2018-11-13 15:44:54 -08:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
|
|
|
|
2020-02-23 11:30:32 -08:00
|
|
|
|
{ config, pkgs, lib, ... }: {
|
2019-04-14 11:38:34 -07:00
|
|
|
|
imports = [
|
2020-04-07 13:47:32 -07:00
|
|
|
|
<nix-bitcoin/modules/presets/secure-node.nix>
|
2020-02-26 08:11:20 -08:00
|
|
|
|
|
2020-02-26 08:11:21 -08:00
|
|
|
|
# FIXME: The hardened kernel profile improves security but
|
|
|
|
|
# decreases performance by ~50%.
|
|
|
|
|
# Turn it off when not needed.
|
2020-12-16 09:57:57 -08:00
|
|
|
|
<nix-bitcoin/modules/presets/hardened.nix>
|
2021-01-30 14:08:35 -08:00
|
|
|
|
#
|
|
|
|
|
# You can enable the hardened-extended preset instead to further improve security
|
|
|
|
|
# at the cost of functionality and performance.
|
|
|
|
|
# See the comments at the top of `hardened-extended.nix` for further details.
|
|
|
|
|
# <nix-bitcoin/modules/presets/hardened-extended.nix>
|
2019-04-27 05:19:56 -07:00
|
|
|
|
|
2021-11-26 06:13:29 -08:00
|
|
|
|
# FIXME: Uncomment the next line to import your hardware configuration. If so,
|
2018-12-28 05:44:32 -08:00
|
|
|
|
# add the hardware configuration file to the same directory as this file.
|
2018-12-10 15:24:47 -08:00
|
|
|
|
#./hardware-configuration.nix
|
2018-12-06 07:59:41 -08:00
|
|
|
|
];
|
2019-04-12 01:47:49 -07:00
|
|
|
|
# FIXME: Enable modules by uncommenting their respective line. Disable
|
2020-04-07 13:47:34 -07:00
|
|
|
|
# modules by commenting out their respective line.
|
2019-04-12 02:01:40 -07:00
|
|
|
|
|
2020-02-23 11:30:32 -08:00
|
|
|
|
### BITCOIND
|
2021-10-30 05:55:55 -07:00
|
|
|
|
# Bitcoind is enabled by default via secure-node.nix.
|
2020-02-23 11:30:32 -08:00
|
|
|
|
#
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# Set this option to enable pruning with a specified MiB value.
|
2020-06-02 06:12:04 -07:00
|
|
|
|
# clightning is compatible with pruning. See
|
|
|
|
|
# https://github.com/ElementsProject/lightning/#pruning for more information.
|
|
|
|
|
# LND and electrs are not compatible with pruning.
|
2020-06-07 04:40:25 -07:00
|
|
|
|
# services.bitcoind.prune = 100000;
|
2020-02-23 11:30:32 -08:00
|
|
|
|
#
|
2021-01-30 01:47:06 -08:00
|
|
|
|
# Set this to accounce the onion service address to peers.
|
|
|
|
|
# The onion service allows accepting incoming connections via Tor.
|
|
|
|
|
# nix-bitcoin.onionServices.bitcoind.public = true;
|
|
|
|
|
#
|
2020-02-23 11:30:32 -08:00
|
|
|
|
# You can add options that are not defined in modules/bitcoind.nix as follows
|
|
|
|
|
# services.bitcoind.extraConfig = ''
|
|
|
|
|
# maxorphantx=110
|
|
|
|
|
# '';
|
|
|
|
|
|
2019-04-12 02:01:40 -07:00
|
|
|
|
### CLIGHTNING
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# Enable clightning, a Lightning Network implementation in C.
|
2019-04-12 01:47:49 -07:00
|
|
|
|
services.clightning.enable = true;
