy3P8qKRE="; - # }; - # #cargoDeps = old.cargoDeps.overrideAttrs (const { - # # name = "electrs-${version}.tar.gz"; - # # inherit src; - # # sha256 = ""; - # #}); - # cargoHash = "sha256-lBRcq73ri0HR3duo6Z8PdSjnC8okqmG5yWeHxH/LmcU="; - # }); - # }) - #]; - - environment.systemPackages = with pkgs; [ - electrs - ]; - - users = { - users = { - "electrs" = { - inherit home; - description = "Electrs system user"; - isSystemUser = true; - group = "bitcoin"; - createHome = true; - }; - }; - groups = { - "bitcoin" = { - members = mkAfter [ - "electrs" - ]; - }; - }; - }; - - - systemd.services.electrs = { - description = "Electrs Bitcoin Indexer"; - - script = "${pkgs.electrs}/bin/electrs"; - scriptArgs = "--conf=${electrsConfig}"; - - after = [ - "bitcoind-mainnet.service" - ]; - - serviceConfig = { - - User = "electrs"; - Group = "bitcoin"; - - Type = "simple"; - KillMode = "process"; - TimeoutSec = 60; - Restart = "always"; - RestartSec = 60; - }; - requisite = [ - "bitcoind-mainnet.service" - "network.target" - ]; - }; - }; -} From 9cda3e5290b65491b9a3a671b9d69cf62d7bac32 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 22:07:58 -0400 Subject: [PATCH 03/20] fix tor cookie --- src/system/modules/tor/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/src/system/modules/tor/default.nix b/src/system/modules/tor/default.nix index 3e984b9..37c2e95 100644 --- a/src/system/modules/tor/default.nix +++ b/src/system/modules/tor/default.nix @@ -23,6 +23,7 @@ in ControlPort = 9051; CookieAuthentication = true; CookieAuthFileGroupReadable = true; + DataDirectoryGroupReadable = true; }; }; }; From 3c33750722a49bdae226d355a9576953e0997fdd Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 22:19:41 -0400 Subject: [PATCH 04/20] electrs --- src/system/machines/server/system.nix | 5 +- .../modules/bitcoin/config/bitcoin.conf | 3 +- src/system/modules/bitcoin/default.nix | 5 ++ .../modules/electrum/config/config.toml | 14 +++ .../bitcoin/modules/electrum/default.nix | 89 +++++++++++++++++++ 5 files changed, 114 insertions(+), 2 deletions(-) create mode 100644 src/system/modules/bitcoin/modules/electrum/config/config.toml create mode 100644 src/system/modules/bitcoin/modules/electrum/default.nix diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 155098a..7d2652b 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -9,7 +9,10 @@ forgejo.enable = true; frigate.enable = false; immich.enable = true; - bitcoin.enable = true; + bitcoin = { + enable = true; + electrum.enable = true; + }; backup = { enable = true; diff --git a/src/system/modules/bitcoin/config/bitcoin.conf b/src/system/modules/bitcoin/config/bitcoin.conf index 72ca181..756bfc1 100644 --- a/src/system/modules/bitcoin/config/bitcoin.conf +++ b/src/system/modules/bitcoin/config/bitcoin.conf @@ -1,6 +1,7 @@ server=1 -rpcauth=btc:a5070cab96db882e8f63cb131ce3bbfa$20c7fd4653597b0c4ffc2c47b2d5d6751a6725ff644dd0d0ffcb9bebff96b913 +rpccookiefile=/var/lib/bitcoin/.cookie +rpccookieperms=group rpcbind=127.0.0.1 rpcallowip=127.0.0.1 diff --git a/src/system/modules/bitcoin/default.nix b/src/system/modules/bitcoin/default.nix index 020045c..060f07b 100644 --- a/src/system/modules/bitcoin/default.nix +++ b/src/system/modules/bitcoin/default.nix @@ -61,6 +61,11 @@ in }; }; + # Make data dir group-accessible so electrs/clightning can read cookie + systemd.tmpfiles.rules = [ + "d ${home} 0750 btc bitcoin -" + ]; + systemd.services.bitcoind-mainnet = { wants = [ "tor.service" ]; after = [ "tor.service" ]; diff --git a/src/system/modules/bitcoin/modules/electrum/config/config.toml b/src/system/modules/bitcoin/modules/electrum/config/config.toml new file mode 100644 index 0000000..00961c5 --- /dev/null +++ b/src/system/modules/bitcoin/modules/electrum/config/config.toml @@ -0,0 +1,14 @@ +network = "bitcoin" + +electrum_rpc_addr = "127.0.0.1:50001" + +cookie_file = "/var/lib/bitcoin/.cookie" + +db_dir = "/var/lib/electrs" + +log_filters = "INFO" +timestamp = true + +daemon_rpc_addr = "127.0.0.1:8332" +daemon_p2p_addr = "127.0.0.1:8333" +daemon_dir = "/var/lib/bitcoin" diff --git a/src/system/modules/bitcoin/modules/electrum/default.nix b/src/system/modules/bitcoin/modules/electrum/default.nix new file mode 100644 index 0000000..8f1220a --- /dev/null +++ b/src/system/modules/bitcoin/modules/electrum/default.nix @@ -0,0 +1,89 @@ +{ lib, pkgs, config, ... }: + +with lib; +let + cfg = config.modules.system.bitcoin.electrum; + home = "/var/lib/electrs"; + + btc = config.modules.system.bitcoin; + + electrsConfig = pkgs.writeTextFile { + name = "config.toml"; + text = builtins.readFile ./config/config.toml; + }; + +in +{ options.modules.system.bitcoin.electrum = { enable = mkEnableOption "Electrs Server"; }; + config = mkIf (cfg.enable && btc.enable) { + #TODO: Fix the failing overlay due to `cargoHash/cargoSha256` + #nixpkgs.overlays = [ + # (final: prev: { + # electrs = prev.electrs.overrideAttrs (old: rec { + # pname = "electrs"; + # version = "0.10.8"; + # src = pkgs.fetchFromGitHub { + # owner = "romanz"; + # repo = pname; + # rev = "v${version}"; + # hash = "sha256-L26jzAn8vwnw9kFd6ciyYS/OLEFTbN8doNKy3P8qKRE="; + # }; + # #cargoDeps = old.cargoDeps.overrideAttrs (const { + # # name = "electrs-${version}.tar.gz"; + # # inherit src; + # # sha256 = ""; + # #}); + # cargoHash = "sha256-lBRcq73ri0HR3duo6Z8PdSjnC8okqmG5yWeHxH/LmcU="; + # }); + # }) + #]; + + environment.systemPackages = with pkgs; [ + electrs + ]; + + users = { + users = { + "electrs" = { + inherit home; + description = "Electrs system user"; + isSystemUser = true; + group = "bitcoin"; + createHome = true; + }; + }; + groups = { + "bitcoin" = { + members = mkAfter [ + "electrs" + ]; + }; + }; + }; + + + systemd.services.electrs = { + description = "Electrs Bitcoin Indexer"; + wantedBy = [ "multi-user.target" ]; + + script = "${pkgs.electrs}/bin/electrs"; + scriptArgs = "--conf=${electrsConfig}"; + + wants = [ "bitcoind-mainnet.service" ]; + after = [ + "bitcoind-mainnet.service" + "network.target" + ]; + + serviceConfig = { + User = "electrs"; + Group = "bitcoin"; + + Type = "simple"; + KillMode = "process"; + TimeoutSec = 60; + Restart = "always"; + RestartSec = 60; + }; + }; + }; +} From a11e72949cf345605deb419bdd2780f0c5bc7d32 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 22:22:14 -0400 Subject: [PATCH 05/20] fixed electrs --- src/system/modules/bitcoin/modules/electrum/default.nix | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/system/modules/bitcoin/modules/electrum/default.nix b/src/system/modules/bitcoin/modules/electrum/default.nix index 8f1220a..a917aba 100644 --- a/src/system/modules/bitcoin/modules/electrum/default.nix +++ b/src/system/modules/bitcoin/modules/electrum/default.nix @@ -65,9 +65,6 @@ in description = "Electrs Bitcoin Indexer"; wantedBy = [ "multi-user.target" ]; - script = "${pkgs.electrs}/bin/electrs"; - scriptArgs = "--conf=${electrsConfig}"; - wants = [ "bitcoind-mainnet.service" ]; after = [ "bitcoind-mainnet.service" @@ -75,6 +72,7 @@ in ]; serviceConfig = { + ExecStart = "${pkgs.electrs}/bin/electrs --conf=${electrsConfig}"; User = "electrs"; Group = "bitcoin"; @@ -85,5 +83,10 @@ in RestartSec = 60; }; }; + + # Ensure db directory exists with correct permissions + systemd.tmpfiles.rules = [ + "d ${home} 0750 electrs bitcoin -" + ]; }; } From eaf84e155b848627527821c187b3970422b4dd9f Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 22:25:08 -0400 Subject: [PATCH 