2018-11-13 23:44:54 +00:00
|
|
|
|
# Edit this configuration file to define what should be installed on
|
|
|
|
|
# your system. Help is available in the configuration.nix(5) man page
|
|
|
|
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
|
|
|
|
2020-02-23 19:30:32 +00:00
|
|
|
|
{ config, pkgs, lib, ... }: {
|
2019-04-14 18:38:34 +00:00
|
|
|
|
imports = [
|
2020-04-07 20:47:32 +00:00
|
|
|
|
<nix-bitcoin/modules/presets/secure-node.nix>
|
2020-02-26 16:11:20 +00:00
|
|
|
|
|
2020-02-26 16:11:21 +00:00
|
|
|
|
# FIXME: The hardened kernel profile improves security but
|
|
|
|
|
# decreases performance by ~50%.
|
|
|
|
|
# Turn it off when not needed.
|
|
|
|
|
# Source: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
|
|
|
|
|
<nixpkgs/nixos/modules/profiles/hardened.nix>
|
2019-04-27 12:19:56 +00:00
|
|
|
|
|
2018-12-28 13:44:32 +00:00
|
|
|
|
# FIXME: Uncomment next line to import your hardware configuration. If so,
|
|
|
|
|
# add the hardware configuration file to the same directory as this file.
|
2019-01-02 14:56:57 +00:00
|
|
|
|
# This is not needed when deploying to a virtual box.
|
2018-12-10 23:24:47 +00:00
|
|
|
|
#./hardware-configuration.nix
|
2018-12-06 15:59:41 +00:00
|
|
|
|
];
|
2019-04-12 08:47:49 +00:00
|
|
|
|
# FIXME: Enable modules by uncommenting their respective line. Disable
|
2020-04-07 20:47:34 +00:00
|
|
|
|
# modules by commenting out their respective line.
|
2019-04-12 09:01:40 +00:00
|
|
|
|
|
2020-02-23 19:30:32 +00:00
|
|
|
|
### BITCOIND
|
|
|
|
|
# Bitcoind is enabled by default if nix-bitcoin is enabled
|
|
|
|
|
#
|
2020-06-02 13:12:04 +00:00
|
|
|
|
# Enable this option to set pruning to a specified MiB value.
|
|
|
|
|
# clightning is compatible with pruning. See
|
|
|
|
|
# https://github.com/ElementsProject/lightning/#pruning for more information.
|
|
|
|
|
# LND and electrs are not compatible with pruning.
|
|
|
|
|
# Note: You can override default settings from secure-node.nix as follows
|
2020-02-23 19:30:32 +00:00
|
|
|
|
# services.bitcoind.prune = lib.mkForce 100000;
|
|
|
|
|
#
|
|
|
|
|
# You can add options that are not defined in modules/bitcoind.nix as follows
|
|
|
|
|
# services.bitcoind.extraConfig = ''
|
|
|
|
|
# maxorphantx=110
|
|
|
|
|
# '';
|
|
|
|
|
|
2019-04-12 09:01:40 +00:00
|
|
|
|
### CLIGHTNING
|
2019-04-12 08:47:49 +00:00
|
|
|
|
# Enable this module to use clightning, a Lightning Network implementation
|
|
|
|
|
# in C.
|
|
|
|
|
services.clightning.enable = true;