|
2021-01-14 04:24:20 -08:00
|
|
|
|
#
|
|
|
|
|
# Set this to create an onion service by which clightning can accept incoming connections
|
|
|
|
|
# via Tor.
|
|
|
|
|
# The onion service is automatically announced to peers.
|
|
|
|
|
# nix-bitcoin.onionServices.clightning.public = true;
|
|
|
|
|
#
|
2020-11-18 18:01:45 -08:00
|
|
|
|
# == Plugins
|
2022-02-03 11:46:32 -08:00
|
|
|
|
# See ../README.md (Features → clightning) for the list of available plugins.
|
2020-11-18 18:01:45 -08:00
|
|
|
|
# services.clightning.plugins.prometheus.enable = true;
|
2022-05-05 12:56:17 -07:00
|
|
|
|
#
|
|
|
|
|
# == REST server
|
|
|
|
|
# Set this to create a clightning REST onion service.
|
|
|
|
|
# This also adds binary `lndconnect-onion-clightning` to the system environment.
|
|
|
|
|
# This binary creates QR codes or URLs for connecting applications to clightning
|
|
|
|
|
# via the REST onion service (see ../docs/services.md).
|
|
|
|
|
#
|
|
|
|
|
# services.clightning-rest = {
|
|
|
|
|
# enable = true;
|
|
|
|
|
# lndconnectOnion.enable = true;
|
|
|
|
|
# };
|
2019-04-12 02:01:40 -07:00
|
|
|
|
|
2019-08-05 01:44:38 -07:00
|
|
|
|
### LND
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# Set this to enable lnd, a lightning implementation written in Go.
|
2020-06-15 03:21:18 -07:00
|
|
|
|
# services.lnd.enable = true;
|
2021-01-14 04:24:21 -08:00
|
|
|
|
#
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# NOTE: In order to avoid collisions with clightning you must disable clightning or