06/20] fixed? --- src/system/modules/bitcoin/modules/electrum/config/config.toml | 1 - src/system/modules/bitcoin/modules/electrum/default.nix | 1 + 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/src/system/modules/bitcoin/modules/electrum/config/config.toml b/src/system/modules/bitcoin/modules/electrum/config/config.toml index 00961c5..9f05fe2 100644 --- a/src/system/modules/bitcoin/modules/electrum/config/config.toml +++ b/src/system/modules/bitcoin/modules/electrum/config/config.toml @@ -7,7 +7,6 @@ cookie_file = "/var/lib/bitcoin/.cookie" db_dir = "/var/lib/electrs" log_filters = "INFO" -timestamp = true daemon_rpc_addr = "127.0.0.1:8332" daemon_p2p_addr = "127.0.0.1:8333" diff --git a/src/system/modules/bitcoin/modules/electrum/default.nix b/src/system/modules/bitcoin/modules/electrum/default.nix index a917aba..65d1679 100644 --- a/src/system/modules/bitcoin/modules/electrum/default.nix +++ b/src/system/modules/bitcoin/modules/electrum/default.nix @@ -75,6 +75,7 @@ in ExecStart = "${pkgs.electrs}/bin/electrs --conf=${electrsConfig}"; User = "electrs"; Group = "bitcoin"; + WorkingDirectory = home; Type = "simple"; KillMode = "process"; From 522edac846c6ae53729d2a023d1d056278cf7033 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 22:39:00 -0400 Subject: [PATCH 07/20] sni-filter --- .../bitcoin/modules/electrum/default.nix | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/src/system/modules/bitcoin/modules/electrum/default.nix b/src/system/modules/bitcoin/modules/electrum/default.nix index 65d1679..3bc8c8b 100644 --- a/src/system/modules/bitcoin/modules/electrum/default.nix +++ b/src/system/modules/bitcoin/modules/electrum/default.nix @@ -3,9 +3,11 @@ with lib; let cfg = config.modules.system.bitcoin.electrum; + nginx = config.modules.system.nginx; home = "/var/lib/electrs"; btc = config.modules.system.bitcoin; + domain = "ramos.codes"; electrsConfig = pkgs.writeTextFile { name = "config.toml"; @@ -89,5 +91,24 @@ in systemd.tmpfiles.rules = [ "d ${home} 0750 electrs bitcoin -" ]; + + # Nginx SSL proxy for Electrum protocol (TCP) + networking.firewall.allowedTCPPorts = mkIf nginx.enable [ 50002 ]; + + services.nginx.streamConfig = mkIf nginx.enable '' + map $ssl_preread_server_name $electrs_backend { + electrum.${domain} 127.0.0.1:50001; + default ""; + } + + server { + listen 50002 ssl; + ssl_preread on; + proxy_pass $electrs_backend; + + ssl_certificate /var/lib/acme/${domain}/fullchain.pem; + ssl_certificate_key /var/lib/acme/${domain}/key.pem; + } + ''; }; } From 6789937b8009a49ca1bc6b77ef22298078d36f50 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 22:44:20 -0400 Subject: [PATCH 08/20] again --- src/system/modules/bitcoin/modules/electrum/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/system/modules/bitcoin/modules/electrum/default.nix b/src/system/modules/bitcoin/modules/electrum/default.nix index 3bc8c8b..eebcd11 100644 --- a/src/system/modules/bitcoin/modules/electrum/default.nix +++ b/src/system/modules/bitcoin/modules/electrum/default.nix @@ -96,14 +96,13 @@ in networking.firewall.allowedTCPPorts = mkIf nginx.enable [ 50002 ]; services.nginx.streamConfig = mkIf nginx.enable '' - map $ssl_preread_server_name $electrs_backend { + map $ssl_server_name $electrs_backend { electrum.