From 30209458f7b52f846aae6773210b9793552e1e82 Mon Sep 17 00:00:00 2001 From: padreug Date: Fri, 10 Oct 2025 01:15:42 +0200 Subject: [PATCH] Add support for handling machine-specific secrets in the deployment process Expanded the DEPLOYMENT-GUIDE.md to include a comprehensive section on managing encrypted secrets using Passage and Pass. Detailed steps for setting up, creating, and deploying machine-specific secrets, along with security notes. Updated krops.nix and config/lnbits.nix to include configurations for deploying custom LNBits extensions, enhancing the flexibility and security of the NixOS deployment process. --- DEPLOYMENT-GUIDE.md | 67 +++++++++++++++++++++++++++++++++++++++++++++ config/lnbits.nix | 21 ++++++++++++++ 2 files changed, 88 insertions(+) diff --git a/DEPLOYMENT-GUIDE.md b/DEPLOYMENT-GUIDE.md index eaab454..fb27809 100644 --- a/DEPLOYMENT-GUIDE.md +++ b/DEPLOYMENT-GUIDE.md @@ -193,3 +193,70 @@ config/ The key is that each machine's `configuration.nix` can import different modules while still sharing common configuration through `shared.nix`. +## Deploying LNBits Extensions + +You can deploy custom LNBits extensions to `/var/lib/lnbits/extensions` on your target machines. + +### Setup + +**1. Create extensions directory:** +```bash +mkdir -p lnbits-extensions +``` + +**2. Add your custom extensions:** +```bash +# Example: Clone a custom extension +git clone https://github.com/your-org/custom-extension lnbits-extensions/custom-extension +``` + +**3. Enable in krops.nix:** +Uncomment the lnbits-extensions line: +```nix +lnbits-extensions.file = toString ./lnbits-extensions; +``` + +**4. Enable in config/lnbits.nix:** + +Choose one of two options: + +**Option 1: Replace extensions directory** (use if you manage ALL extensions via deployment) +```nix +systemd.tmpfiles.rules = [ + "L+ /var/lib/lnbits/extensions - - - - /var/src/lnbits-extensions" +]; +``` +⚠️ **Warning:** This will DELETE any extensions installed via the LNBits UI! + +**Option 2: Merge deployed extensions** (safer - keeps UI-installed extensions) +```nix +systemd.services.lnbits-copy-extensions = { + description = "Copy deployed LNBits extensions"; + before = [ "lnbits.service" ]; + wantedBy = [ "lnbits.service" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.rsync}/bin/rsync -av /var/src/lnbits-extensions/ /var/lib/lnbits/extensions/"; + }; +}; +``` + +**5. Deploy:** +```bash +nix-build ./krops.nix -A machine1 && ./result +``` + +### How It Works + +**Option 1 (Symlink):** +- Your `./lnbits-extensions` directory is deployed to `/var/src/lnbits-extensions` +- A symlink replaces `/var/lib/lnbits/extensions` → `/var/src/lnbits-extensions` +- Any existing extensions directory is deleted +- All extensions must be managed via deployment + +**Option 2 (Copy/Merge):** +- Your `./lnbits-extensions` directory is deployed to `/var/src/lnbits-extensions` +- Deployed extensions are copied into `/var/lib/lnbits/extensions/` +- Existing UI-installed extensions are preserved +- You can mix deployed extensions with UI-installed ones + diff --git a/config/lnbits.nix b/config/lnbits.nix index 28d6545..690f900 100644 --- a/config/lnbits.nix +++ b/config/lnbits.nix @@ -81,4 +81,25 @@ }; }; }; + + # Deploy custom extensions + # WARNING: L+ will REPLACE /var/lib/lnbits/extensions if it already exists! + # This will DELETE any extensions installed via the LNBits UI. + # + # Option 1: Replace extensions directory entirely (use with caution) + # systemd.tmpfiles.rules = [ + # "L+ /var/lib/lnbits/extensions - - - - /var/src/lnbits-extensions" + # ]; + # + # Option 2: Manually merge deployed extensions with existing ones + # Copy deployed extensions into the extensions directory without replacing it: + # systemd.services.lnbits-copy-extensions = { + # description = "Copy deployed LNBits extensions"; + # before = [ "lnbits.service" ]; + # wantedBy = [ "lnbits.service" ]; + # serviceConfig = { + # Type = "oneshot"; + # ExecStart = "${pkgs.rsync}/bin/rsync -av /var/src/lnbits-extensions/ /var/lib/lnbits/extensions/"; + # }; + # }; }