|
|
|
|
|
# change the services.clightning.port or services.lnd.port to a port other than
|
|
|
|
|
# 9735.
|
|
|
|
|
#
|
2021-01-14 04:24:21 -08:00
|
|
|
|
# Set this to create an onion service by which lnd can accept incoming connections
|
|
|
|
|
# via Tor.
|
|
|
|
|
# The onion service is automatically announced to peers.
|
|
|
|
|
# nix-bitcoin.onionServices.lnd.public = true;
|
|
|
|
|
#
|
2021-02-03 13:44:43 -08:00
|
|
|
|
# Set this to create an lnd REST onion service.
|
2022-05-05 12:56:17 -07:00
|
|
|
|
# This also adds binary `lndconnect-onion` to the system environment.
|
|
|
|
|
# This binary generates QR codes or URLs for connecting applications to lnd via the
|
|
|
|
|
# REST onion service (see ../docs/services.md).
|
|
|
|
|
# services.lnd.lndconnectOnion.enable = true;
|
2021-02-03 13:44:43 -08:00
|
|
|
|
#
|
2019-08-24 16:24:26 -07:00
|
|
|
|
## WARNING
|
|
|
|
|
# If you use lnd, you should manually backup your wallet mnemonic
|
|
|
|
|
# seed. This will allow you to recover on-chain funds. You can run the
|
2021-03-10 05:08:37 -08:00
|
|
|
|
# following commands after the lnd service starts:
|
|
|
|
|
# mkdir -p ./backups/lnd/
|
|
|
|
|
# scp bitcoin-node:/var/lib/lnd/lnd-seed-mnemonic ./backups/lnd/
|
|
|
|
|
#
|
2019-08-24 16:24:26 -07:00
|
|
|
|
# You should also backup your channel state after opening new channels.
|
|
|
|
|
# This will allow you to recover off-chain funds, by force-closing channels.
|
2021-03-10 05:08:37 -08:00
|
|
|
|
# scp bitcoin-node:/var/lib/lnd/chain/bitcoin/mainnet/channel.backup ./backups/lnd/
|
2022-02-14 06:04:11 -08:00
|
|
|
|
#
|
|
|
|
|
# Alternatively, you can have these files backed up by services.backups below.
|
2019-08-05 01:44:38 -07:00
|
|
|
|
|
2021-11-08 03:43:14 -08:00
|
|
|
|
### RIDE THE LIGHTNING
|
|
|
|
|
# Set this to enable RTL, a web interface for lnd and clightning.
|
|
|
|
|
# services.rtl.enable = true;
|
|
|
|
|
#
|
|
|
|
|
# Set this to add a clightning node interface.
|
|
|
|
|
# Automatically enables clightning.
|
2022-05-14 06:21:36 -07:00
|
|
|
|
# services.rtl.nodes.clightning.enable = true;
|
2021-11-08 03:43:14 -08:00
|
|
|
|
#
|
|
|
|
|
# Set this to add a lnd node interface.
|
|
|
|
|
# Automatically enables lnd.
|
2022-05-14 06:21:36 -07:00
|
|
|
|
# services.rtl.nodes.lnd.enable = true;
|
2021-11-08 03:43:14 -08:00
|
|
|
|
#
|
|
|
|
|
# You can enable both nodes simultaneously.
|
|
|
|
|
#
|
|
|
|
|
# Set this option to enable swaps with lightning-loop.
|
|
|
|
|
# Automatically enables lightning-loop.
|
2022-05-14 06:21:36 -07:00
|
|
|
|
# services.rtl.nodes.lnd.loop = true;
|
2021-11-08 03:43:14 -08:00
|
|
|
|
|
2019-04-12 02:01:40 -07:00
|
|
|
|
### SPARK WALLET
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# Set this to enable spark-wallet, a minimalistic wallet GUI for
|
2019-04-12 02:01:40 -07:00
|
|
|
|
# c-lightning, accessible over the web or through mobile and desktop apps.
|
2020-10-18 05:49:20 -07:00
|
|
|
|
# Automatically enables clightning.
|
2019-04-12 02:01:40 -07:00
|
|
|
|
# services.spark-wallet.enable = true;
|
|
|
|
|
|
|
|
|
|
### ELECTRS
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# Set this to enable electrs, an efficient Electrum server implemented in Rust.
|
2019-04-12 02:01:40 -07:00
|
|
|
|
# services.electrs.enable = true;
|
|
|
|
|
|
2020-08-12 07:47:56 -07:00
|
|
|
|
### BTCPayServer
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# Set this to enable BTCPayServer, a self-hosted, open-source
|
2020-08-12 07:47:56 -07:00
|
|
|
|
# cryptocurrency payment processor.
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# services.btcpayserver.enable = true;
|
|
|
|
|
#
|
2020-08-12 07:47:56 -07:00
|
|
|
|
# Privacy Warning: BTCPayServer currently looks up price rates without
|
|
|
|
|
# proxying them through Tor. This means an outside observer can correlate
|
|
|
|
|
# your BTCPayServer usage, like invoice creation times, with your IP address.
|
2021-08-15 02:28:31 -07:00
|
|
|
|
#
|
2020-08-12 07:47:56 -07:00
|
|
|
|
# Enable this option to connect BTCPayServer to clightning.
|
|
|
|
|
# services.btcpayserver.lightningBackend = "clightning";
|
2021-08-15 02:28:31 -07:00
|
|
|
|
#
|
2020-08-12 07:47:56 -07:00
|
|
|
|
# Enable this option to connect BTCPayServert to lnd.
|
|
|
|
|
# services.btcpayserver.lightningBackend = "lnd";
|
2021-08-15 02:28:31 -07:00
|
|
|
|
#
|
|
|
|
|
# The lightning backend service is automatically enabled.
|
2020-08-12 07:47:56 -07:00
|
|
|
|
# Afterwards you need to go into Store > General Settings > Lightning Nodes
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# and select "the internal lightning node of this BTCPay Server".
|
2021-01-14 04:24:24 -08:00
|
|
|
|
#
|
|
|
|
|
# Set this to create an onion service to make the btcpayserver web interface
|
|
|
|
|
# accessible via Tor.
|
|
|
|
|
# Security WARNING: Create a btcpayserver administrator account before allowing
|
|
|
|
|
# public access to the web interface.
|
|
|
|
|
# nix-bitcoin.onionServices.btcpayserver.enable = true;
|
2020-08-12 07:47:56 -07:00
|
|
|
|
|
2019-04-12 02:01:40 -07:00
|
|
|
|
### LIQUIDD
|
2019-08-05 08:11:27 -07:00
|
|
|
|
# Enable this module to use Liquid, a sidechain for an inter-exchange
|
2019-04-12 02:01:40 -07:00
|
|
|
|
# settlement network linking together cryptocurrency exchanges and
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# institutions around the world.
|
2019-08-06 04:55:19 -07:00
|
|
|
|
# services.liquidd.enable = true;
|
2021-08-15 02:28:31 -07:00
|
|
|
|
#
|
|
|
|
|
# Liquid can be controlled with command 'elements-cli'.
|
2019-04-12 02:01:40 -07:00
|
|
|
|
|
2019-04-29 13:39:25 -07:00
|
|
|
|
### Hardware wallets
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# Enable the following to allow using hardware wallets.
