sam
/
nixos
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update nix-bitcoin container configuration and Semita host settings 

- Remove redundant bitcoin secret variables and bind mounts in nix-bitcoin.nix
- Consolidate var/lib bind mounts into a single mount point for simplicity
- Enable daily backups and add AUTH_ALLOWED_METHODS in nix-bitcoin.nix, enable fuse.userAllowOther in default.nix.
This commit is contained in:
Sam 2024-12-29 15:44:44 +00:00
parent b3df1841d7
commit 3c63ba7618
2 changed files with 9 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
hosts/common/optional/nixos-containers/nix-bitcoin.nix
View File

@ -6,10 +6,6 @@
pkgs,
...
}: let
bitcoin-rpcpassword-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-privileged".path;
bitcoin-rpcpassword-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
bitcoin-HMAC-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-privileged".path;
bitcoin-HMAC-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-public".path;
containerName = "bitcoin-node";
containerIp = configVars.networking.addresses.bitcoin-node.ip;
mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
@ -17,13 +13,6 @@
allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip;
pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
in {
sops.secrets = {
"software/bitcoind/bitcoin-rpcpassword-privileged" = {};
"software/bitcoind/bitcoin-rpcpassword-public" = {};
"software/bitcoind/bitcoin-HMAC-privileged" = {};
"software/bitcoind/bitcoin-HMAC-public" = {};
};
environment.persistence."/persist" = {
hideMounts = true;
directories = [
@ -41,36 +30,8 @@ in {
hostBridge = "br0";
nixpkgs = pkgs.path;
bindMounts = {
"/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-privileged" = {
hostPath = "${bitcoin-rpcpassword-privileged}";
isReadOnly = false;
};
"/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-public" = {
hostPath = "${bitcoin-rpcpassword-public}";
isReadOnly = false;
};
"/etc/nix-bitcoin-secrets/bitcoin-HMAC-privileged" = {
hostPath = "${bitcoin-HMAC-privileged}";
isReadOnly = false;
};
"/etc/nix-bitcoin-secrets/bitcoin-HMAC-public" = {
hostPath = "${bitcoin-HMAC-public}";
isReadOnly = false;
};
"/var/lib/bitcoind" = {
hostPath = "/media/main-ssd/nix-bitcoin/bitcoind";
isReadOnly = false;
};
"/var/lib/electrs" = {
hostPath = "/media/main-ssd/nix-bitcoin/electrs";
isReadOnly = false;
};
"/var/lib/mysql" = {
hostPath = "/media/main-ssd/nix-bitcoin/mysql";
isReadOnly = false;
};
"/var/lib/tor" = {
hostPath = "/media/main-ssd/nix-bitcoin/tor";
"/var/lib/" = {
hostPath = "/media/main-ssd/nix-bitcoin/";
isReadOnly = false;
};
};
@ -119,7 +80,10 @@ in {
nix-bitcoin.generateSecrets = true;
nix-bitcoin.nodeinfo.enable = true;
services = {
backups.enable = true;
backups = {
enable = true;
frequency = "daily";
};
tor = {
enable = true;
client.enable = true;
@ -186,6 +150,7 @@ in {
LND_REST_ENDPOINT = "https://127.0.0.1:8080";
LND_REST_CERT = "/etc/nix-bitcoin-secrets/lnd-cert";
LND_REST_MACAROON = "/var/lib/lnbits/admin.macaroon";
AUTH_ALLOWED_METHODS = "user-id-only, username-password";
};
};
};

2
hosts/semita/default.nix
View File

@ -119,6 +119,8 @@ in {
];
};
programs.fuse.userAllowOther = true;
networking = {
hostName = "semita";
nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];