{ domain, pkgs, config, lib, ... }: let lnbitsFlake = builtins.getFlake "path:/var/src/lnbits-src"; in { # Import the LNBits service module from the flake (following official guide pattern) imports = [ "${lnbitsFlake}/nix/modules/lnbits-service.nix" ]; # LNBits service configuration services.lnbits = { enable = true; host = "0.0.0.0"; port = 5000; openFirewall = true; stateDir = "/var/lib/lnbits"; # Use lnbits package from the flake package = lnbitsFlake.packages.${pkgs.system}.lnbits; env = { # Custom extensions path (if deployed via krops) # Extensions from /var/src/lnbits-extensions will be symlinked to /var/lib/lnbits/extensions # LNBITS_EXTENSIONS_PATH = "/var/lib/lnbits/extensions"; LNBITS_ADMIN_UI = "true"; AUTH_ALLOWED_METHODS = "user-id-only, username-password"; LNBITS_BACKEND_WALLET_CLASS = "FakeWallet"; LNBITS_BASEURL="https://lnbits.${domain}/"; FORWARDED_ALLOW_IPS = "*"; LNBITS_SITE_TITLE = "AIO"; LNBITS_SITE_TAGLINE = "Open Source Lightning Payments Platform"; LNBITS_SITE_DESCRIPTION = "A lightning wallet for the community"; LIGHTNING_INVOICE_EXPIRY = "3600"; LNBITS_DEFAULT_WALLET_NAME = "AIO Wallet"; LNBITS_EXTENSIONS_MANIFESTS = "https://raw.githubusercontent.com/lnbits/lnbits-extensions/main/extensions.json"; # LNBITS_EXTENSIONS_DEFAULT_INSTALL = # "nostrclient,nostrmarket,nostrrelay,lnurlp,events"; LNBITS_ADMIN_EXTENSIONS = "ngrok,nostrclient,nostrrelay,satmachineadmin"; LNBITS_USER_DEFAULT_EXTENSIONS = "lnurlp,nostrmarket,events,lndhub"; LNBITS_CUSTOM_FRONTEND_URL = "https://app.${domain}"; }; }; # Make openssh and sshpass available to lnbits service systemd.services.lnbits = { path = with pkgs; [ openssh sshpass ]; }; services.nginx = { # Add the connection upgrade map appendHttpConfig = '' map $http_upgrade $connection_upgrade { default upgrade; "" close; } ''; virtualHosts."lnbits.${domain}" = { forceSSL = true; enableACME = true; locations = { # WebSocket endpoints with additional headers that LNbits might expect "~ ^/(api/v1/ws/|.*relay.*/|.*/ws$)" = { proxyPass = "http://127.0.0.1:5000"; extraConfig = '' # WebSocket configuration proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # WebSocket timeouts proxy_read_timeout 3600s; proxy_send_timeout 3600s; proxy_connect_timeout 60s; # Disable buffering proxy_buffering off; proxy_request_buffering off; proxy_cache off; ''; }; # General HTTP requests (with basic proxy headers) "/" = { proxyPass = "http://127.0.0.1:5000"; extraConfig = '' # Basic proxy headers for HTTP (not WebSocket) proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; ''; }; }; }; }; # Deploy custom extensions # WARNING: L+ will REPLACE /var/lib/lnbits/extensions if it already exists! # This will DELETE any extensions installed via the LNBits UI. # # Option 1: Replace extensions directory entirely (use with caution) # systemd.tmpfiles.rules = [ # # Set permissions on source directory so lnbits user can read it # "d /var/src/lnbits-extensions 0755 lnbits lnbits - -" # # Create symlink with proper ownership # "L+ /var/lib/lnbits/extensions - lnbits lnbits - /var/src/lnbits-extensions" # ]; # # Option 2: Manually merge deployed extensions with existing ones # Copy deployed extensions into the extensions directory without replacing it: # systemd.tmpfiles.rules = [ # "d /var/src/lnbits-extensions 0755 root root - -" # ]; # systemd.services.lnbits-copy-extensions = { # description = "Copy deployed LNBits extensions"; # before = [ "lnbits.service" ]; # wantedBy = [ "lnbits.service" ]; # serviceConfig = { # Type = "oneshot"; # ExecStart = "${pkgs.bash}/bin/bash -c '${pkgs.rsync}/bin/rsync -av /var/src/lnbits-extensions/ /var/lib/lnbits/extensions/ && ${pkgs.coreutils}/bin/chown -R lnbits:lnbits /var/lib/lnbits/extensions/'"; # }; # }; }