|
|
|
|
|
# See https://github.com/bitcoin-core/HWI for more information.
|
|
|
|
|
#
|
2019-04-29 13:39:25 -07:00
|
|
|
|
# Ledger must be initialized through the official ledger live app and the Bitcoin app must
|
|
|
|
|
# be installed and running on the device.
|
|
|
|
|
# services.hardware-wallets.ledger = true;
|
2021-08-15 02:28:31 -07:00
|
|
|
|
#
|
2019-05-13 08:13:23 -07:00
|
|
|
|
# Trezor can be initialized with the trezorctl command in nix-bitcoin. More information in
|
2022-02-03 11:46:30 -08:00
|
|
|
|
# `../docs/services.md`.
|
2019-04-29 13:39:25 -07:00
|
|
|
|
# services.hardware-wallets.trezor = true;
|
|
|
|
|
|
2020-07-07 07:22:17 -07:00
|
|
|
|
### lightning-loop
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# Set this to enable lightninglab's non-custodial off/on chain bridge.
|
|
|
|
|
# services.lightning-loop.enable = true;
|
|
|
|
|
#
|
2020-07-07 07:22:17 -07:00
|
|
|
|
# loopd (lightning-loop daemon) will be started automatically. Users can
|
|
|
|
|
# interact with off/on chain bridge using `loop in` and `loop out`.
|
2020-10-18 05:49:20 -07:00
|
|
|
|
# Automatically enables lnd.
|
2021-08-15 02:28:31 -07:00
|
|
|
|
|
2021-03-01 01:59:23 -08:00
|
|
|
|
### lightning-pool
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# Set this to enable Lightning Lab's non-custodial batched uniform
|
2021-03-01 01:59:23 -08:00
|
|
|
|
# clearing-price auction for Lightning Channel Leases.
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# services.lightning-pool.enable = true;
|
|
|
|
|
#
|
2021-03-01 01:59:23 -08:00
|
|
|
|
# Use the `pool` command to interact with the lightning-pool service.
|
|
|
|
|
# Automatically enables lnd.
|
|
|
|
|
#
|
|
|
|
|
# lightning-pool requires that lnd has a publicly reachable address.
|
|
|
|
|
# Set this to create a public onion service for lnd.
|
|
|
|
|
# nix-bitcoin.onionServices.lnd.public = true;
|
|
|
|
|
|
2021-06-01 18:11:26 -07:00
|
|
|
|
### charge-lnd
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# Set this to enable charge-lnd, a simple policy based fee manager for
