Initial commit: krops-lamassu deployment template

NixOS deployment template for Lamassu Bitcoin ATM server using nix-bitcoin and krops. Features: - Lamassu server with PostgreSQL and auto-generated secrets - TLS certificates (self-signed) - Test VM for local development - Template structure for easy customization
2026-01-11 23:49:02 +01:00 · 2026-01-11 23:49:02 +01:00 · 6febf28955
commit 6febf28955
11 changed files with 1094 additions and 0 deletions
--- a/example/krops.nix
+++ b/example/krops.nix
@ -0,0 +1,137 @@
+# Krops deployment for nix-bitcoin
+#
+# Usage:
+#   Deploy to target:  nix-build krops.nix -A deploy --no-out-link && ./result
+#   Test build only:   nix-build krops.nix -A test --no-out-link
+#   Run test VM:       nix-build krops.nix -A vm --no-out-link && ./result/bin/run-*-vm
+#
+# For more info: https://cgit.krebsco.de/krops/
+
+let
+  # FIXME: Set your deployment target (user@hostname or user@ip)
+  target = "root@bitcoin-node";
+
+  # Import nix-bitcoin release
+  nix-bitcoin = import ./config/nix-bitcoin-release.nix;
+  krops = (import nix-bitcoin {}).krops;
+
+  # Additional source files to deploy
+  # FIXME: Add any extra config files you create here
+  extraSources = {
+    # "my-custom-config.nix".file = toString ./config/my-custom-config.nix;
+  };
+
+  source = krops.lib.evalSource [({
+    nixos-config.file = builtins.toFile "nixos-config" ''
+      {
+        imports = [
+          ./configuration.nix
+          <nix-bitcoin/modules/deployment/krops.nix>
+        ];
+      }
+    '';
+
+    "configuration.nix".file = toString ./config/configuration.nix;
+
+    nixpkgs.file = {
+      path = toString <nixpkgs>;
+      useChecksum = true;
+      filters = [
+        {
+          type = "exclude";
+          pattern = "/pkgs/development/libraries/readline/update-patch-set.sh";
+        }
+      ];
+    };
+
+    nix-bitcoin.file = {
+      path = toString nix-bitcoin;
+      useChecksum = true;
+      filters = [{
+        type = "exclude";
+        pattern = ".git";
+      }];
+    };
+
+    # lamassu-server source is cloned directly on target by lamassu-build service
+
+    secrets.file = toString ./secrets;
+  } // extraSources)];
+
+in {
+  # Deploy to target machine
+  deploy = krops.pkgs.krops.writeDeploy "deploy-nix-bitcoin" {
+    inherit source target;
+    force = true;
+  };
+
+  # Test build locally (writes to /tmp/krops-test)
+  test = krops.pkgs.krops.writeTest "test-nix-bitcoin" {
+    inherit source;
+    target = "/tmp/krops-test";
+  };
+
+  # Build a test VM with preconfigured settings
+  # Run with: nix-build krops.nix -A vm --no-out-link && ./result/bin/run-*-vm
+  #
+  # The VM starts with:
+  # - Lamassu server with auto-generated secrets
+  # - Auto-login to root console
+  # - Services accessible via localhost
+  #
+  # Useful for testing configuration changes before deploying to production.
+  vm = (import <nixpkgs/nixos> {
+    configuration = { config, lib, pkgs, modulesPath, ... }: {
+      imports = [
+        (modulesPath + "/virtualisation/qemu-vm.nix")
+        "${nix-bitcoin}/modules/modules.nix"
+      ];
+
+      # VM-specific settings
+      virtualisation = {
+        graphics = false;
+        memorySize = 2048;
+        cores = 2;
+        diskSize = 4096;  # 4GB disk (default is too small)
+        # Forward ports to host (0.0.0.0 = accessible from LAN)
+        forwardPorts = [
+          { from = "host"; host.address = "0.0.0.0"; host.port = 8443; guest.port = 443; }
+          { from = "host"; host.address = "0.0.0.0"; host.port = 3000; guest.port = 3000; }
+        ];
+      };
+
+      # Auto-login for easy access
+      services.getty.autologinUser = "root";
+
+      # Generate secrets automatically in VM
+      nix-bitcoin.secretsDir = "/secrets";
+      nix-bitcoin.generateSecrets = true;
+      nix-bitcoin.setupSecrets = true;
+
+      # Enable operator user (required by nix-bitcoin)
+      nix-bitcoin.operator.enable = true;
+
+      # FIXME: replace 127.0.0.1 with your host IP to add to self-signed cert 
+      # for pairing
+      # Lamassu server
+      # IMPORTANT: Set both hostname and certificate.extraIPs to the same value
+      # Use the IP address of the server that ATMs will connect to
+      services.lamassu-server = {
+        enable = true;
+        source.ref = "main";
+        mode = "production";
+        hostname = "127.0.0.1";
+        certificate.extraIPs = [ "127.0.0.1" ];
+        skip2FA = true;
+      };
+
+      # Basic system config
+      networking.hostName = "lamassu-vm";
+      time.timeZone = "UTC";
+      system.stateVersion = "25.11";
+      nix-bitcoin.configVersion = "0.0.85";
+
+      environment.systemPackages = with pkgs; [ vim ];
+    };
+  }).config.system.build.vm;
+}