${domain} 127.0.0.1:50001; default ""; } server { listen 50002 ssl; - ssl_preread on; proxy_pass $electrs_backend; ssl_certificate /var/lib/acme/${domain}/fullchain.pem; From ba8f95ce7d6a804b42a95e6a7c2f877c2eeb6fca Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 23:02:24 -0400 Subject: [PATCH 09/20] lightning --- .../modules/clightning/config/lightning.conf | 35 +++++++ .../bitcoin/modules/clightning/default.nix | 94 +++++++++++++++++++ 2 files changed, 129 insertions(+) create mode 100644 src/system/modules/bitcoin/modules/clightning/config/lightning.conf create mode 100644 src/system/modules/bitcoin/modules/clightning/default.nix diff --git a/src/system/modules/bitcoin/modules/clightning/config/lightning.conf b/src/system/modules/bitcoin/modules/clightning/config/lightning.conf new file mode 100644 index 0000000..35784ee --- /dev/null +++ b/src/system/modules/bitcoin/modules/clightning/config/lightning.conf @@ -0,0 +1,35 @@ +alias=OrdSux + +network=bitcoin +bitcoin-datadir=/var/lib/bitcoin +bitcoin-rpcconnect=127.0.0.1 +bitcoin-rpcport=8332 + +lightning-dir=/var/lib/clightning +plugin-dir=/var/lib/clightning/plugins + +log-file=/var/lib/clightning/lightningd.log +log-level=info + +# Bind RPC locally only +bind-addr=127.0.0.1:9736 + +# Auto-create Tor hidden service for peer connections +addr=autotor:127.0.0.1:9051 + +# Route outbound through Tor +proxy=127.0.0.1:9050 +always-use-proxy=true + +large-channels +fee-base=1000 +fee-per-satoshi=10 +min-capacity-sat=10000 +htlc-minimum-msat=0 +funding-confirms=3 +max-concurrent-htlcs=30 + +# CLNRest - REST API for wallets (Zeus, RTL, etc.) +clnrest-port=3010 +clnrest-host=127.0.0.1 +clnrest-protocol=https diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix new file mode 100644 index 0000000..2a1d797 --- /dev/null +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -0,0 +1,94 @@ +{ lib, pkgs, config, ... }: + +with lib; +let + cfg = config.modules.system.bitcoin.clightning; + btc = config.modules.system.bitcoin; + nginx = config.modules.system.nginx; + home = "/var/lib/clightning"; + domain = "ramos.codes"; + + clnConfig = pkgs.writeTextFile { + name = "lightning.conf"; + text = builtins.readFile ./config/lightning.conf; + }; + +in +{ options.modules.system.bitcoin.clightning = { enable = mkEnableOption "Core Lightning Server"; }; + config = mkIf (cfg.enable && btc.enable) { + environment.systemPackages = with pkgs; [ + clightning + ]; + + users = { + users = { + "clightning" = { + inherit home; + description = "Core Lightning system user"; + isSystemUser = true; + group = "bitcoin"; + extraGroups = [ "tor" ]; + createHome = true; + }; + }; + groups = { + "bitcoin" = { + members = mkAfter [ + "clightning" + ]; + }; + }; + }; + + programs.bash.shellAliases = { + cln = "lightning-cli"; + }; + + systemd.services.lightningd = { + description = "Core Lightning Daemon"; + wantedBy = [ "multi-user.target" ]; + + wants = [ "bitcoind-mainnet.service" "tor.service" ]; + after = [ + "bitcoind-mainnet.service" + "tor.service" + "network.target" + ]; + + serviceConfig = { + ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}"; + User = "clightning"; + Group = "bitcoin"; + WorkingDirectory = home; + + Type = "simple"; + KillMode = "process"; + TimeoutSec = 60; + Restart = "always"; + RestartSec = 60; + }; + }; + + # Ensure data directory exists with correct permissions + systemd.tmpfiles.rules = [ + "d ${home} 0750 clightning bitcoin -" + "d ${home}/plugins 0750 clightning bitcoin -" + ]; + + modules.system.backup.paths = [ + "${home}/bitcoin/hsm_secret" + ]; + + # Nginx reverse proxy for CLNRest API (Zeus, RTL, etc.) + services.nginx.virtualHosts."ln.${domain}" = mkIf nginx.enable { + useACMEHost = domain; + forceSSL = true; + locations."/" = { + proxyPass = "https://127.0.0.1:3010"; + extraConfig = '' + proxy_ssl_verify off; + ''; + }; + }; + }; +} From 11b42b84c7cf5956ef2bdc20e461ea3854f23134 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 23:04:58 -0400 Subject: [PATCH 10/20] enable --- src/system/machines/server/system.