|
2019-04-12 09:01:40 +00:00
|
|
|
|
# Enable this option to listen for incoming lightning connections. By
|
|
|
|
|
# default nix-bitcoin nodes offer outgoing connectivity.
|
|
|
|
|
# services.clightning.autolisten = true;
|
|
|
|
|
|
2019-08-05 08:44:38 +00:00
|
|
|
|
### LND
|
|
|
|
|
# Disable clightning and uncomment the following line in order to enable lnd,
|
|
|
|
|
# a lightning implementation written in Go.
|
|
|
|
|
# services.lnd.enable = assert (!config.services.clightning.enable); true;
|
2019-08-24 23:24:26 +00:00
|
|
|
|
## WARNING
|
|
|
|
|
# If you use lnd, you should manually backup your wallet mnemonic
|
|
|
|
|
# seed. This will allow you to recover on-chain funds. You can run the
|
|
|
|
|
# following command after the lnd service starts:
|
2019-08-05 08:44:38 +00:00
|
|
|
|
# nixops scp --from bitcoin-node /secrets/lnd-seed-mnemonic ./secrets/lnd-seed-mnemonic
|
2019-08-24 23:24:26 +00:00
|
|
|
|
# You should also backup your channel state after opening new channels.
|
|
|
|
|
# This will allow you to recover off-chain funds, by force-closing channels.
|
|
|
|
|
# nixops scp --from bitcoin-node /var/lib/lnd/chain/bitcoin/mainnet/channel.backup /my-backup-path/channel.backup
|
2019-08-05 08:44:38 +00:00
|
|
|
|
|
2019-04-12 09:01:40 +00:00
|
|
|
|
### SPARK WALLET
|
|
|
|
|
# Enable this module to use spark-wallet, a minimalistic wallet GUI for
|
|
|
|
|
# c-lightning, accessible over the web or through mobile and desktop apps.
|
|
|
|
|
# Only enable this if clightning is enabled.
|
|
|
|
|
# services.spark-wallet.enable = true;
|
|
|
|
|
|
|
|
|
|
### ELECTRS
|
|
|
|
|
# Enable this module to use electrs, an efficient re-implementation of
|
2019-05-13 15:13:23 +00:00
|
|
|
|
# Electrum Server in Rust. Only enable this if hardware wallets are
|
2019-05-10 15:37:32 +00:00
|
|
|
|
# disabled.
|
2019-04-12 09:01:40 +00:00
|
|
|
|
# services.electrs.enable = true;
|
2020-04-24 14:21:12 +00:00
|
|
|
|
# If you have more than 8GB memory, enable this option so electrs will
|
|
|
|
|
# sync faster.
|
2019-08-07 11:03:34 +00:00
|
|
|
|
# services.electrs.high-memory = true;
|
2019-04-12 09:01:40 +00:00
|
|
|
|
|
|
|
|
|
### LIQUIDD
|
2019-08-05 15:11:27 +00:00
|
|
|
|
# Enable this module to use Liquid, a sidechain for an inter-exchange
|
2019-04-12 09:01:40 +00:00
|
|
|
|
# settlement network linking together cryptocurrency exchanges and
|
2019-08-05 15:11:27 +00:00
|
|
|
|
# institutions around the world. Liquid is accessed with the elements-cli
|
|
|
|
|
# tool run as user operator.
|
2019-08-06 11:55:19 +00:00
|
|
|
|
# services.liquidd.enable = true;
|
2019-04-12 09:01:40 +00:00
|
|
|
|
|
|
|
|
|
### LIGHTNING CHARGE
|
2019-04-12 08:47:49 +00:00
|
|
|
|
# Enable this module to use lightning-charge, a simple drop-in solution for
|
|
|
|
|
# accepting lightning payments. Only enable this if clightning is enabled.
|
2019-04-12 09:01:40 +00:00
|
|
|
|
# services.lightning-charge.enable = true;
|
|
|
|
|
|
|
|
|
|
### NANOPOS
|
2019-04-12 08:47:49 +00:00
|
|
|
|
# Enable this module to use nanopos, a simple Lightning point-of-sale
|
|
|
|
|
# system, powered by Lightning Charge. Only enable this if clightning and
|
|
|
|
|
# lightning-charge are enabled.
|
2019-04-12 09:01:40 +00:00
|
|
|
|
# services.nanopos.enable = true;
|
|
|
|
|
|
|
|
|
|
### WEBINDEX
|
2019-04-12 08:47:49 +00:00
|
|
|
|
# Enable this module to use the nix-bitcoin-webindex, a simple website
|
|
