remove dante&btcpayserver, update site, add btc&xmr&ipfs nodes

2025-11-05 21:33:22 +00:00 · 2025-11-05 21:33:22 +00:00 · 390b68502e
commit 390b68502e
parent 1d4b154bcd
13 changed files with 74 additions and 199 deletions
--- a/flake.lock
+++ b/flake.lock
@ -39,32 +39,6 @@
        "type": "gitlab"
      }
    },
-    "extra-container": {
-      "inputs": {
-        "flake-utils": [
-          "nix-bitcoin",
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "nix-bitcoin",
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1734005403,
-        "narHash": "sha256-vgh3TqfkFdnPxREBedw4MQehIDc3N8YyxBOB45n+AvU=",
-        "owner": "erikarvstedt",
-        "repo": "extra-container",
-        "rev": "f4de6c329b306a9d3a9798a30e060c166f781baa",
-        "type": "github"
-      },
-      "original": {
-        "owner": "erikarvstedt",
-        "ref": "0.13",
-        "repo": "extra-container",
-        "type": "github"
-      }
-    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -81,24 +55,6 @@
        "type": "github"
      }
    },
-    "flake-utils": {
-      "inputs": {
-        "systems": "systems_2"
-      },
-      "locked": {
-        "lastModified": 1731533236,
-        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "flake-utils",
-        "type": "github"
-      }
-    },
    "git-hooks": {
      "inputs": {
        "flake-compat": [
@ -168,29 +124,6 @@
        "type": "github"
      }
    },
-    "nix-bitcoin": {
-      "inputs": {
-        "extra-container": "extra-container",
-        "flake-utils": "flake-utils",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "nixpkgs-unstable": "nixpkgs-unstable"
-      },
-      "locked": {
-        "lastModified": 1761560050,
-        "narHash": "sha256-dbMLlIEamKfXP/Ww205FGDMkfEKd6Pzs/VpxUbSsmtU=",
-        "owner": "fort-nix",
-        "repo": "nix-bitcoin",
-        "rev": "b217b6019c3bba6eba2f2f5a277464b7579c3ab9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "fort-nix",
-        "repo": "nix-bitcoin",
-        "type": "github"
-      }
-    },
    "nixos-mailserver": {
      "inputs": {
        "blobs": "blobs",
@ -202,32 +135,31 @@
        "nixpkgs-25_05": "nixpkgs-25_05"
      },
      "locked": {
-        "lastModified": 1755110674,
-        "narHash": "sha256-PigqTAGkdBYXVFWsJnqcirrLeFqRFN4PFigLA8FzxeI=",
+        "lastModified": 1762302830,
+        "narHash": "sha256-f3xe6CRPT51vCQFZotJOXi/JpGOiukz0WIa86arJSE8=",
        "owner": "simple-nixos-mailserver",
        "repo": "nixos-mailserver",
-        "rev": "f5936247dbdb8501221978562ab0b302dd75456c",
+        "rev": "58659fbdfd8aba9bd8f4517d3e5c388c4d8266c4",
        "type": "gitlab"
      },
      "original": {
        "owner": "simple-nixos-mailserver",
-        "ref": "nixos-25.05",
        "repo": "nixos-mailserver",
        "type": "gitlab"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1761597516,
-        "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=",
+        "lastModified": 1762111121,
+        "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
+        "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-25.05",
+        "ref": "nixos-unstable",
        "type": "indirect"
      }
    },
@ -247,26 +179,9 @@
        "type": "github"
      }
    },
-    "nixpkgs-unstable": {
-      "locked": {
-        "lastModified": 1760965567,
-        "narHash": "sha256-0JDOal5P7xzzAibvD0yTE3ptyvoVOAL0rcELmDdtSKg=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "cb82756ecc37fa623f8cf3e88854f9bf7f64af93",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixpkgs-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
    "root": {
      "inputs": {
        "agenix": "agenix",
-        "nix-bitcoin": "nix-bitcoin",
        "nixos-mailserver": "nixos-mailserver",
        "nixpkgs": "nixpkgs"
      }
@ -285,21 +200,6 @@
        "repo": "default",
        "type": "github"
      }
-    },
-    "systems_2": {
-      "locked": {
-        "lastModified": 1681028828,
-        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
-        "owner": "nix-systems",
-        "repo": "default",
-        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-systems",
-        "repo": "default",
-        "type": "github"
-      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@ -2,9 +2,9 @@
  description = "distrust.network Flake";

  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-25.05";
+    nixpkgs.url = "nixpkgs/nixos-unstable";
    nixos-mailserver = {
-      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05";
+      url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
      inputs.nixpkgs.follows = "nixpkgs";
    };
    agenix = {
@ -12,17 +12,12 @@
      inputs.nixpkgs.follows = "nixpkgs";
      inputs.darwin.follows = "";
    };
-    nix-bitcoin = {
-      url = "github:fort-nix/nix-bitcoin";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
  };

  outputs = {
    nixpkgs,
    nixos-mailserver,
    agenix,
-    nix-bitcoin,
    ...
