remove dante&btcpayserver, update site, add btc&xmr&ipfs nodes

2025-11-05 21:33:22 +00:00 · 2025-11-05 21:33:22 +00:00 · 390b68502e
commit 390b68502e
parent 1d4b154bcd
13 changed files with 74 additions and 199 deletions
--- a/flake.lock
+++ b/flake.lock
@ -39,32 +39,6 @@
        "type": "gitlab"
      }
    },
    "extra-container": {
      "inputs": {
        "flake-utils": [
          "nix-bitcoin",
          "flake-utils"
        ],
        "nixpkgs": [
          "nix-bitcoin",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1734005403,
        "narHash": "sha256-vgh3TqfkFdnPxREBedw4MQehIDc3N8YyxBOB45n+AvU=",
        "owner": "erikarvstedt",
        "repo": "extra-container",
        "rev": "f4de6c329b306a9d3a9798a30e060c166f781baa",
        "type": "github"
      },
      "original": {
        "owner": "erikarvstedt",
        "ref": "0.13",
        "repo": "extra-container",
        "type": "github"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -81,24 +55,6 @@
        "type": "github"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1731533236,
        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "git-hooks": {
      "inputs": {
        "flake-compat": [
@ -168,29 +124,6 @@
        "type": "github"
      }
    },
    "nix-bitcoin": {
      "inputs": {
        "extra-container": "extra-container",
        "flake-utils": "flake-utils",
        "nixpkgs": [
          "nixpkgs"
        ],
        "nixpkgs-unstable": "nixpkgs-unstable"
      },
      "locked": {
        "lastModified": 1761560050,
        "narHash": "sha256-dbMLlIEamKfXP/Ww205FGDMkfEKd6Pzs/VpxUbSsmtU=",
        "owner": "fort-nix",
        "repo": "nix-bitcoin",
        "rev": "b217b6019c3bba6eba2f2f5a277464b7579c3ab9",
        "type": "github"
      },
      "original": {
        "owner": "fort-nix",
        "repo": "nix-bitcoin",
        "type": "github"
      }
    },
    "nixos-mailserver": {
      "inputs": {
        "blobs": "blobs",
@ -202,32 +135,31 @@
        "nixpkgs-25_05": "nixpkgs-25_05"
      },
      "locked": {
-        "lastModified": 1755110674,
+        "lastModified": 1762302830,
-        "narHash": "sha256-PigqTAGkdBYXVFWsJnqcirrLeFqRFN4PFigLA8FzxeI=",
+        "narHash": "sha256-f3xe6CRPT51vCQFZotJOXi/JpGOiukz0WIa86arJSE8=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "f5936247dbdb8501221978562ab0b302dd75456c",
+        "rev": "58659fbdfd8aba9bd8f4517d3e5c388c4d8266c4",
        "type": "gitlab"
      },
      "original": {
        "owner": "simple-nixos-mailserver",
        "ref": "nixos-25.05",
        "repo": "nixos-mailserver",
        "type": "gitlab"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1761597516,
+        "lastModified": 1762111121,
-        "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=",
+        "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
+        "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-25.05",
+        "ref": "nixos-unstable",
        "type": "indirect"
      }
    },
@ -247,26 +179,9 @@
        "type": "github"
      }
    },
    "nixpkgs-unstable": {
      "locked": {
        "lastModified": 1760965567,
        "narHash": "sha256-0JDOal5P7xzzAibvD0yTE3ptyvoVOAL0rcELmDdtSKg=",
        "owner": "NixOS",
        "repo": "nixpkgs",
        "rev": "cb82756ecc37fa623f8cf3e88854f9bf7f64af93",
        "type": "github"
      },
      "original": {
        "owner": "NixOS",
        "ref": "nixpkgs-unstable",
        "repo": "nixpkgs",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "agenix": "agenix",
        "nix-bitcoin": "nix-bitcoin",
        "nixos-mailserver": "nixos-mailserver",
        "nixpkgs": "nixpkgs"
      }
@ -285,21 +200,6 @@
        "repo": "default",
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -2,9 +2,9 @@
  description = "distrust.network Flake";
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-25.05";
+    nixpkgs.url = "nixpkgs/nixos-unstable";
    nixos-mailserver = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    agenix = {
@ -12,17 +12,12 @@
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.darwin.follows = "";
    };
    nix-bitcoin = {
      url = "github:fort-nix/nix-bitcoin";
      inputs.nixpkgs.follows = "nixpkgs";
    };
  };
  outputs = {
    nixpkgs,
    nixos-mailserver,
    agenix,
    nix-bitcoin,
    ...
