diff --git a/examples/configuration.nix b/examples/configuration.nix
index 65a5f98..f6f293b 100644
--- a/examples/configuration.nix
+++ b/examples/configuration.nix
@@ -245,6 +245,6 @@
   # The nix-bitcoin release version that your config is compatible with.
   # When upgrading to a backwards-incompatible release, nix-bitcoin will display an
   # an error and provide hints for migrating your config to the new release.
-  nix-bitcoin.configVersion = "0.0.41";
+  nix-bitcoin.configVersion = "0.0.49";
 
 }
diff --git a/modules/joinmarket-ob-watcher.nix b/modules/joinmarket-ob-watcher.nix
index 62f670b..c668dde 100644
--- a/modules/joinmarket-ob-watcher.nix
+++ b/modules/joinmarket-ob-watcher.nix
@@ -11,7 +11,7 @@ let
     blockchain_source = no-blockchain
 
     [MESSAGING:server1]
-    host = darksci3bfoka7tw.onion
+    host = darkirc6tqgpnwd3blln3yfv5ckl47eg7llfxkmtovrv7c7iwohhb6ad.onion
     channel = joinmarket-pit
     port = 6697
     usessl = true
diff --git a/modules/joinmarket.nix b/modules/joinmarket.nix
index 8f46652..bf5bac4 100644
--- a/modules/joinmarket.nix
+++ b/modules/joinmarket.nix
@@ -27,10 +27,10 @@ let
     rpc_port = ${toString bitcoind.rpc.port}
     rpc_user = ${bitcoind.rpc.users.privileged.name}
     @@RPC_PASSWORD@@
-    ${optionalString (cfg.rpcWalletFile != null) "rpc_wallet_file=${cfg.rpcWalletFile}"}
+    ${optionalString (cfg.rpcWalletFile != null) "rpc_wallet_file = ${cfg.rpcWalletFile}"}
 
     [MESSAGING:server1]
-    host = darksci3bfoka7tw.onion
+    host = darkirc6tqgpnwd3blln3yfv5ckl47eg7llfxkmtovrv7c7iwohhb6ad.onion
     channel = joinmarket-pit
     port = 6697
     usessl = true
@@ -129,7 +129,7 @@ in {
     };
     rpcWalletFile = mkOption {
       type = types.nullOr types.str;
-      default = null;
+      default = "jm_wallet";
       description = ''
         Name of the watch-only bitcoind wallet the JoinMarket addresses are imported to.
       '';
@@ -231,32 +231,35 @@ in {
       wantedBy = [ "multi-user.target" ];
       requires = [ "bitcoind.service" ];
       after = [ "bitcoind.service" ];
-      serviceConfig = nbLib.defaultHardening // {
-        ExecStartPre = nbLib.privileged "joinmarket-create-config" ''
-          install -o '${cfg.user}' -g '${cfg.group}' -m 640 ${configFile} ${cfg.dataDir}/joinmarket.cfg
+      preStart = ''
+        install -o '${cfg.user}' -g '${cfg.group}' -m 640 ${configFile} ${cfg.dataDir}/joinmarket.cfg
           sed -i \
-             "s|@@RPC_PASSWORD@@|rpc_password = $(cat ${secretsDir}/bitcoin-rpcpassword-privileged)|" \
-             '${cfg.dataDir}/joinmarket.cfg'
+            "s|@@RPC_PASSWORD@@|rpc_password = $(cat ${secretsDir}/bitcoin-rpcpassword-privileged)|" \
+            '${cfg.dataDir}/joinmarket.cfg'
         '';
-        # Generating wallets (jmclient/wallet.py) is only supported for mainnet or testnet
-        ExecStartPost = mkIf (bitcoind.network == "mainnet")
-          (nbLib.script "joinmarket-create-wallet" ''
-            walletname=wallet.jmdat
-            wallet=${cfg.dataDir}/wallets/$walletname
-            if [[ ! -f $wallet ]]; then
-              echo "Create wallet"
-              pw=$(cat "${secretsDir}"/jm-wallet-password)
-              cd ${cfg.dataDir}
-              if ! ${nbPkgs.joinmarket}/bin/jm-genwallet --datadir=${cfg.dataDir} $walletname $pw \
-                     | grep 'recovery_seed' \
-                     | cut -d ':' -f2 \
-                     | (umask u=r,go=; cat > jm-wallet-seed); then
-                echo "wallet creation failed"
-                rm -f "$wallet" jm-wallet-seed
-                exit 1
-              fi
-            fi
-          '');
+      # Generating wallets (jmclient/wallet.py) is only supported for mainnet or testnet
+      postStart = mkIf (bitcoind.network == "mainnet") ''
+        walletname=wallet.jmdat
+        wallet=${cfg.dataDir}/wallets/$walletname
+        if [[ ! -f $wallet ]]; then
+          ${optionalString (cfg.rpcWalletFile != null) ''
+            echo "Create watch-only wallet ${cfg.rpcWalletFile}"
+            ${bitcoind.cli}/bin/bitcoin-cli -named createwallet \
+              wallet_name="${cfg.rpcWalletFile}" disable_private_keys=true
+          ''}
+          pw=$(cat "${secretsDir}"/jm-wallet-password)
+          cd ${cfg.dataDir}
+          if ! ${nbPkgs.joinmarket}/bin/jm-genwallet --datadir=${cfg.dataDir} $walletname $pw \
+                 | grep 'recovery_seed' \
+                 | cut -d ':' -f2 \
+                 | (umask u=r,go=; cat > jm-wallet-seed); then
+            echo "wallet creation failed"
+            rm -f "$wallet" jm-wallet-seed
+            exit 1
+          fi
+        fi
+      '';
+      serviceConfig = nbLib.defaultHardening // {
         ExecStart = "${nbPkgs.joinmarket}/bin/joinmarketd";
         WorkingDirectory = cfg.dataDir; # The service creates 'commitmentlist' in the working dir
         User = cfg.user;
@@ -270,7 +273,7 @@ in {
       group = cfg.group;
       home = cfg.dataDir;
       # Allow access to the tor control socket, needed for payjoin onion service creation
-      extraGroups = [ "tor" ];
+      extraGroups = [ "tor" "bitcoin" ];
     };
     users.groups.${cfg.group} = {};
     nix-bitcoin.operator = {
diff --git a/modules/versioning.nix b/modules/versioning.nix
index f34eaac..445edf8 100644
--- a/modules/versioning.nix
+++ b/modules/versioning.nix
@@ -91,6 +91,22 @@ let
           rm -f "${secretsDir}"/{lnd-seed-mnemonic,jm-wallet-seed}
       '';
     }
+    {
+      version = "0.0.49";
+      condition = config.services.joinmarket.enable;
+      message = ''
+        Starting with 0.21.0, bitcoind no longer automatically creates and loads a
+        default wallet named `wallet.dat` [1].
+        The joinmarket service now automatically creates a watch-only bitcoind wallet
+        (named by option `services.joinmarket.rpcWalletFile`) when creating a joinmarket wallet.
+
+        If you've used JoinMarket before, add the following to your configuration to
+        continue using the default `wallet.dat` wallet:
+        services.joinmarket.rpcWalletFile = null;
+
+        [1] https://github.com/bitcoin/bitcoin/pull/15454
+      '';
+    }
   ];
 