  }: let
    inherit (nixpkgs) lib;
@ -30,7 +25,7 @@
    nixosConfigurations = {
      distrust = lib.nixosSystem {
        system = "x86_64-linux";
-        modules = [./system ./services nixos-mailserver.nixosModules.default agenix.nixosModules.default nix-bitcoin.nixosModules.default];
+        modules = [./system ./services nixos-mailserver.nixosModules.default agenix.nixosModules.default];
      };
    };
  };
--- a/services/akkoma.nix
+++ b/services/akkoma.nix
@ -1,9 +1,4 @@
-{
-  config,
-  lib,
-  pkgs,
-  ...
-}: let
+{pkgs, ...}: let
  fediPort = 8083;
  onionUrl = "http://n5j5sq55iem2hzbgvkba5vwd5gx5qj2pkb7nxyginbtmnkah74rtulad.onion";
  inherit ((pkgs.formats.elixirConf {}).lib) mkAtom;
--- a/services/btc.nix
+++ b/services/btc.nix
@ -1,3 +0,0 @@
-{
-  nix-bitcoin.generateSecrets = true;
-}
--- a/services/btcpayserver.nix
+++ b/services/btcpayserver.nix
@ -1,18 +0,0 @@
-let
-  btcpayPort = 8086;
-  onionUrl = "http://yon54asykwaovefzstakipoigbflmfrsw243ezumd7sj4cwtsnjnlyad.onion";
-in {
-  services = {
-    btcpayserver = {
-      enable = true;
-      port = btcpayPort;
-      lightningBackend = "lnd";
-    };
-    caddy.virtualHosts."https://pay.distrust.network ${onionUrl}".extraConfig = ''
-      reverse_proxy localhost:${toString btcpayPort}
-    '';
-    tor.relay.onionServices."btcpayserver".map = [
-      80
-    ];
-  };
-}
--- a/services/crypto.nix
+++ b/services/crypto.nix
@ -0,0 +1,17 @@
+{
+  services = {
+    bitcoind."default" = {
+      enable = true;
+      prune = 100000;
+    };
+
+    monero = {
+      enable = true;
+      prune = true;
+    };
+
+    kubo.enable = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [8333 18080 4001];
+}
--- a/services/dante.nix
+++ b/services/dante.nix
@ -1,14 +0,0 @@
-{
-  services.dante = {
-    enable = true;
-    config = ''
-      internal: 0.0.0.0 port=1080
-      external: eth0
-      clientmethod: none
-      socksmethod: none
-    '';
-  };
-
-  networking.firewall.allowedTCPPorts = [1080];
-  networking.firewall.allowedUDPPorts = [1080];
-}
--- a/services/default.nix
+++ b/services/default.nix
@ -7,11 +7,8 @@
    ./akkoma.nix
    ./prosody.nix
    ./lldap.nix
-    # Dante not working right now, possibly misconfigured.
-    #./dante.nix
    ./paste.nix
-    ./btcpayserver.nix
-    ./btc.nix
+    ./crypto.nix
    ./vaultwarden.nix
    ./mailserver.nix
  ];
--- a/services/lldap.nix
+++ b/services/lldap.nix
@ -1,24 +1,25 @@
 let
  onionUrl = "http://i3a47orggn2cebueja2jur66yjgyqd2y7kzthajar4ghuerbx2kzwqyd.onion";
-in
-{
-  services.lldap = {
-    enable = true;
-    settings = {
-      http_url = "https://login.distrust.network";
-      ldap_user_email = "root@distrust.network";
-      ldap_user_dn = "root";
-      ldap_base_dn = "dc=distrust,dc=network";
-      ldap_user_pass = "VERY_SECURE";
+in {
+  services = {
+    lldap = {
+      enable = true;
+      settings = {
+        http_url = "https://login.distrust.network";
+        ldap_user_email = "root@distrust.network";
+        ldap_user_dn = "root";
+        ldap_base_dn = "dc=distrust,dc=network";
+        ldap_user_pass = "VERY_SECURE";
+      };
    };
+
+    caddy.virtualHosts."https://login.distrust.network ${onionUrl}".extraConfig = ''
+      reverse_proxy localhost:17170
+      header Onion-Location ${onionUrl}
+    '';
+
+    tor.relay.onionServices."lldap".map = [
+      80
+    ];
  };
-
-  services.caddy.virtualHosts."https://login.distrust.network ${onionUrl}".extraConfig = ''
-    reverse_proxy localhost:17170
-    header Onion-Location ${onionUrl}
-  '';
-
-  services.tor.relay.onionServices."lldap".map = [
-    80
-  ];
 }