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/src/system/machines/server/system.nix b/src/system/machines/server/system.nix index 7d2652b..20feaed 100644 --- a/src/system/machines/server/system.nix +++ b/src/system/machines/server/system.nix @@ -12,6 +12,7 @@ bitcoin = { enable = true; electrum.enable = true; + clightning.enable = true; }; backup = { From 8eecf9912fd41a7d2a97d892e5bef7efb0c5c0c9 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 23:16:27 -0400 Subject: [PATCH 11/20] removed CLNRest --- .../modules/clightning/config/lightning.conf | 5 ---- .../bitcoin/modules/clightning/default.nix | 23 ++++++++++--------- 2 files changed, 12 insertions(+), 16 deletions(-) diff --git a/src/system/modules/bitcoin/modules/clightning/config/lightning.conf b/src/system/modules/bitcoin/modules/clightning/config/lightning.conf index 35784ee..b1e0280 100644 --- a/src/system/modules/bitcoin/modules/clightning/config/lightning.conf +++ b/src/system/modules/bitcoin/modules/clightning/config/lightning.conf @@ -28,8 +28,3 @@ min-capacity-sat=10000 htlc-minimum-msat=0 funding-confirms=3 max-concurrent-htlcs=30 - -# CLNRest - REST API for wallets (Zeus, RTL, etc.) -clnrest-port=3010 -clnrest-host=127.0.0.1 -clnrest-protocol=https diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix index 2a1d797..bd6c931 100644 --- a/src/system/modules/bitcoin/modules/clightning/default.nix +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -79,16 +79,17 @@ in "${home}/bitcoin/hsm_secret" ]; - # Nginx reverse proxy for CLNRest API (Zeus, RTL, etc.) - services.nginx.virtualHosts."ln.${domain}" = mkIf nginx.enable { - useACMEHost = domain; - forceSSL = true; - locations."/" = { - proxyPass = "https://127.0.0.1:3010"; - extraConfig = '' - proxy_ssl_verify off; - ''; - }; - }; + # TODO: CLNRest not included in nixpkgs clightning build + # Need to package it separately or use an overlay + # services.nginx.virtualHosts."ln.${domain}" = mkIf nginx.enable { + # useACMEHost = domain; + # forceSSL = true; + # locations."/" = { + # proxyPass = "https://127.0.0.1:3010"; + # extraConfig = '' + # proxy_ssl_verify off; + # ''; + # }; + # }; }; } From 824eb05f6bf8ac99d82a9698847bf3811a6c96b6 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 23:22:15 -0400 Subject: [PATCH 12/20] test --- src/system/modules/bitcoin/modules/clightning/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix index bd6c931..55d1bc3 100644 --- a/src/system/modules/bitcoin/modules/clightning/default.nix +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -10,7 +10,10 @@ let clnConfig = pkgs.writeTextFile { name = "lightning.conf"; - text = builtins.readFile ./config/lightning.conf; + text = '' + ${builtins.readFile ./config/lightning.conf} + bitcoin-cli=${pkgs.bitcoind}/bin/bitcoin-cli + ''; }; in From 764fa71c44e130150f61e6618b32851fa4dca6e0 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 23:28:14 -0400 Subject: [PATCH 13/20] tmpfiles --- src/system/modules/bitcoin/default.nix | 1 + src/system/modules/bitcoin/modules/clightning/default.nix | 1 + src/system/modules/bitcoin/modules/electrum/default.nix | 1 + 3 files changed, 3 insertions(+) diff --git a/src/system/modules/bitcoin/default.nix b/src/system/modules/bitcoin/default.nix index 060f07b..34f02c6 100644 --- a/src/system/modules/bitcoin/default.nix +++ b/src/system/modules/bitcoin/default.nix @@ -69,6 +69,7 @@ in systemd.services.bitcoind-mainnet = { wants = [ "tor.service" ]; after = [ "tor.service" ]; + serviceConfig.ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/tor"; }; modules.system.backup.paths = [ diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix index 55d1bc3..b5d57a5 100644 --- a/src/system/modules/bitcoin/modules/clightning/default.nix +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -59,6 +59,7 @@ in ]; serviceConfig = { + ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/bitcoin /var/lib/tor"; ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}"; User = "clightning"; Group = "bitcoin"; diff --git a/src/system/modules/bitcoin/modules/electrum/default.nix b/src/system/modules/bitcoin/modules/electrum/default.nix index eebcd11..6673f4f 100644 --- a/src/system/modules/bitcoin/modules/electrum/default.nix +++ b/src/system/modules/bitcoin/modules/electrum/default.nix @@ -74,6 +74,7 @@ in ]; serviceConfig = { + ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/bitcoin"; ExecStart = "${pkgs.electrs}/bin/electrs --conf=${electrsConfig}"; User = "electrs"; Group = "bitcoin"; From 2423780bc27fc1afae74dac6829b91d633c3475b Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 23:37:20 -0400 Subject: [PATCH 14/20] fixed --- src/system/modules/bitcoin/default.nix | 3 ++- src/system/modules/bitcoin/modules/clightning/default.nix | 7 ++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/system/modules/bitcoin/default.nix b/src/system/modules/bitcoin/default.nix index 34f02c6..e7e12a0 100644 --- a/src/system/modules/bitcoin/default.nix +++ b/src/system/modules/bitcoin/default.nix @@ -41,13 +41,14 @@ in "bitcoin" = { members = [ "btc" + config.user.name ]; }; }; }; programs.bash.shellAliases = { - btc = "bitcoind"; + btc = "bitcoin-cli"; }; services.bitcoind = { diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix index b5d57a5..5d8d670 100644 --- a/src/system/modules/bitcoin/modules/clightning/default.nix +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -47,6 +47,11 @@ in cln = "lightning-cli"; }; + # Symlink for CLI access - allows `lightning-cli` without --lightning-dir + systemd.tmpfiles.rules = mkAfter [ + "L+ /home/${config.user.name}/.lightning - - - - ${home}" + ]; + systemd.services.lightningd = { description = "Core Lightning Daemon"; wantedBy = [ "multi-user.target" ]; @@ -59,7 +64,7 @@ in ]; serviceConfig = { - ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/bitcoin /var/lib/tor"; + ExecStartPre = "+${pkgs.coreutils}/bin/chmod 750 /var/lib/bitcoin /var/lib/tor ${home} ${home}/bitcoin"; ExecStart = "${pkgs.clightning}/bin/lightningd --conf=${clnConfig}"; User = "clightning"; Group = "bitcoin"; From b82904343824fa8afa0e918517c4021d416986f6 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 23:38:48 -0400 Subject: [PATCH 15/20] fix shit --- src/system/modules/bitcoin/modules/clightning/default.nix | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix index 5d8d670..da14299 100644 --- a/src/system/modules/bitcoin/modules/clightning/default.nix +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -47,11 +47,6 @@ in cln = "lightning-cli"; }; - # Symlink for CLI access - allows `lightning-cli` without --lightning-dir - systemd.tmpfiles.rules = mkAfter [ - "L+ /home/${config.user.name}/.lightning - - - - ${home}" - ]; - systemd.services.lightningd = { description = "Core Lightning Daemon"; wantedBy = [ "multi-user.target" ]; @@ -82,6 +77,8 @@ in systemd.tmpfiles.rules = [ "d ${home} 0750 clightning bitcoin -" "d ${home}/plugins 0750 clightning bitcoin -" + ] ++ mkAfter [ + "L+ /home/${config.user.name}/.lightning - - - - ${home}" ]; modules.system.backup.paths = [ From a799d82f66762765a20c947db140168c4b3cdc03 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 23:41:04 -0400 Subject: [PATCH 16/20] cat --- src/system/modules/bitcoin/modules/clightning/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix index da14299..1968e71 100644 --- a/src/system/modules/bitcoin/modules/clightning/default.nix +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -74,10 +74,9 @@ in }; # Ensure data directory exists with correct permissions - systemd.tmpfiles.rules = [ + systemd.tmpfiles.rules = mkAfter [ "d ${home} 0750 clightning bitcoin -" "d ${home}/plugins 0750 clightning bitcoin -" - ] ++ mkAfter [ "L+ /home/${config.user.name}/.lightning - - - - ${home}" ]; From e74ae46d569ff63a867afa335b6dd105d91c734e Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Thu, 12 Mar 2026 23:47:13 -0400 Subject: [PATCH 17/20] fix cln --- .../modules/bitcoin/modules/clightning/config/lightning.