   incompatibleChanges = optionals
diff --git a/pkgs/joinmarket/default.nix b/pkgs/joinmarket/default.nix
index 6a180ee..a94c691 100644
--- a/pkgs/joinmarket/default.nix
+++ b/pkgs/joinmarket/default.nix
@@ -1,10 +1,10 @@
 { stdenv, lib, fetchurl, python3, nbPython3Packages, pkgs }:
 
 let
-  version = "0.8.2";
+  version = "0.8.3";
   src = fetchurl {
     url = "https://github.com/JoinMarket-Org/joinmarket-clientserver/archive/v${version}.tar.gz";
-    sha256 = "0bi1d49kn57b0775cd8gzsc13dbiivvnhrc61d1xb4z1cr3ih8q2";
+    sha256 = "0kcgp8lsgnbaxfv13lrg6x7vcbdi5yj526lq9vmvbbidyw4km3r2";
   };
 
   runtimePackages = with nbPython3Packages; [
diff --git a/pkgs/python-packages/coincurve/default.nix b/pkgs/python-packages/coincurve/default.nix
index 67e9a57..042ac67 100644
--- a/pkgs/python-packages/coincurve/default.nix
+++ b/pkgs/python-packages/coincurve/default.nix
@@ -1,20 +1,18 @@
-{ lib, buildPythonPackage, fetchPypi, asn1crypto, cffi, pkg-config, libtool, libffi, requests, gmp }:
+{ lib, stdenv, buildPythonPackage, fetchPypi, asn1crypto, cffi, pkg-config,
+autoconf, automake, libtool, libffi, requests }:
 
 buildPythonPackage rec {
   pname = "coincurve";
-  version = "13.0.0";
+  version = "15.0.0";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1x8dpbq6bwswfyi1g4r421hnswp904l435rf7n6fj7y8q1yn51cr";
+    sha256 = "0ras7qb4ib9sik703fcb9f3jrgq7nx5wvdgx9k1pshmrxl8lnlh6";
   };
 
-  nativeBuildInputs = [ pkg-config libtool libffi gmp ];
-
-  propagatedBuildInputs = [ asn1crypto cffi requests ];
-
-  # enable when https://github.com/ofek/coincurve/issues/47 is resolved
   doCheck = false;
+  nativeBuildInputs = [ autoconf automake libtool pkg-config ];
+  propagatedBuildInputs = [ asn1crypto cffi libffi requests ];
 
   meta = with lib; {
     description = "Cross-platform Python CFFI bindings for libsecp256k1";