aiolabs/nix-bitcoin
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Change the nix-bitcoin deployment from forking this repo to importing the module

Browse source 
Instead of forking this repo, it is now recommended that users simply import the
nix-bitcoin module. This commit adds an example directory that contains the
network/ examples and a shell.nix for deployment with nixops.
This commit is contained in:
Jonas Nick 2020-02-19 16:37:46 +00:00
parent 2d51c722cc
commit 87d0286498
No known key found for this signature in database
GPG key ID: 4861DBF262123605
7 changed files with 33 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

144
examples/configuration.nix Normal file
View file

@ -0,0 +1,144 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, ... }: {
imports = [
# Use hardened kernel profile. See
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
# for the enabled options.
<nixpkgs/nixos/modules/profiles/hardened.nix>
# FIXME: Uncomment next line to import your hardware configuration. If so,
# add the hardware configuration file to the same directory as this file.
# This is not needed when deploying to a virtual box.
#./hardware-configuration.nix
];
# FIXME: Enable modules by uncommenting their respective line. Disable
# modules by commenting out their respective line. Enable this module to
# use the nix-bitcoin node configuration. Only disable this if you know what
# you are doing.
services.nix-bitcoin.enable = true;
### BITCOIND
# Bitcoind is enabled by default if nix-bitcoin is enabled
#
# You can override default settings from nix-bitcoin.nix as follows
# services.bitcoind.prune = lib.mkForce 100000;
#
# You can add options that are not defined in modules/bitcoind.nix as follows
# services.bitcoind.extraConfig = ''
# maxorphantx=110
# '';
### CLIGHTNING
# Enable this module to use clightning, a Lightning Network implementation
# in C.
services.clightning.enable = true;
# Enable this option to listen for incoming lightning connections. By
# default nix-bitcoin nodes offer outgoing connectivity.
# services.clightning.autolisten = true;
### LND
# Disable clightning and uncomment the following line in order to enable lnd,
# a lightning implementation written in Go.
# services.lnd.enable = assert (!config.services.clightning.enable); true;
## WARNING
# If you use lnd, you should manually backup your wallet mnemonic
# seed. This will allow you to recover on-chain funds. You can run the
# following command after the lnd service starts:
# nixops scp --from bitcoin-node /secrets/lnd-seed-mnemonic ./secrets/lnd-seed-mnemonic
# You should also backup your channel state after opening new channels.
# This will allow you to recover off-chain funds, by force-closing channels.
# nixops scp --from bitcoin-node /var/lib/lnd/chain/bitcoin/mainnet/channel.backup /my-backup-path/channel.backup
### SPARK WALLET
# Enable this module to use spark-wallet, a minimalistic wallet GUI for
# c-lightning, accessible over the web or through mobile and desktop apps.
# Only enable this if clightning is enabled.
# services.spark-wallet.enable = true;
### ELECTRS
# Enable this module to use electrs, an efficient re-implementation of
# Electrum Server in Rust. Only enable this if hardware wallets are
# disabled.
# services.electrs.enable = true;
# If you have ≥8GB memory, enable this option so electrs will sync faster.
# services.electrs.high-memory = true;
### LIQUIDD
# Enable this module to use Liquid, a sidechain for an inter-exchange
# settlement network linking together cryptocurrency exchanges and
# institutions around the world. Liquid is accessed with the elements-cli
# tool run as user operator.
# services.liquidd.enable = true;
### LIGHTNING CHARGE
# Enable this module to use lightning-charge, a simple drop-in solution for
# accepting lightning payments. Only enable this if clightning is enabled.
# services.lightning-charge.enable = true;
### NANOPOS
# Enable this module to use nanopos, a simple Lightning point-of-sale
# system, powered by Lightning Charge. Only enable this if clightning and
# lightning-charge are enabled.
# services.nanopos.enable = true;
### WEBINDEX
# Enable this module to use the nix-bitcoin-webindex, a simple website
# displaying your node information and link to nanopos store. Only enable
# this if clightning, lightning-charge, and nanopos are enabled.
# services.nix-bitcoin-webindex.enable = true;
### RECURRING-DONATIONS
# Enable this module to send recurring donations. This is EXPERIMENTAL; it's
# not guaranteed that payments are succeeding or that you will notice payment
# failure. Only enable this if clightning is enabled.
# services.recurring-donations.enable = true;
# Specify the receivers of the donations. By default donations are every
# Monday at a randomized time. Check `journalctl -eu recurring-donations` or
# `lightning-cli listpayments` for successful lightning donations.
# services.recurring-donations.tallycoin = {
# "<receiver name>" = <amount you wish to donate in sat>"
# "<additional receiver name>" = <amount you wish to donate in sat>;
# "djbooth007" = 1000;
# };
### Hardware wallets
# Enable this module to allow using hardware wallets. See https://github.com/bitcoin-core/HWI
# for more information. Only enable this if electrs is disabled.
# Ledger must be initialized through the official ledger live app and the Bitcoin app must
# be installed and running on the device.
# services.hardware-wallets.ledger = true;
# Trezor can be initialized with the trezorctl command in nix-bitcoin. More information in
# `docs/usage.md`.
# services.hardware-wallets.trezor = true;
# FIXME: Define your hostname.
networking.hostName = "nix-bitcoin";
time.timeZone = "UTC";
# FIXME: Add your SSH pubkey
services.openssh.enable = true;
users.users.root = {
openssh.authorizedKeys.keys = [ "" ];
};
# FIXME: add packages you need in your system
environment.systemPackages = with pkgs; [
vim
];
# FIXME: Add custom options (like boot options, output of
# nixos-generate-config, etc.):
# If the hardened profile is imported above, we need to explicitly allow
# user namespaces to enable sanboxed builds and services.
security.allowUserNamespaces = true;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "18.09"; # Did you read the comment?
}

