Current state:
- Admin UI runs on port 443 (hardcoded in upstream)
- devMode and nginx options commented out (would conflict with port 443)
- adminPort option removed (not configurable in upstream)
Future implementation documented in docs/lamassu-future-nginx.md:
- Add --ui-port flag to upstream lamassu-server
- Re-enable devMode, adminPort, and nginx options
- Allow nginx as reverse proxy on 443 with admin UI on internal port
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
The serverPort option was not being passed to lamassu-server,
so the port was always defaulting to 3000 regardless of config.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Clarify adminPort is only used in dev mode (port 8070)
- Production mode always uses port 443 (hardcoded upstream)
- Remove unused ADMIN_SERVER_PORT env var (not read by upstream)
- Fix status script to show correct port and use https
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Replace runtime SSL generation with nix-bitcoin secrets integration
- Add certificate.extraIPs and certificate.extraDomains options (same pattern as LND)
- Certificates auto-regenerate when SAN configuration changes
- Add certPath and keyPath read-only options
- Update nginx and services to use secrets from secretsDir
- Add nix-bitcoin-secrets.target dependency
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Neutrino doesn't have access to mempool data, so LND requires an
external fee estimation URL when running on mainnet. Add feeUrl
option with Lightning Labs endpoint as default.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
When using neutrino backend with no getPublicAddressCmd, the bash
block was empty causing a syntax error. Use individual appends instead.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add option to use neutrino instead of bitcoind for fetching blockchain
data. This allows running LND as a lightweight client that connects to
remote Bitcoin full nodes via P2P protocol.
New options:
- services.lnd.backend: choose between "bitcoind" (default) or "neutrino"
- services.lnd.neutrino.addpeers: list of Bitcoin node peers to connect to
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- Update NixOS ISO version from 24.05 to 25.11
- Fix version mismatch between download and copy commands
- Update Nix installer to use current official method
- Fix deprecated permitRootLogin -> settings.PermitRootLogin
- Update download URL to nixos.org/download/
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
bitcoind 29.x is required for joinmarket.
nixos-25.05 is at 29.0, which is a regression from 29.1.
nixos-unstable is at 30.0, which is incompatible.
Adapted from nixpkgs `96ff46705a694219cefa5155ba52203d9d32e65e`, with
minor modifications to make it compatible with nixos 25.05.
6bc5747951 run-tests: fix `tmpDir` being deleted before it's used (Erik Arvstedt)
Pull request description:
ACKs for top commit:
jonasnick:
ACK 6bc5747951
Tree-SHA512: 7767634bc098faac5cfeb14d1800f24df89a1ea5d56fe894338ae2d2871c3293a8bafc62ee61b5cb7f9f658b02c2a52bc7f82b86f69d20d1dae86cc6bfe004b3
In `buildTests`, `nixInstantiate` is called in a subshell.
When `tmpDir` is unset before the call, the tmpdir is created in the
subshell and gets deleted before subshell exit (via `trap`).
But subsequent code accesses the tmpdir, which has now been deleted,
leading to an error.
This bug has been undetected for a long time because bash 5.2 has a
bug [1] where `trap` is not always executed, causing the tmpdir to never be deleted.
Bash 5.3 (introduced in NixOS 25.05) now works correctly and exposes the bug.
Fix it by creating the tmpdir before the subshell call.
[1] https://mail.gnu.org/archive/html/help-bash/2024-07/msg00007.html
