Update nix-bitcoin container configuration and Semita host settings

- Remove redundant bitcoin secret variables and bind mounts in nix-bitcoin.nix
- Consolidate var/lib bind mounts into a single mount point for simplicity
- Enable daily backups and add AUTH_ALLOWED_METHODS in nix-bitcoin.nix, enable fuse.userAllowOther in default.nix.

hosts/common/optional/nixos-containers/nix-bitcoin.nix

@@ -6,10 +6,6 @@
   pkgs,
   ...
 }: let
-  bitcoin-rpcpassword-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-privileged".path;
-  bitcoin-rpcpassword-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-rpcpassword-public".path;
-  bitcoin-HMAC-privileged = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-privileged".path;
-  bitcoin-HMAC-public = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."software/bitcoind/bitcoin-HMAC-public".path;
   containerName = "bitcoin-node";
   containerIp = configVars.networking.addresses.bitcoin-node.ip;
   mempoolPort = configVars.networking.addresses.bitcoin-node.services.mempool.port;
@@ -17,13 +13,6 @@
   allowip = configVars.networking.addresses.bitcoin-node.services.bitcoind.allowip;
   pubKeys = lib.filesystem.listFilesRecursive ../../users/keys;
 in {
-  sops.secrets = {
-    "software/bitcoind/bitcoin-rpcpassword-privileged" = {};
-    "software/bitcoind/bitcoin-rpcpassword-public" = {};
-    "software/bitcoind/bitcoin-HMAC-privileged" = {};
-    "software/bitcoind/bitcoin-HMAC-public" = {};
-  };
-
   environment.persistence."/persist" = {
     hideMounts = true;
     directories = [
@@ -41,36 +30,8 @@ in {
     hostBridge = "br0";
     nixpkgs = pkgs.path;
     bindMounts = {
-      "/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-privileged" = {
+      "/var/lib/" = {
-        hostPath = "${bitcoin-rpcpassword-privileged}";
+        hostPath = "/media/main-ssd/nix-bitcoin/";
-        isReadOnly = false;
-      };
-      "/etc/nix-bitcoin-secrets/bitcoin-rpcpassword-public" = {
-        hostPath = "${bitcoin-rpcpassword-public}";
-        isReadOnly = false;
-      };
-      "/etc/nix-bitcoin-secrets/bitcoin-HMAC-privileged" = {
-        hostPath = "${bitcoin-HMAC-privileged}";
-        isReadOnly = false;
-      };
-      "/etc/nix-bitcoin-secrets/bitcoin-HMAC-public" = {
-        hostPath = "${bitcoin-HMAC-public}";
-        isReadOnly = false;
-      };
-      "/var/lib/bitcoind" = {
-        hostPath = "/media/main-ssd/nix-bitcoin/bitcoind";
-        isReadOnly = false;
-      };
-      "/var/lib/electrs" = {
-        hostPath = "/media/main-ssd/nix-bitcoin/electrs";
-        isReadOnly = false;
-      };
-      "/var/lib/mysql" = {
-        hostPath = "/media/main-ssd/nix-bitcoin/mysql";
-        isReadOnly = false;
-      };
-      "/var/lib/tor" = {
-        hostPath = "/media/main-ssd/nix-bitcoin/tor";
         isReadOnly = false;
       };
     };
@@ -119,7 +80,10 @@ in {
       nix-bitcoin.generateSecrets = true;
       nix-bitcoin.nodeinfo.enable = true;
       services = {
-        backups.enable = true;
+        backups = {
+          enable = true;
+          frequency = "daily";
+        };
         tor = {
           enable = true;
           client.enable = true;
@@ -186,6 +150,7 @@ in {
             LND_REST_ENDPOINT = "https://127.0.0.1:8080";
             LND_REST_CERT = "/etc/nix-bitcoin-secrets/lnd-cert";
             LND_REST_MACAROON = "/var/lib/lnbits/admin.macaroon";
+            AUTH_ALLOWED_METHODS = "user-id-only, username-password";
           };
         };
       };

hosts/semita/default.nix

@@ -119,6 +119,8 @@ in {
     ];
   };
 
+  programs.fuse.userAllowOther = true;
+
   networking = {
     hostName = "semita";
     nameservers = ["${pieholeIp}" "${gatewayIp}" "8.8.8.8"];