|
|
|
# displaying your node information and link to nanopos store. Only enable
|
|
|
|
|
# this if clightning, lightning-charge, and nanopos are enabled.
|
2019-04-12 09:01:40 +00:00
|
|
|
|
# services.nix-bitcoin-webindex.enable = true;
|
2019-01-01 19:16:24 +00:00
|
|
|
|
|
2019-04-14 16:55:40 +00:00
|
|
|
|
### RECURRING-DONATIONS
|
2019-04-22 00:38:46 +00:00
|
|
|
|
# Enable this module to send recurring donations. This is EXPERIMENTAL; it's
|
|
|
|
|
# not guaranteed that payments are succeeding or that you will notice payment
|
|
|
|
|
# failure. Only enable this if clightning is enabled.
|
2019-04-14 16:55:40 +00:00
|
|
|
|
# services.recurring-donations.enable = true;
|
|
|
|
|
# Specify the receivers of the donations. By default donations are every
|
2019-04-22 17:39:15 +00:00
|
|
|
|
# Monday at a randomized time. Check `journalctl -eu recurring-donations` or
|
|
|
|
|
# `lightning-cli listpayments` for successful lightning donations.
|
2019-04-14 16:55:40 +00:00
|
|
|
|
# services.recurring-donations.tallycoin = {
|
2019-04-22 17:39:15 +00:00
|
|
|
|
# "<receiver name>" = <amount you wish to donate in sat>"
|
|
|
|
|
# "<additional receiver name>" = <amount you wish to donate in sat>;
|
2019-04-14 16:55:40 +00:00
|
|
|
|
# "djbooth007" = 1000;
|
|
|
|
|
# };
|
|
|
|
|
|
2019-04-29 20:39:25 +00:00
|
|
|
|
### Hardware wallets
|
|
|
|
|
# Enable this module to allow using hardware wallets. See https://github.com/bitcoin-core/HWI
|
2019-05-10 15:37:32 +00:00
|
|
|
|
# for more information. Only enable this if electrs is disabled.
|
2019-04-29 20:39:25 +00:00
|
|
|
|
# Ledger must be initialized through the official ledger live app and the Bitcoin app must
|
|
|
|
|
# be installed and running on the device.
|
|
|
|
|
# services.hardware-wallets.ledger = true;
|
2019-05-13 15:13:23 +00:00
|
|
|
|
# Trezor can be initialized with the trezorctl command in nix-bitcoin. More information in
|
|
|
|
|
# `docs/usage.md`.
|
2019-04-29 20:39:25 +00:00
|
|
|
|
# services.hardware-wallets.trezor = true;
|
|
|
|
|
|
2019-01-01 19:16:24 +00:00
|
|
|
|
# FIXME: Define your hostname.
|
|
|
|
|
networking.hostName = "nix-bitcoin";
|
|
|
|
|
time.timeZone = "UTC";
|
|
|
|
|
|
2018-12-28 13:44:32 +00:00
|
|
|
|
# FIXME: Add your SSH pubkey
|
2019-01-01 19:16:24 +00:00
|
|
|
|
services.openssh.enable = true;
|
2018-12-28 13:44:32 +00:00
|
|
|
|
users.users.root = {
|
|
|
|
|
openssh.authorizedKeys.keys = [ "" ];
|
|
|
|
|
};
|
|
|
|
|
|
2019-01-01 19:16:24 +00:00
|
|
|
|
# FIXME: add packages you need in your system
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
vim
|
|
|
|
|
];
|
|
|
|
|
|
2019-01-15 23:07:32 +00:00
|
|
|
|
# FIXME: Add custom options (like boot options, output of
|
|
|
|
|
# nixos-generate-config, etc.):
|
2018-12-28 13:44:32 +00:00
|
|
|
|
|
2019-04-27 12:19:56 +00:00
|
|
|
|
# If the hardened profile is imported above, we need to explicitly allow
|
|
|
|
|
# user namespaces to enable sanboxed builds and services.
|
|
|
|
|
security.allowUserNamespaces = true;
|
|
|
|
|
|
2019-01-01 19:16:24 +00:00
|
|
|
|
# This value determines the NixOS release with which your system is to be
|
|
|
|
|
# compatible, in order to avoid breaking some software such as database
|
|
|
|
|
# servers. You should change this only after NixOS release notes say you
|
|
|
|
|
# should.
|
|
|
|
|
system.stateVersion = "18.09"; # Did you read the comment?
|
2018-11-13 23:44:54 +00:00
|
|
|
|
}
|