  }: let
    inherit (nixpkgs) lib;
@ -30,7 +25,7 @@
    nixosConfigurations = {
      distrust = lib.nixosSystem {
        system = "x86_64-linux";
-        modules = [./system ./services nixos-mailserver.nixosModules.default agenix.nixosModules.default nix-bitcoin.nixosModules.default];
+        modules = [./system ./services nixos-mailserver.nixosModules.default agenix.nixosModules.default];
      };
    };
  };
--- a/services/akkoma.nix
+++ b/services/akkoma.nix
@ -1,9 +1,4 @@
-{
+{pkgs, ...}: let
  config,
  lib,
  pkgs,
  ...
 }: let
  fediPort = 8083;
  onionUrl = "http://n5j5sq55iem2hzbgvkba5vwd5gx5qj2pkb7nxyginbtmnkah74rtulad.onion";
  inherit ((pkgs.formats.elixirConf {}).lib) mkAtom;
--- a/services/btc.nix
+++ b/services/btc.nix
@ -1,3 +0,0 @@
 {
  nix-bitcoin.generateSecrets = true;
 }
--- a/services/btcpayserver.nix
+++ b/services/btcpayserver.nix
@ -1,18 +0,0 @@
 let
  btcpayPort = 8086;
  onionUrl = "http://yon54asykwaovefzstakipoigbflmfrsw243ezumd7sj4cwtsnjnlyad.onion";
 in {
  services = {
    btcpayserver = {
      enable = true;
      port = btcpayPort;
      lightningBackend = "lnd";
    };
    caddy.virtualHosts."https://pay.distrust.network ${onionUrl}".extraConfig = ''
      reverse_proxy localhost:${toString btcpayPort}
    '';
    tor.relay.onionServices."btcpayserver".map = [
      80
    ];
  };
 }
--- a/services/crypto.nix
+++ b/services/crypto.nix
@ -0,0 +1,17 @@
 {
  services = {
    bitcoind."default" = {
      enable = true;
      prune = 100000;
    };
    monero = {
      enable = true;
      prune = true;
    };
    kubo.enable = true;
  };
  networking.firewall.allowedTCPPorts = [8333 18080 4001];
 }
--- a/services/dante.nix
+++ b/services/dante.nix
@ -1,14 +0,0 @@
 {
  services.dante = {
    enable = true;
    config = ''
      internal: 0.0.0.0 port=1080
      external: eth0
      clientmethod: none
      socksmethod: none
    '';
  };
  networking.firewall.allowedTCPPorts = [1080];
  networking.firewall.allowedUDPPorts = [1080];
