diff --git a/hosts/common/optional/nixos-containers/nix-bitcoin.nix b/hosts/common/optional/nixos-containers/nix-bitcoin.nix index 6a504c1..93a1b98 100644 --- a/hosts/common/optional/nixos-containers/nix-bitcoin.nix +++ b/hosts/common/optional/nixos-containers/nix-bitcoin.nix @@ -6,10 +6,6 @@ pkgs, ... }: let - bitcoin-rpcpassword-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-privileged".path; - bitcoin-rpcpassword-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path; - bitcoin-HMAC-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-privileged".path; - bitcoin-HMAC-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-public".path; containerName = "bitcoin-node"; containerIp = configVars.networking.addresses.bitcoin-node.ip; mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port; @@ -17,13 +13,6 @@ allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip; pubKeys = lib.filesystem.listFilesRecursive ../../users/keys; in { - sops.secrets = { - "software/bitcoind/bitcoin-rpcpassword-privileged" = {}; - "software/bitcoind/bitcoin-rpcpassword-public" = {}; - "software/bitcoind/bitcoin-HMAC-privileged" = {}; - "software/bitcoind/bitcoin-HMAC-public" = {}; - }; - environment.persistence."/persist" = { hideMounts = true; directories = [ @@ -41,36 +30,8 @@ in { hostBridge = "br0"; nixpkgs = pkgs.path; bindMounts = { - "/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-privileged" = { - hostPath = "${bitcoin-rpcpassword-privileged}"; - isReadOnly = false; - }; - "/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-public" = { - hostPath = "${bitcoin-rpcpassword-public}"; - isReadOnly = false; - }; - "/etc/nix-bitcoin-secrets/bitcoin-HMAC-privileged" = { - hostPath = "${bitcoin-HMAC-privileged}"; - isReadOnly = false; - }; - "/etc/nix-bitcoin-secrets/bitcoin-HMAC-public" = { - hostPath = "${bitcoin-HMAC-public}"; - isReadOnly = false; - }; - "/var/lib/bitcoind" = { - hostPath = "/media/main-ssd/nix-bitcoin/bitcoind"; - isReadOnly = false; - }; - "/var/lib/electrs" = { - hostPath = "/media/main-ssd/nix-bitcoin/electrs"; - isReadOnly = false; - }; - "/var/lib/mysql" = { - hostPath = "/media/main-ssd/nix-bitcoin/mysql"; - isReadOnly = false; - }; - "/var/lib/tor" = { - hostPath = "/media/main-ssd/nix-bitcoin/tor"; + "/var/lib/" = { + hostPath = "/media/main-ssd/nix-bitcoin/"; isReadOnly = false; }; }; @@ -119,7 +80,10 @@ in { nix-bitcoin.generateSecrets = true; nix-bitcoin.nodeinfo.enable = true; services = { - backups.enable = true; + backups = { + enable = true; + frequency = "daily"; + }; tor = { enable = true; client.enable = true; @@ -186,6 +150,7 @@ in { LND_REST_ENDPOINT = "https://127.0.0.1:8080"; LND_REST_CERT = "/etc/nix-bitcoin-secrets/lnd-cert"; LND_REST_MACAROON = "/var/lib/lnbits/admin.macaroon"; + AUTH_ALLOWED_METHODS = "user-id-only, username-password"; }; }; }; diff --git a/hosts/semita/default.nix b/hosts/semita/default.nix index c51ffca..dc6cb4f 100644 --- a/hosts/semita/default.nix +++ b/hosts/semita/default.nix @@ -119,6 +119,8 @@ in { ]; }; + programs.fuse.userAllowOther = true; + networking = { hostName = "semita"; nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];