nix-bitcoin/flake.nix

128 lines
4.3 KiB
Nix
Raw Normal View History

{
description = ''
A collection of Nix packages and NixOS modules for easily
installing full-featured Bitcoin nodes with an emphasis on security.
'';
inputs = {
2021-12-08 12:12:32 +00:00
nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.11";
nixpkgsUnstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
flake-utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, nixpkgsUnstable, flake-utils }:
let
supportedSystems = [ "x86_64-linux" "i686-linux" "aarch64-linux" ];
in
rec {
lib = {
mkNbPkgs = {
system
, pkgs ? nixpkgs.legacyPackages.${system}
, pkgsUnstable ? nixpkgsUnstable.legacyPackages.${system}
}:
import ./pkgs { inherit pkgs pkgsUnstable; };
};
overlay = final: prev: let
nbPkgs = lib.mkNbPkgs { inherit (final) system; pkgs = final; };
in removeAttrs nbPkgs [ "pinned" "nixops19_09" "krops" ];
nixosModule = { config, pkgs, lib, ... }: {
imports = [ ./modules/modules.nix ];
options = with lib; {
nix-bitcoin.useVersionLockedPkgs = mkOption {
type = types.bool;
default = false;
description = ''
Use the nixpkgs version locked by this flake for `nix-bitcoin.pkgs`.
Only relevant if you are using a nixpkgs version for evaluating your system
that differs from the one that is locked by this flake (via input `nixpkgs`).
If this is the case, enabling this option may result in a more stable system
because the nix-bitcoin services use the exact pkgs versions that are tested
by nix-bitcoin.
The downsides are increased evaluation times and increased system
closure size.
If `false`, the default system pkgs are used.
'';
};
};
config = {
nix-bitcoin.pkgs =
if config.nix-bitcoin.useVersionLockedPkgs
then (self.lib.mkNbPkgs { inherit (config.nixpkgs) system; }).modulesPkgs
else (self.lib.mkNbPkgs { inherit (pkgs) system; inherit pkgs; }).modulesPkgs;
};
};
defaultTemplate = {
description = "Basic node template";
path = ./examples/flakes;
};
} // (flake-utils.lib.eachSystem supportedSystems (system:
let
pkgs = nixpkgs.legacyPackages.${system};
nbPkgs = self.lib.mkNbPkgs { inherit system pkgs; };
mkVMScript = vm: pkgs.writers.writeBash "run-vm" ''
set -euo pipefail
export TMPDIR=$(mktemp -d /tmp/nix-bitcoin-vm.XXX)
trap "rm -rf $TMPDIR" EXIT
export NIX_DISK_IMAGE=$TMPDIR/nixos.qcow2
QEMU_OPTS="-smp $(nproc) -m 1500" ${vm}/bin/run-*-vm
'';
in rec {
packages = flake-utils.lib.flattenTree (removeAttrs nbPkgs [
"pinned" "modulesPkgs" "nixops19_09" "krops" "generate-secrets" "netns-exec"
]) // {
runVM = mkVMScript packages.vm;
# This is a simple demo VM.
# See ./examples/flakes/flake.nix on how to use nix-bitcoin with flakes.
vm = let
nix-bitcoin = self;
in
(import "${nixpkgs}/nixos" {
inherit system;
configuration = {
imports = [
nix-bitcoin.nixosModule
"${nix-bitcoin}/modules/presets/secure-node.nix"
];
nix-bitcoin.generateSecrets = true;
services.clightning.enable = true;
# For faster startup in offline VMs
services.clightning.extraConfig = "disable-dns";
nixpkgs.pkgs = pkgs;
virtualisation.graphics = false;
services.getty.autologinUser = "root";
nix.nixPath = [ "nixpkgs=${nixpkgs}" ];
};
}).vm;
};
# Allow accessing the whole nested `nbPkgs` attrset (including `modulesPkgs`)
# via this flake.
# `packages` is not allowed to contain nested pkgs attrsets.
legacyPackages = nbPkgs;
defaultApp = apps.vm;
apps = {
# Run a basic nix-bitcoin node in a VM
vm = {
type = "app";
program = toString packages.runVM;
};
};
}
));
}