sam
/
nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update nix-bitcoin and use network bridge for semita

This commit is contained in:
Sam 2024-10-05 16:42:16 +01:00
parent 25dfe2cf37
commit 2533603b65
2 changed files with 57 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
hosts/common/optional/nix-bitcoin.nix
View File

@ -20,16 +20,15 @@ in {
networking.nat.enable = true;
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "eth0";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [80 443 22];
networking.firewall.trustedInterfaces = ["ve-+" "ve-bitcoin-node"];
networking.nat.externalInterface = "br0";
# networking.firewall.enable = true;
# networking.firewall.allowedTCPPorts = [80 443 22];
# networking.firewall.trustedInterfaces = ["ve-btcnode"];
containers.bitcoin-node = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.0.21.1";
localAddress = "10.0.21.2";
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-privileged" = {
@ -48,19 +47,31 @@ in {
hostPath = "${bitcoin-HMAC-public}";
isReadOnly = false;
};
"/var/lib/nix-bitcoin" = {
hostPath = "/media/main-ssd/nix-bitcoin";
"/var/lib/bitcoind" = {
hostPath = "/media/main-ssd/nix-bitcoin/bitcoind";
isReadOnly = false;
};
"/var/lib/electrs" = {
hostPath = "/media/main-ssd/nix-bitcoin/electrs";
isReadOnly = false;
};
"/var/lib/mysql" = {
hostPath = "/media/main-ssd/nix-bitcoin/mysql";
isReadOnly = false;
};
"/var/lib/tor" = {
hostPath = "/media/main-ssd/nix-bitcoin/tor";
isReadOnly = false;
};
};
forwardPorts = [
{
containerPort = 80;
hostPort = 8080;
protocol = "tcp";
}
];
# forwardPorts = [
# {
# containerPort = 50001;
# hostPort = 50001;
# protocol = "tcp";
# }
# ];
config = {
pkgs,
@ -76,6 +87,8 @@ in {
jq
];
networking = {
defaultGateway = "10.0.10.1";
interfaces.eth0.ipv4.addresses = [ { "address" = "10.0.10.4"; "prefixLength" = 24; } ];
firewall = {
enable = true;
allowedTCPPorts = [
@ -84,6 +97,7 @@ in {
22
config.containers.bitcoin-node.config.services.bitcoind.rpc.port
config.containers.bitcoin-node.config.services.mempool.frontend.port
config.containers.bitcoin-node.config.services.electrs.port
];
};
useHostResolvConf = lib.mkForce false;
@ -112,7 +126,7 @@ in {
tor.proxy = true;
tor.enforce = true;
enable = true;
dataDir = "/var/lib/nix-bitcoin/bitcoind";
dataDir = "/var/lib/bitcoind";
dbCache = 5000;
txindex = true;
rpc = {
@ -134,7 +148,8 @@ in {
electrs = {
tor.enforce = true;
enable = true;
dataDir = "/var/lib/nix-bitcoin/electrs";
dataDir = "/var/lib/electrs";
address = "0.0.0.0";
};
mempool = {
enable = true;

34
hosts/semita/default.nix
View File

@ -47,6 +47,7 @@ in {
../common/optional/nfs-mounts/homeshare.nix
../common/optional/printing.nix
../common/optional/docker
../common/optional/docker/postgres.nix
../common/optional/nix-bitcoin.nix
];
@ -86,20 +87,35 @@ in {
networking = {
hostName = "semita";
nameservers = ["10.0.10.60" "8.8.8.8"];
interfaces.eth0 = {
useDHCP = false;
nameservers = ["10.0.10.60" "10.0.10.1" "8.8.8.8"];
defaultGateway = "10.0.10.1";
useDHCP = false;
bridges = {
br0 = {
interfaces = ["eth0"];
};
};
interfaces.br0 = {
ipv4.addresses = [
{
address = "10.0.10.3";
prefixLength = 24;
"address" = "10.0.10.3";
"prefixLength" = 24;
}
];
};
defaultGateway = {
address = "10.0.10.1";
interface = "eth0";
};
# interfaces.br0 = {
# useDHCP = false;
# ipv4.addresses = [
# {
# address = "10.0.10.3";
# prefixLength = 24;
# }
# ];
# };
# defaultGateway = {
# address = "10.0.10.1";
# interface = "eth0";
# };
};
services.libinput.enable = true;