 }
--- a/services/default.nix
+++ b/services/default.nix
@ -7,11 +7,8 @@
    ./akkoma.nix
    ./prosody.nix
    ./lldap.nix
    # Dante not working right now, possibly misconfigured.
    #./dante.nix
    ./paste.nix
-    ./btcpayserver.nix
+    ./crypto.nix
    ./btc.nix
    ./vaultwarden.nix
    ./mailserver.nix
  ];
--- a/services/lldap.nix
+++ b/services/lldap.nix
@ -1,8 +1,8 @@
 let
  onionUrl = "http://i3a47orggn2cebueja2jur66yjgyqd2y7kzthajar4ghuerbx2kzwqyd.onion";
-in
+in {
-{
+  services = {
-  services.lldap = {
+    lldap = {
      enable = true;
      settings = {
        http_url = "https://login.distrust.network";
@ -13,12 +13,13 @@ in
      };
    };
-  services.caddy.virtualHosts."https://login.distrust.network ${onionUrl}".extraConfig = ''
+    caddy.virtualHosts."https://login.distrust.network ${onionUrl}".extraConfig = ''
      reverse_proxy localhost:17170
      header Onion-Location ${onionUrl}
    '';
-  services.tor.relay.onionServices."lldap".map = [
+    tor.relay.onionServices."lldap".map = [
      80
    ];
  };
 }
--- a/services/mailserver.nix
+++ b/services/mailserver.nix
@ -1,5 +1,6 @@
 {config, ...}: {
  mailserver = {
    stateVersion = 3;
    enable = true;
    fqdn = "distrust.network";
    domains = ["distrust.network"];
--- a/services/paste.nix
+++ b/services/paste.nix
@ -1,9 +1,9 @@
 let
  pastePort = 8087;
  onionUrl = "http://s4h5nfnwwhzku55opxlqouobioibx4htwygnp2l4fkp256lur5s53rad.onion";
-in
+in {
-{
+  services = {
-  services.microbin = {
+    microbin = {
      enable = true;
      settings = {
        MICROBIN_PORT = pastePort;
@ -15,12 +15,13 @@ in
      };
    };
-  services.caddy.virtualHosts."https://paste.distrust.network ${onionUrl}".extraConfig = ''
+    caddy.virtualHosts."https://paste.distrust.network ${onionUrl}".extraConfig = ''
      reverse_proxy localhost:${toString pastePort}
      header Onion-Location ${onionUrl}
    '';
-  services.tor.relay.onionServices."microbin".map = [
+    tor.relay.onionServices."microbin".map = [
      80
    ];
  };
 }
--- a/site/index.html
+++ b/site/index.html
@ -54,7 +54,9 @@
 	    <li>Forgejo <small><a href="http://cr27k6asjs7skvjxs6smhqfam3wlvmft2f3iins44k6p6rmmfyolobqd.onion/">[tor]</a> <a href="https://git.distrust.network">[clearnet]</a></small></li>
 	    <li>Vaultwarden <small><a href="http://gfoqwlo4nmhcywzzyhfanhkf7hz64lkjayngfyrpbd7ohaucu3q4znqd.onion/">[tor]</a> <a href="https://vault.distrust.network">[clearnet]</a> <a title="Once you have logged in for the first time, check your inbox for an invite.">[hover]</a></small></li>
 	    <li>Microbin (Paste) <small><a href="http://s4h5nfnwwhzku55opxlqouobioibx4htwygnp2l4fkp256lur5s53rad.onion">[tor]</a> <a href="https://paste.distrust.network/">[clearnet]</a></small></li>
 	    <li>Public TOR SOCKS5 Proxy <a title="You can connect to it at distrust.network:9050">[hover]</a></li>
        </ul>
 	<p>We also host nodes for <a href="https://bitcoin.org/">Bitcoin (BTC)</a>, <a href="https://www.getmonero.org/">Monero (XMR)</a>, and (soon) <a>IPFS</a> to strengthen their networks.</p>
        <p>All services have a strict no-metrics policy, with logs being kept for at most 1 hour (for debugging purposes). Where it is difficult to configure this in a service, logs are directly piped and/or symlinked to <code>/dev/null</code>.</p>
 	<p>The server runs a hardened NixOS config, and is updated when appropriate for any security/hardening tweaks. This NixOS config is auditable and freely accessible over <a href="http://cr27k6asjs7skvjxs6smhqfam3wlvmft2f3iins44k6p6rmmfyolobqd.onion/root/flake">TOR</a> and <a href="https://git.distrust.network/root/flake">clearnet</a>.</p>
        <p>If you are interested, <a href="mailto:root@distrust.network?subject=ACCOUNT%20REQUEST&body=Replace%20this%20email%20body%20with%20your%20desired%20username.">email me</a> with your desired username.</p>
--- a/system/configuration.nix
+++ b/system/configuration.nix
@ -52,6 +52,7 @@ in {
        Persistent = true;
        Unit = "clear-var-log.service";
      };
      wantedBy = ["timers.target"];
    };
  };