padreug
253890ac16
Updates the Nginx configuration to correctly route websocket requests by extending the location matching regular expression. This change ensures that all websocket endpoints, including those with a '/ws' suffix, are properly proxied to the backend server.
137 lines
4.9 KiB
Nix
137 lines
4.9 KiB
Nix
{ domain, pkgs, config, lib, ... }:
|
|
|
|
let
|
|
lnbitsFlake = builtins.getFlake "path:/var/src/lnbits-src";
|
|
in
|
|
{
|
|
# Import the LNBits service module from the flake (following official guide pattern)
|
|
imports = [
|
|
"${lnbitsFlake}/nix/modules/lnbits-service.nix"
|
|
];
|
|
|
|
# LNBits service configuration
|
|
services.lnbits = {
|
|
enable = true;
|
|
host = "0.0.0.0";
|
|
port = 5000;
|
|
openFirewall = true;
|
|
stateDir = "/var/lib/lnbits";
|
|
# Use lnbits package from the flake
|
|
package = lnbitsFlake.packages.${pkgs.system}.lnbits;
|
|
env = {
|
|
# Custom extensions path (if deployed via krops)
|
|
# Extensions from /var/src/lnbits-extensions will be symlinked to /var/lib/lnbits/extensions
|
|
# LNBITS_EXTENSIONS_PATH = "/var/lib/lnbits/extensions";
|
|
LNBITS_ADMIN_UI = "true";
|
|
AUTH_ALLOWED_METHODS = "user-id-only, username-password";
|
|
LNBITS_BACKEND_WALLET_CLASS = "FakeWallet";
|
|
LNBITS_BASEURL="https://lnbits.${domain}/";
|
|
FORWARDED_ALLOW_IPS = "*";
|
|
LNBITS_SITE_TITLE = "AIO";
|
|
LNBITS_SITE_TAGLINE = "Open Source Lightning Payments Platform";
|
|
LNBITS_SITE_DESCRIPTION = "A lightning wallet for the community";
|
|
LIGHTNING_INVOICE_EXPIRY = "3600";
|
|
LNBITS_DEFAULT_WALLET_NAME = "AIO Wallet";
|
|
LNBITS_EXTENSIONS_MANIFESTS =
|
|
"https://raw.githubusercontent.com/lnbits/lnbits-extensions/main/extensions.json";
|
|
# LNBITS_EXTENSIONS_DEFAULT_INSTALL =
|
|
# "nostrclient,nostrmarket,nostrrelay,lnurlp,events";
|
|
LNBITS_ADMIN_EXTENSIONS = "ngrok,nostrclient,nostrrelay";
|
|
LNBITS_USER_DEFAULT_EXTENSIONS = "lnurlp,nostrmarket,events";
|
|
};
|
|
};
|
|
|
|
# Make openssh and sshpass available to lnbits service
|
|
systemd.services.lnbits = {
|
|
path = with pkgs; [ openssh sshpass ];
|
|
};
|
|
|
|
services.nginx = {
|
|
# Add the connection upgrade map
|
|
appendHttpConfig = ''
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
"" close;
|
|
}
|
|
'';
|
|
|
|
virtualHosts."lnbits.${domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations = {
|
|
# WebSocket endpoints with additional headers that LNbits might expect
|
|
"~ ^/(api/v1/ws/|.*relay.*/|.*/ws$)" = {
|
|
proxyPass = "http://127.0.0.1:5000";
|
|
extraConfig = ''
|
|
# WebSocket configuration
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# WebSocket timeouts
|
|
proxy_read_timeout 3600s;
|
|
proxy_send_timeout 3600s;
|
|
proxy_connect_timeout 60s;
|
|
|
|
# Disable buffering
|
|
proxy_buffering off;
|
|
proxy_request_buffering off;
|
|
proxy_cache off;
|
|
'';
|
|
};
|
|
|
|
# General HTTP requests (with basic proxy headers)
|
|
"/" = {
|
|
proxyPass = "http://127.0.0.1:5000";
|
|
extraConfig = ''
|
|
# Basic proxy headers for HTTP (not WebSocket)
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# Deploy custom extensions
|
|
# WARNING: L+ will REPLACE /var/lib/lnbits/extensions if it already exists!
|
|
# This will DELETE any extensions installed via the LNBits UI.
|
|
#
|
|
# Option 1: Replace extensions directory entirely (use with caution)
|
|
# Create symlink and fix ownership of deployed extensions
|
|
systemd.tmpfiles.rules = [
|
|
"L+ /var/lib/lnbits/extensions - lnbits lnbits - /var/src/lnbits-extensions"
|
|
];
|
|
|
|
# Fix ownership of deployed extensions (krops deploys as root:root)
|
|
systemd.services.lnbits-fix-extensions-ownership = {
|
|
description = "Fix ownership of deployed LNBits extensions";
|
|
before = [ "lnbits.service" ];
|
|
wantedBy = [ "lnbits.service" ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = "${pkgs.coreutils}/bin/chown -R lnbits:lnbits /var/src/lnbits-extensions";
|
|
};
|
|
};
|
|
#
|
|
# Option 2: Manually merge deployed extensions with existing ones
|
|
# Copy deployed extensions into the extensions directory without replacing it:
|
|
# systemd.tmpfiles.rules = [
|
|
# "d /var/src/lnbits-extensions 0755 root root - -"
|
|
# ];
|
|
# systemd.services.lnbits-copy-extensions = {
|
|
# description = "Copy deployed LNBits extensions";
|
|
# before = [ "lnbits.service" ];
|
|
# wantedBy = [ "lnbits.service" ];
|
|
# serviceConfig = {
|
|
# Type = "oneshot";
|
|
# ExecStart = "${pkgs.bash}/bin/bash -c '${pkgs.rsync}/bin/rsync -av /var/src/lnbits-extensions/ /var/lib/lnbits/extensions/ && ${pkgs.coreutils}/bin/chown -R lnbits:lnbits /var/lib/lnbits/extensions/'";
|
|
# };
|
|
# };
|
|
}
|