diff --git a/flake.lock b/flake.lock index e930223..f031026 100644 --- a/flake.lock +++ b/flake.lock @@ -2,9 +2,11 @@ "nodes": { "agenix": { "inputs": { - "darwin": "darwin", + "darwin": [], "home-manager": "home-manager", - "nixpkgs": "nixpkgs", + "nixpkgs": [ + "nixpkgs" + ], "systems": "systems" }, "locked": { @@ -37,25 +39,29 @@ "type": "gitlab" } }, - "darwin": { + "extra-container": { "inputs": { + "flake-utils": [ + "nix-bitcoin", + "flake-utils" + ], "nixpkgs": [ - "agenix", + "nix-bitcoin", "nixpkgs" ] }, "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", - "owner": "lnl7", - "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "lastModified": 1734005403, + "narHash": "sha256-vgh3TqfkFdnPxREBedw4MQehIDc3N8YyxBOB45n+AvU=", + "owner": "erikarvstedt", + "repo": "extra-container", + "rev": "f4de6c329b306a9d3a9798a30e060c166f781baa", "type": "github" }, "original": { - "owner": "lnl7", - "ref": "master", - "repo": "nix-darwin", + "owner": "erikarvstedt", + "ref": "0.13", + "repo": "extra-container", "type": "github" } }, @@ -75,6 +81,24 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "git-hooks": { "inputs": { "flake-compat": [ @@ -144,6 +168,29 @@ "type": "github" } }, + "nix-bitcoin": { + "inputs": { + "extra-container": "extra-container", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-unstable": "nixpkgs-unstable" + }, + "locked": { + "lastModified": 1761560050, + "narHash": "sha256-dbMLlIEamKfXP/Ww205FGDMkfEKd6Pzs/VpxUbSsmtU=", + "owner": "fort-nix", + "repo": "nix-bitcoin", + "rev": "b217b6019c3bba6eba2f2f5a277464b7579c3ab9", + "type": "github" + }, + "original": { + "owner": "fort-nix", + "repo": "nix-bitcoin", + "type": "github" + } + }, "nixos-mailserver": { "inputs": { "blobs": "blobs", @@ -171,18 +218,17 @@ }, "nixpkgs": { "locked": { - "lastModified": 1754028485, - "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", + "lastModified": 1761597516, + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "59e69648d345d6e8fef86158c555730fa12af9de", + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", "type": "github" }, "original": { - "owner": "NixOS", + "id": "nixpkgs", "ref": "nixos-25.05", - "repo": "nixpkgs", - "type": "github" + "type": "indirect" } }, "nixpkgs-25_05": { @@ -201,26 +247,28 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs-unstable": { "locked": { - "lastModified": 1761597516, - "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", + "lastModified": 1760965567, + "narHash": "sha256-0JDOal5P7xzzAibvD0yTE3ptyvoVOAL0rcELmDdtSKg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", + "rev": "cb82756ecc37fa623f8cf3e88854f9bf7f64af93", "type": "github" }, "original": { - "id": "nixpkgs", - "ref": "nixos-25.05", - "type": "indirect" + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" } }, "root": { "inputs": { "agenix": "agenix", + "nix-bitcoin": "nix-bitcoin", "nixos-mailserver": "nixos-mailserver", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" } }, "systems": { @@ -237,6 +285,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 79bc84c..2f2ed1b 100644 --- a/flake.nix +++ b/flake.nix @@ -9,8 +9,12 @@ }; agenix = { url = "github:ryantm/agenix"; - inputs.agenix.inputs.nixpkgs.follows = "nixpkgs"; - inputs.agenix.inputs.darwin.follows = ""; + inputs.nixpkgs.follows = "nixpkgs"; + inputs.darwin.follows = ""; + }; + nix-bitcoin = { + url = "github:fort-nix/nix-bitcoin"; + inputs.nixpkgs.follows = "nixpkgs"; }; }; @@ -18,6 +22,7 @@ nixpkgs, nixos-mailserver, agenix, + nix-bitcoin, ... }: let inherit (nixpkgs) lib; @@ -25,7 +30,7 @@ nixosConfigurations = { distrust = lib.nixosSystem { system = "x86_64-linux"; - modules = [./system ./services nixos-mailserver.nixosModules.default agenix.nixosModules.default]; + modules = [./system ./services nixos-mailserver.nixosModules.default agenix.nixosModules.default nix-bitcoin.nixosModules.default]; }; }; }; diff --git a/services/btc.nix b/services/btc.nix new file mode 100644 index 0000000..5812acc --- /dev/null +++ b/services/btc.nix @@ -0,0 +1,3 @@ +{ + nix-bitcoin.generateSecrets = true; +} diff --git a/services/btcpayserver.nix b/services/btcpayserver.nix new file mode 100644 index 0000000..40c74c6 --- /dev/null +++ b/services/btcpayserver.nix @@ -0,0 +1,18 @@ +let + btcpayPort = 8086; + onionUrl = "http://yon54asykwaovefzstakipoigbflmfrsw243ezumd7sj4cwtsnjnlyad.onion"; +in { + services = { + btcpayserver = { + enable = true; + port = btcpayPort; + lightningBackend = "lnd"; + }; + caddy.virtualHosts."https://pay.distrust.network ${onionUrl}".extraConfig = '' + reverse_proxy localhost:${toString btcpayPort} + ''; + tor.relay.onionServices."btcpayserver".map = [ + 80 + ]; + }; +} diff --git a/services/default.nix b/services/default.nix index 3d1955a..aff3134 100644 --- a/services/default.nix +++ b/services/default.nix @@ -9,6 +9,8 @@ ./lldap.nix # Dante not working right now, possibly misconfigured. #./dante.nix + ./btcpayserver.nix + ./btc.nix ./vaultwarden.nix ./mailserver.nix ];