Allow configuring the maximum number of inbound and outbound peers
for neutrino. Default is 8, matching lnd's default.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Use simpler naming for the NixOS option. The option defines which
peers to connect to, not the action of adding them.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Use optionals with explicit list syntax for requires, after, and
extraGroups. This makes it clearer that we're conditionally adding
elements to a list.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Avoid conflict with lamassu-server which also defaults to port 3000.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Without this, the services.lamassu-server option doesn't exist.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace password-based TCP auth with Unix socket peer authentication:
- Remove lamassu-db-password secret (no password needed)
- Remove lamassu-postgres-setup service entirely
- Use DATABASE_URL with Unix socket: postgresql://user@/db?host=/run/postgresql
- Remove POSTGRES_HOST, POSTGRES_PORT, POSTGRES_PASSWORD env vars
This follows the same pattern as btcpayserver and simplifies the module
significantly. Peer auth uses OS-level user authentication via Unix socket.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace hardcoded database password with nix-bitcoin secrets pattern:
- Add lamassu-db-password secret (readable by lamassu user and postgres)
- Generate random 20-char password using makePasswordSecret
- Read password at runtime in service wrapper scripts
- Update lamassu-postgres-setup to read password from secrets
- Update helper scripts to read password at runtime
The password is now automatically generated on first deploy and stored
in ${secretsDir}/lamassu-db-password.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The hostname is embedded in the pairing QR code and tells ATMs where to
connect. Added a TODO to consider auto-populating certificate.extraIPs
from hostname when it's an IP address.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Current state:
- Admin UI runs on port 443 (hardcoded in upstream)
- devMode and nginx options commented out (would conflict with port 443)
- adminPort option removed (not configurable in upstream)
Future implementation documented in docs/lamassu-future-nginx.md:
- Add --ui-port flag to upstream lamassu-server
- Re-enable devMode, adminPort, and nginx options
- Allow nginx as reverse proxy on 443 with admin UI on internal port
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The serverPort option was not being passed to lamassu-server,
so the port was always defaulting to 3000 regardless of config.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Clarify adminPort is only used in dev mode (port 8070)
- Production mode always uses port 443 (hardcoded upstream)
- Remove unused ADMIN_SERVER_PORT env var (not read by upstream)
- Fix status script to show correct port and use https
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace runtime SSL generation with nix-bitcoin secrets integration
- Add certificate.extraIPs and certificate.extraDomains options (same pattern as LND)
- Certificates auto-regenerate when SAN configuration changes
- Add certPath and keyPath read-only options
- Update nginx and services to use secrets from secretsDir
- Add nix-bitcoin-secrets.target dependency
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Neutrino doesn't have access to mempool data, so LND requires an
external fee estimation URL when running on mainnet. Add feeUrl
option with Lightning Labs endpoint as default.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When using neutrino backend with no getPublicAddressCmd, the bash
block was empty causing a syntax error. Use individual appends instead.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add option to use neutrino instead of bitcoind for fetching blockchain
data. This allows running LND as a lightweight client that connects to
remote Bitcoin full nodes via P2P protocol.
New options:
- services.lnd.backend: choose between "bitcoind" (default) or "neutrino"
- services.lnd.neutrino.addpeers: list of Bitcoin node peers to connect to
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This option is unneeded because `bitcoin-cli` auth and connection
settings are already provided by other options like `bitcoin-rpcpassword`.
In bitcoind versions prior to 29.0, option `datadir` (passed by clightning to `bitcoin-cli`)
was therefore ignored.
Since 29.0, option `datadir` is always checked for validity. This causes a
file permission error because service clighting has no access to the
bitcoin datadir. This is now fixed.
Let A be a service that depends on another service B.
When A can gracefully handle failures and restarts of B, use
```
wants = [ "B.service" ];
after = [ "B.service" ];
```
instead of
```
requires = [ "B.service" ];
after = [ "B.service" ];
```
in the definition of A.
This way, A keeps running when B is stopped or restarted after a failure.
With `requires`, A is instead stopped when B is stopped or restarted due to a failure.
This brings two benefits:
1. Improved uptime
Examples:
- RTL keeps running when one lightning node has failed
- btcpayserver keeps running and accepting on-chain payments when the lightning node has crashed
2. Avoids a systemd bug where depending units (`A.service` in the
above example) are not restarted when their dependency fails
(issue github/systemd#18856, no full link to avoid spamming the issue).
In real world nix-bitcoin deployments, this issue was only likely to
appear when clightning failed during activation, causing depending
units (like `RTL`) to stop and not be restarted.
All services depending on `clightning` have now been changed to use
`wants`, thereby avoiding the bug.
Services `electrs` and `lightning-loop` fail when their respective
dependencies stop, so these services have not been changed.
I also haven't changed services `joinmarket` and
`joinmarket-yieldgenerator`. Further manual testing is needed to
determine if they can be switched to `wants`.
By wrapping the value in a list, users can add other `ExecStartPost` scripts.
The previous scalar value could only be replaced, but not merged with
other definitions.
These options are set by default in `jmclient/configure.py` and don't
need to be repeated.
Some options, like those in section `POLICY`, might be assigned more
suitable default values in future joinmarket releases, so don't override
them in nix-bitcoin.