30
examples/nixops/node-libvirtd.nix Normal file
View file

@ -0,0 +1,30 @@
{
bitcoin-node =
{ config, pkgs, ... }:
{
deployment.targetEnv = "libvirtd";
deployment.libvirtd.memorySize = 8192; # megabytes
deployment.libvirtd.vcpu = 4; # number of cpus
deployment.libvirtd.headless = true;
deployment.libvirtd.baseImageSize = 400;
boot.kernelParams = [ "console=ttyS0,115200" ];
deployment.libvirtd.extraDevicesXML = ''
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
'';
# Remove when fixed: https://github.com/NixOS/nixops/issues/931
system.activationScripts.nixops-vm-fix-931 = {
text = ''
if ls -l /nix/store | grep sudo | grep -q nogroup; then
mount -o remount,rw /nix/store
chown -R root:nixbld /nix/store
fi
'';
deps = [];
};
};
}

13
examples/nixops/node-vbox.nix Normal file
View file

@ -0,0 +1,13 @@
{
bitcoin-node =
{ config, pkgs, ... }:
{
deployment.targetEnv = "virtualbox";
deployment.virtualbox = {
memorySize = 4096; # megabytes
vcpu = 4; # number of cpus
disks.disk1.size = 358400; # 350 GiB
headless = true;
};
};
}

31
examples/nixops/node.nix Normal file
View file

@ -0,0 +1,31 @@
{
network.description = "Bitcoin Core node";
bitcoin-node =
{ config, pkgs, lib, ... }: {
imports = [ ../configuration.nix <nix-bitcoin/modules/nix-bitcoin.nix> ];
deployment.keys = builtins.mapAttrs (n: v: {
keyFile = "${toString ../secrets}/${n}";
destDir = config.nix-bitcoin.secretsDir;
inherit (v) user group permissions;
}) config.nix-bitcoin.secrets;
# nixops makes the secrets directory accessible only for users with group 'key'.
# For compatibility with other deployment methods besides nixops, we forego the
# use of the 'key' group and make the secrets dir world-readable instead.
# This is safe because all containing files have their specific private
# permissions set.
systemd.services.allowSecretsDirAccess = {
requires = [ "keys.target" ];
after = [ "keys.target" ];
script = "chmod o+x ${config.nix-bitcoin.secretsDir}";
serviceConfig.Type = "oneshot";
};
systemd.targets.nix-bitcoin-secrets = {
requires = [ "allowSecretsDirAccess.service" ];
after = [ "allowSecretsDirAccess.service" ];
};
};
}

29
examples/shell.nix Normal file
View file

@ -0,0 +1,29 @@
let
# TODO:
# nix-bitcoin-path = builtins.fetchTarball {
# url = "https://github.com/fort-nix/nix-bitcoin/archive/master.tar.gz";
# sha256 = "1mlvfakjgbl67k4k9mgafp5gvi2gb2p57xwxwffqr4chx8g848n7";
# };
nix-bitcoin-path = ../.;
nixpkgs-path = (import "${toString nix-bitcoin-path}/pkgs/nixpkgs-pinned.nix").nixpkgs;
nixpkgs = import nixpkgs-path {};
nix-bitcoin = nixpkgs.callPackage nix-bitcoin-path {};
in
with nixpkgs;
stdenv.mkDerivation rec {
name = "nix-bitcoin-environment";
buildInputs = [ nix-bitcoin.nixops19_09 figlet ];
shellHook = ''
export NIX_PATH="nixpkgs=${nixpkgs-path}:nix-bitcoin=${toString nix-bitcoin-path}:."
# ssh-agent and nixops don't play well together (see
# https://github.com/NixOS/nixops/issues/256). I'm getting `Received disconnect
# from 10.1.1.200 port 22:2: Too many authentication failures` if I have a few
# keys already added to my ssh-agent.
export SSH_AUTH_SOCK=""
figlet "nix-bitcoin"
(mkdir -p secrets; cd secrets; ${nix-bitcoin.generate-secrets})
'';
}