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/src/system/modules/bitcoin/modules/clightning/config/lightning.conf b/src/system/modules/bitcoin/modules/clightning/config/lightning.conf index b1e0280..def24ec 100644 --- a/src/system/modules/bitcoin/modules/clightning/config/lightning.conf +++ b/src/system/modules/bitcoin/modules/clightning/config/lightning.conf @@ -10,6 +10,7 @@ plugin-dir=/var/lib/clightning/plugins log-file=/var/lib/clightning/lightningd.log log-level=info +rpc-file-mode=0660 # Bind RPC locally only bind-addr=127.0.0.1:9736 From bd9e418e52fe50d1eefb5b5088289d1894b3f6ad Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 13 Mar 2026 00:10:30 -0400 Subject: [PATCH 18/20] clnrest pkg --- .../bitcoin/modules/clightning/default.nix | 60 +++++++++++++++---- 1 file changed, 48 insertions(+), 12 deletions(-) diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix index 1968e71..92f426f 100644 --- a/src/system/modules/bitcoin/modules/clightning/default.nix +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -8,11 +8,48 @@ let home = "/var/lib/clightning"; domain = "ramos.codes"; + clnrest = pkgs.rustPlatform.buildRustPackage rec { + pname = "clnrest"; + version = "25.02.2"; + + src = pkgs.fetchFromGitHub { + owner = "ElementsProject"; + repo = "lightning"; + rev = "v${version}"; + hash = "sha256-SiPYB463l9279+zawsxmql1Ui/dTdah5KgJgmrWsR2A="; + }; + + cargoLock.lockFile = "${src}/Cargo.lock"; + + cargoBuildFlags = [ "-p" "clnrest" ]; + cargoTestFlags = [ "-p" "clnrest" ]; + + nativeBuildInputs = with pkgs; [ pkg-config protobuf ]; + buildInputs = [ pkgs.openssl ]; + + postInstall = '' + mkdir -p $out/libexec/c-lightning/plugins + mv $out/bin/clnrest $out/libexec/c-lightning/plugins/ + rmdir $out/bin + ''; + + meta = with lib; { + description = "REST API plugin for Core Lightning"; + homepage = "https://github.com/ElementsProject/lightning/tree/master/plugins/rest-plugin"; + license = licenses.mit; + }; + }; + clnConfig = pkgs.writeTextFile { name = "lightning.conf"; text = '' ${builtins.readFile ./config/lightning.conf} bitcoin-cli=${pkgs.bitcoind}/bin/bitcoin-cli + + # CLNRest configuration + clnrest-port=3010 + clnrest-host=127.0.0.1 + clnrest-protocol=https ''; }; @@ -78,23 +115,22 @@ in "d ${home} 0750 clightning bitcoin -" "d ${home}/plugins 0750 clightning bitcoin -" "L+ /home/${config.user.name}/.lightning - - - - ${home}" + "L+ ${home}/plugins/clnrest - - - - ${clnrest}/libexec/c-lightning/plugins/clnrest" ]; modules.system.backup.paths = [ "${home}/bitcoin/hsm_secret" ]; - # TODO: CLNRest not included in nixpkgs clightning build - # Need to package it separately or use an overlay - # services.nginx.virtualHosts."ln.${domain}" = mkIf nginx.enable { - # useACMEHost = domain; - # forceSSL = true; - # locations."/" = { - # proxyPass = "https://127.0.0.1:3010"; - # extraConfig = '' - # proxy_ssl_verify off; - # ''; - # }; - # }; + services.nginx.virtualHosts."ln.${domain}" = mkIf nginx.enable { + useACMEHost = domain; + forceSSL = true; + locations."