diff --git a/hosts/common/optional/nix-bitcoin.nix b/hosts/common/optional/nix-bitcoin.nix index 3ad0a23..045368b 100644 --- a/hosts/common/optional/nix-bitcoin.nix +++ b/hosts/common/optional/nix-bitcoin.nix @@ -20,16 +20,15 @@ in { networking.nat.enable = true; networking.nat.internalInterfaces = ["ve-+"]; - networking.nat.externalInterface = "eth0"; - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [80 443 22]; - networking.firewall.trustedInterfaces = ["ve-+" "ve-bitcoin-node"]; + networking.nat.externalInterface = "br0"; + # networking.firewall.enable = true; + # networking.firewall.allowedTCPPorts = [80 443 22]; + # networking.firewall.trustedInterfaces = ["ve-btcnode"]; containers.bitcoin-node = { autoStart = true; privateNetwork = true; - hostAddress = "10.0.21.1"; - localAddress = "10.0.21.2"; + hostBridge = "br0"; nixpkgs = pkgs.path; bindMounts = { "/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-privileged" = { @@ -48,19 +47,31 @@ in { hostPath = "${bitcoin-HMAC-public}"; isReadOnly = false; }; - "/var/lib/nix-bitcoin" = { - hostPath = "/media/main-ssd/nix-bitcoin"; + "/var/lib/bitcoind" = { + hostPath = "/media/main-ssd/nix-bitcoin/bitcoind"; + isReadOnly = false; + }; + "/var/lib/electrs" = { + hostPath = "/media/main-ssd/nix-bitcoin/electrs"; + isReadOnly = false; + }; + "/var/lib/mysql" = { + hostPath = "/media/main-ssd/nix-bitcoin/mysql"; + isReadOnly = false; + }; + "/var/lib/tor" = { + hostPath = "/media/main-ssd/nix-bitcoin/tor"; isReadOnly = false; }; }; - forwardPorts = [ - { - containerPort = 80; - hostPort = 8080; - protocol = "tcp"; - } - ]; + # forwardPorts = [ + # { + # containerPort = 50001; + # hostPort = 50001; + # protocol = "tcp"; + # } + # ]; config = { pkgs, @@ -76,6 +87,8 @@ in { jq ]; networking = { + defaultGateway = "10.0.10.1"; + interfaces.eth0.ipv4.addresses = [ { "address" = "10.0.10.4"; "prefixLength" = 24; } ]; firewall = { enable = true; allowedTCPPorts = [ @@ -84,6 +97,7 @@ in { 22 config.containers.bitcoin-node.config.services.bitcoind.rpc.port config.containers.bitcoin-node.config.services.mempool.frontend.port + config.containers.bitcoin-node.config.services.electrs.port ]; }; useHostResolvConf = lib.mkForce false; @@ -112,7 +126,7 @@ in { tor.proxy = true; tor.enforce = true; enable = true; - dataDir = "/var/lib/nix-bitcoin/bitcoind"; + dataDir = "/var/lib/bitcoind"; dbCache = 5000; txindex = true; rpc = { @@ -134,7 +148,8 @@ in { electrs = { tor.enforce = true; enable = true; - dataDir = "/var/lib/nix-bitcoin/electrs"; + dataDir = "/var/lib/electrs"; + address = "0.0.0.0"; }; mempool = { enable = true; diff --git a/hosts/semita/default.nix b/hosts/semita/default.nix index 741fb40..2565bc2 100644 --- a/hosts/semita/default.nix +++ b/hosts/semita/default.nix @@ -47,6 +47,7 @@ in { ../common/optional/nfs-mounts/homeshare.nix ../common/optional/printing.nix ../common/optional/docker + ../common/optional/docker/postgres.nix ../common/optional/nix-bitcoin.nix ]; @@ -86,20 +87,35 @@ in { networking = { hostName = "semita"; - nameservers = ["10.0.10.60" "8.8.8.8"]; - interfaces.eth0 = { - useDHCP = false; + nameservers = ["10.0.10.60" "10.0.10.1" "8.8.8.8"]; + defaultGateway = "10.0.10.1"; + useDHCP = false; + bridges = { + br0 = { + interfaces = ["eth0"]; + }; + }; + interfaces.br0 = { ipv4.addresses = [ { - address = "10.0.10.3"; - prefixLength = 24; + "address" = "10.0.10.3"; + "prefixLength" = 24; } ]; }; - defaultGateway = { - address = "10.0.10.1"; - interface = "eth0"; - }; + # interfaces.br0 = { + # useDHCP = false; + # ipv4.addresses = [ + # { + # address = "10.0.10.3"; + # prefixLength = 24; + # } + # ]; + # }; + # defaultGateway = { + # address = "10.0.10.1"; + # interface = "eth0"; + # }; }; services.libinput.enable = true;