padreug/krops-multi-deploy
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
krops-multi-deploy/config/lnbits.nix
padreug 30209458f7 Add support for handling machine-specific secrets in the deployment process 
Expanded the DEPLOYMENT-GUIDE.md to include a comprehensive section on managing encrypted secrets using Passage and Pass. Detailed steps for setting up, creating, and deploying machine-specific secrets, along with security notes. Updated krops.nix and config/lnbits.nix to include configurations for deploying custom LNBits extensions, enhancing the flexibility and security of the NixOS deployment process.
2025-10-10 01:15:42 +02:00

105 lines
3.7 KiB
Nix
Raw Blame History

{ domain, pkgs, ... }:
{
# LNBits service configuration
services.lnbits = {
enable = true;
host = "0.0.0.0";
port = 5000;
openFirewall = true;
stateDir = "/var/lib/lnbits";
# Use lnbits from deployed flake source at /var/src/lnbits-src
package = (builtins.getFlake "path:/var/src/lnbits-src").packages.${pkgs.system}.lnbits;
env = {
LNBITS_ADMIN_UI = "true";
AUTH_ALLOWED_METHODS = "user-id-only, username-password";
LNBITS_BACKEND_WALLET_CLASS = "FakeWallet";
LNBITS_SITE_TITLE = "AIO";
LNBITS_SITE_TAGLINE = "Open Source Lightning Payments Platform";
LNBITS_SITE_DESCRIPTION = "A lightning wallet for the community";
LIGHTNING_INVOICE_EXPIRY = "3600";
LNBITS_DEFAULT_WALLET_NAME = "AIO Wallet";
LNBITS_EXTENSIONS_MANIFESTS =
"https://raw.githubusercontent.com/lnbits/lnbits-extensions/main/extensions.json";
LNBITS_EXTENSIONS_DEFAULT_INSTALL =
"nostrclient,nostrmarket,nostrrelay,lnurlp,events";
LNBITS_ADMIN_EXTENSIONS = "ngrok,nostrclient,nostrrelay";
LNBITS_USER_DEFAULT_EXTENSIONS = "lnurlp,nostrmarket,events";
FORWARDED_ALLOW_IPS = "*";
};
};
services.nginx = {
# Add the connection upgrade map
appendHttpConfig = ''
map $http_upgrade $connection_upgrade {
default upgrade;
"" close;
}
'';
virtualHosts."lnbits.${domain}" = {
forceSSL = true;
enableACME = true;
locations = {
# WebSocket endpoints with additional headers that LNbits might expect
"~ ^/(api/v1/ws/|.*relay.*/)" = {
proxyPass = "http://127.0.0.1:5000";
extraConfig = ''
# WebSocket configuration
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket timeouts
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_connect_timeout 60s;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
proxy_cache off;
'';
};
# General HTTP requests (with basic proxy headers)
"/" = {
proxyPass = "http://127.0.0.1:5000";
extraConfig = ''
# Basic proxy headers for HTTP (not WebSocket)
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
};
# Deploy custom extensions
# WARNING: L+ will REPLACE /var/lib/lnbits/extensions if it already exists!
# This will DELETE any extensions installed via the LNBits UI.
#
# Option 1: Replace extensions directory entirely (use with caution)
# systemd.tmpfiles.rules = [
# "L+ /var/lib/lnbits/extensions - - - - /var/src/lnbits-extensions"
# ];
#
# Option 2: Manually merge deployed extensions with existing ones
# Copy deployed extensions into the extensions directory without replacing it:
# systemd.services.lnbits-copy-extensions = {
# description = "Copy deployed LNBits extensions";
# before = [ "lnbits.service" ];
# wantedBy = [ "lnbits.service" ];
# serviceConfig = {
# Type = "oneshot";
# ExecStart = "${pkgs.rsync}/bin/rsync -av /var/src/lnbits-extensions/ /var/lib/lnbits/extensions/";
# };
# };
}
Reference in a new issue View git blame Copy permalink