/" = { + proxyPass = "https://127.0.0.1:3010"; + extraConfig = '' + proxy_ssl_verify off; + ''; + }; + }; }; } From cfbfa3a8b079f2dd1b3d10719a13600dc09c0f80 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 13 Mar 2026 00:40:46 -0400 Subject: [PATCH 19/20] clnrest ready --- .../bitcoin/modules/clightning/default.nix | 32 +---------- .../modules/clightning/plugins/clnrest.nix | 54 +++++++++++++++++++ 2 files changed, 55 insertions(+), 31 deletions(-) create mode 100644 src/system/modules/bitcoin/modules/clightning/plugins/clnrest.nix diff --git a/src/system/modules/bitcoin/modules/clightning/default.nix b/src/system/modules/bitcoin/modules/clightning/default.nix index 92f426f..f052e52 100644 --- a/src/system/modules/bitcoin/modules/clightning/default.nix +++ b/src/system/modules/bitcoin/modules/clightning/default.nix @@ -8,37 +8,7 @@ let home = "/var/lib/clightning"; domain = "ramos.codes"; - clnrest = pkgs.rustPlatform.buildRustPackage rec { - pname = "clnrest"; - version = "25.02.2"; - - src = pkgs.fetchFromGitHub { - owner = "ElementsProject"; - repo = "lightning"; - rev = "v${version}"; - hash = "sha256-SiPYB463l9279+zawsxmql1Ui/dTdah5KgJgmrWsR2A="; - }; - - cargoLock.lockFile = "${src}/Cargo.lock"; - - cargoBuildFlags = [ "-p" "clnrest" ]; - cargoTestFlags = [ "-p" "clnrest" ]; - - nativeBuildInputs = with pkgs; [ pkg-config protobuf ]; - buildInputs = [ pkgs.openssl ]; - - postInstall = '' - mkdir -p $out/libexec/c-lightning/plugins - mv $out/bin/clnrest $out/libexec/c-lightning/plugins/ - rmdir $out/bin - ''; - - meta = with lib; { - description = "REST API plugin for Core Lightning"; - homepage = "https://github.com/ElementsProject/lightning/tree/master/plugins/rest-plugin"; - license = licenses.mit; - }; - }; + clnrest = pkgs.callPackage ./plugins/clnrest.nix { }; clnConfig = pkgs.writeTextFile { name = "lightning.conf"; diff --git a/src/system/modules/bitcoin/modules/clightning/plugins/clnrest.nix b/src/system/modules/bitcoin/modules/clightning/plugins/clnrest.nix new file mode 100644 index 0000000..b4124cf --- /dev/null +++ b/src/system/modules/bitcoin/modules/clightning/plugins/clnrest.nix @@ -0,0 +1,54 @@ +{ + lib, + rustPlatform, + fetchFromGitHub, + pkg-config, + openssl, + protobuf, +}: + +rustPlatform.buildRustPackage rec { + pname = "clnrest"; + version = "25.02.2"; + + src = fetchFromGitHub { + owner = "ElementsProject"; + repo = "lightning"; + rev = "v${version}"; + hash = "sha256-SiPYB463l9279+zawsxmql1Ui/dTdah5KgJgmrWsR2A="; + }; + + cargoLock = { + lockFile = "${src}/Cargo.lock"; + }; + + cargoBuildFlags = [ + "-p" + "clnrest" + ]; + cargoTestFlags = [ + "-p" + "clnrest" + ]; + + nativeBuildInputs = [ + pkg-config + protobuf + ]; + + buildInputs = [ openssl ]; + + postInstall = '' + mkdir -p $out/libexec/c-lightning/plugins + mv $out/bin/clnrest $out/libexec/c-lightning/plugins/ + rmdir $out/bin + ''; + + meta = { + description = "Transforms RPC calls into REST APIs"; + homepage = "https://docs.corelightning.org/docs/rest"; + license = lib.licenses.mit; + platforms = lib.platforms.linux; + mainProgram = "clnrest"; + }; +} From 5be4bfc72165dcb403d62e6510943a3c1eb36e04 Mon Sep 17 00:00:00 2001 From: Bryan Ramos Date: Fri, 13 Mar 2026 00:43:03 -0400 Subject: [PATCH 20/20] fix module walker --- src/system/modules/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/system/modules/default.nix b/src/system/modules/default.nix index 13da930..c8ecd1a 100644 --- a/src/system/modules/default.nix +++ b/src/system/modules/default.nix @@ -4,10 +4,11 @@ let entries = builtins.readDir dir; names = builtins.attrNames entries; - isModuleDir = path: + isModuleDir = path: builtins.pathExists path && builtins.readFileType path == "directory" && - builtins.baseNameOf path != "config"; + builtins.baseNameOf path != "config" && + builtins.baseNameOf path != "plugins"; isModule = file: file == "default.nix"; isNix = file: builtins.match ".*\\.nix" file != null && file != "default.nix";