|
2021-06-01 18:11:26 -07:00
|
|
|
|
# LND. With this tool you can set fees to autobalance, recover channel open
|
|
|
|
|
# costs, use on-chain fees as reference, or just use static fees. You decide.
|
|
|
|
|
# services.charge-lnd.enable = true;
|
2021-08-15 02:28:31 -07:00
|
|
|
|
#
|
2021-06-01 18:11:26 -07:00
|
|
|
|
# Define policies as outlined in the project documentation.
|
|
|
|
|
# services.charge-lnd.policies = ''
|
|
|
|
|
# '';
|
|
|
|
|
|
2021-08-15 02:28:32 -07:00
|
|
|
|
### JOINMARKET
|
|
|
|
|
# Set this to enable the JoinMarket service, including its command-line scripts.
|
|
|
|
|
# These scripts have prefix 'jm-', like 'jm-tumbler'.
|
|
|
|
|
# Note: JoinMarket has full access to bitcoind, including its wallet functionality.
|
|
|
|
|
# services.joinmarket.enable = true;
|
|
|
|
|
#
|
|
|
|
|
# Set this to enable the JoinMarket Yield Generator Bot. You will be able to
|
|
|
|
|
# earn sats by providing CoinJoin liquidity. This makes it impossible to use other
|
|
|
|
|
# scripts that access your wallet.
|
|
|
|
|
# services.joinmarket.yieldgenerator.enable = true;
|
|
|
|
|
#
|
|
|
|
|
# Set this to enable the JoinMarket order book watcher.
|
|
|
|
|
# services.joinmarket-ob-watcher.enable = true;
|
|
|
|
|
|
2020-06-11 04:39:17 -07:00
|
|
|
|
### Backups
|
2021-08-15 02:28:31 -07:00
|
|
|
|
# Set this to enable nix-bitcoin's own backup service. By default, it
|
2020-06-11 04:39:17 -07:00
|
|
|
|
# uses duplicity to incrementally back up all important files in /var/lib to
|
|
|
|
|
# /var/lib/localBackups once a day.
|
|
|
|
|
# services.backups.enable = true;
|
2021-08-15 02:28:31 -07:00
|
|
|
|
#
|
2020-06-11 04:39:17 -07:00
|
|
|
|
# You can pull the localBackups folder with
|
2021-09-24 04:51:33 -07:00
|
|
|
|
# `scp -r bitcoin-node:/var/lib/localBackups /my-backup-path/`
|
2020-06-11 04:39:17 -07:00
|
|
|
|
# Alternatively, you can also set a remote target url, for example
|
|
|
|
|
# services.backups.destination = "sftp://user@host[:port]/[relative|/absolute]_path";
|
|
|
|
|
# Supply the sftp password by appending the FTP_PASSWORD environment variable
|
|
|
|
|
# to secrets/backup-encryption-env like so
|
|
|
|
|
# `echo "FTP_PASSWORD=<password>" >> secrets/backup-encryption-env`
|
|
|
|
|
# You many also need to set a ssh host and publickey with
|
|
|
|
|
# programs.ssh.knownHosts."host" = {
|
|
|
|
|
# hostNames = [ "host" ];
|
|
|
|
|
# publicKey = "<ssh public from `ssh-keyscan`>";
|
|
|
|
|
# };
|
|
|
|
|
# If you also want to backup bulk data like the Bitcoin & Liquid blockchains
|
|
|
|
|
# and electrs data directory, enable
|
|
|
|
|
# services.backups.with-bulk-data = true;
|
|
|
|
|
|
2021-08-15 02:28:32 -07:00
|
|
|
|
### netns-isolation (EXPERIMENTAL)
|
|
|
|
|
# Enable this module to use Network Namespace Isolation. This feature places
|
|
|
|
|
# every service in its own network namespace and only allows truly necessary
|
|
|
|
|
# connections between network namespaces, making sure services are isolated on
|
|
|
|
|
# a network-level as much as possible.
|
|
|
|
|
# nix-bitcoin.netns-isolation.enable = true;
|
2020-04-23 09:18:47 -07:00
|
|
|
|
|
2019-01-01 11:16:24 -08:00
|
|
|
|
# FIXME: Define your hostname.
|
2021-01-30 14:08:40 -08:00
|
|
|
|
networking.hostName = "host";
|
2019-01-01 11:16:24 -08:00
|
|
|
|
time.timeZone = "UTC";
|
|
|
|
|
|
2022-02-03 11:46:31 -08:00
|
|
|
|
services.openssh = {
|
|
|
|
|
enable = true;
|
|
|
|
|
passwordAuthentication = false;
|
|
|
|
|
};
|
2018-12-28 05:44:32 -08:00
|
|
|
|
users.users.root = {
|
2022-02-03 11:46:31 -08:00
|
|
|
|
openssh.authorizedKeys.keys = [
|
|
|
|
|
# FIXME: Replace this with your SSH pubkey
|
|
|
|
|
"ssh-ed25519 AAAAC3..."
|
|
|
|
|
];
|
2018-12-28 05:44:32 -08:00
|
|
|
|
};
|
|
|
|
|
|
2021-10-02 02:49:50 -07:00
|
|
|
|
# FIXME: Uncomment this to allow the operator user to run
|
|
|
|
|
# commands as root with `sudo` or `doas`
|
|
|
|
|
# users.users.operator.extraGroups = [ "wheel" ];
|
|
|
|
|
|
2019-01-01 11:16:24 -08:00
|
|
|
|
# FIXME: add packages you need in your system
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
vim
|
|
|
|
|
];
|
|
|
|
|
|
2019-01-15 15:07:32 -08:00
|
|
|
|
# FIXME: Add custom options (like boot options, output of
|
|
|
|
|
# nixos-generate-config, etc.):
|
2018-12-28 05:44:32 -08:00
|
|
|
|
|
2019-01-01 11:16:24 -08:00
|
|
|
|
# This value determines the NixOS release with which your system is to be
|
|
|
|
|
# compatible, in order to avoid breaking some software such as database
|
|
|
|
|
# servers. You should change this only after NixOS release notes say you
|
|
|
|
|
# should.
|
2022-06-27 15:08:25 -07:00
|
|
|
|
system.stateVersion = "22.05"; # Did you read the comment?
|
2020-10-12 04:33:48 -07:00
|
|
|
|
|
|
|
|
|
# The nix-bitcoin release version that your config is compatible with.
|
|
|
|
|
# When upgrading to a backwards-incompatible release, nix-bitcoin will display an
|
|
|
|
|
# an error and provide hints for migrating your config to the new release.
|
2022-04-30 06:35:46 -07:00
|
|
|
|
nix-bitcoin.configVersion = "0.0.70";
|
2018-11-13 15:44:54 -08:00
|
|
|
|
}
|