--- a/services/mailserver.nix
+++ b/services/mailserver.nix
@ -1,5 +1,6 @@
 {config, ...}: {
  mailserver = {
+    stateVersion = 3;
    enable = true;
    fqdn = "distrust.network";
    domains = ["distrust.network"];
--- a/services/paste.nix
+++ b/services/paste.nix
@ -1,26 +1,27 @@
 let
  pastePort = 8087;
  onionUrl = "http://s4h5nfnwwhzku55opxlqouobioibx4htwygnp2l4fkp256lur5s53rad.onion";
-in
-{
-  services.microbin = {
-    enable = true;
-    settings = {
-      MICROBIN_PORT = pastePort;
-      MICROBIN_ENABLE_BURN_AFTER = true;
-      MICROBIN_QR = true;
-      MICROBIN_NO_LISTING = true;
-      MICROBIN_HIGHLIGHTSYNTAX = true;
-      MICROBIN_PUBLIC_PATH = "https://paste.distrust.network/";
+in {
+  services = {
+    microbin = {
+      enable = true;
+      settings = {
+        MICROBIN_PORT = pastePort;
+        MICROBIN_ENABLE_BURN_AFTER = true;
+        MICROBIN_QR = true;
+        MICROBIN_NO_LISTING = true;
+        MICROBIN_HIGHLIGHTSYNTAX = true;
+        MICROBIN_PUBLIC_PATH = "https://paste.distrust.network/";
+      };
    };
+
+    caddy.virtualHosts."https://paste.distrust.network ${onionUrl}".extraConfig = ''
+      reverse_proxy localhost:${toString pastePort}
+      header Onion-Location ${onionUrl}
+    '';
+
+    tor.relay.onionServices."microbin".map = [
+      80
+    ];
  };
-
-  services.caddy.virtualHosts."https://paste.distrust.network ${onionUrl}".extraConfig = ''
-    reverse_proxy localhost:${toString pastePort}
-    header Onion-Location ${onionUrl}
-  '';
-
-  services.tor.relay.onionServices."microbin".map = [
-    80
-  ];
 }
--- a/site/index.html
+++ b/site/index.html
@ -54,7 +54,9 @@
 	    <li>Forgejo <small><a href="http://cr27k6asjs7skvjxs6smhqfam3wlvmft2f3iins44k6p6rmmfyolobqd.onion/">[tor]</a> <a href="https://git.distrust.network">[clearnet]</a></small></li>
 	    <li>Vaultwarden <small><a href="http://gfoqwlo4nmhcywzzyhfanhkf7hz64lkjayngfyrpbd7ohaucu3q4znqd.onion/">[tor]</a> <a href="https://vault.distrust.network">[clearnet]</a> <a title="Once you have logged in for the first time, check your inbox for an invite.">[hover]</a></small></li>
 	    <li>Microbin (Paste) <small><a href="http://s4h5nfnwwhzku55opxlqouobioibx4htwygnp2l4fkp256lur5s53rad.onion">[tor]</a> <a href="https://paste.distrust.network/">[clearnet]</a></small></li>
+	    <li>Public TOR SOCKS5 Proxy <a title="You can connect to it at distrust.network:9050">[hover]</a></li>
        </ul>
+	<p>We also host nodes for <a href="https://bitcoin.org/">Bitcoin (BTC)</a>, <a href="https://www.getmonero.org/">Monero (XMR)</a>, and (soon) <a>IPFS</a> to strengthen their networks.</p>
        <p>All services have a strict no-metrics policy, with logs being kept for at most 1 hour (for debugging purposes). Where it is difficult to configure this in a service, logs are directly piped and/or symlinked to <code>/dev/null</code>.</p>
 	<p>The server runs a hardened NixOS config, and is updated when appropriate for any security/hardening tweaks. This NixOS config is auditable and freely accessible over <a href="http://cr27k6asjs7skvjxs6smhqfam3wlvmft2f3iins44k6p6rmmfyolobqd.onion/root/flake">TOR</a> and <a href="https://git.distrust.network/root/flake">clearnet</a>.</p>
        <p>If you are interested, <a href="mailto:root@distrust.network?subject=ACCOUNT%20REQUEST&body=Replace%20this%20email%20body%20with%20your%20desired%20username.">email me</a> with your desired username.</p>
--- a/system/configuration.nix
+++ b/system/configuration.nix
@ -52,6 +52,7 @@ in {
        Persistent = true;
        Unit = "clear-var-log.service";
      };
+      wantedBy = ["timers.target"];
    };
  };