padreug
c2586e5814
Sets the LNBITS_BASEURL based on the domain variable and configures forwarded IPs. Removes default installation of extensions and keeps admin and user extensions configuration to streamline the initial setup.
137 lines
4.9 KiB
Nix
137 lines
4.9 KiB
Nix
{ domain, pkgs, config, lib, ... }:
|
|
|
|
let
|
|
lnbitsFlake = builtins.getFlake "path:/var/src/lnbits-src";
|
|
in
|
|
{
|
|
# Import the LNBits service module from the flake (following official guide pattern)
|
|
imports = [
|
|
"${lnbitsFlake}/nix/modules/lnbits-service.nix"
|
|
];
|
|
|
|
# LNBits service configuration
|
|
services.lnbits = {
|
|
enable = true;
|
|
host = "0.0.0.0";
|
|
port = 5000;
|
|
openFirewall = true;
|
|
stateDir = "/var/lib/lnbits";
|
|
# Use lnbits package from the flake
|
|
package = lnbitsFlake.packages.${pkgs.system}.lnbits;
|
|
env = {
|
|
# Custom extensions path (if deployed via krops)
|
|
# Extensions from /var/src/lnbits-extensions will be symlinked to /var/lib/lnbits/extensions
|
|
# LNBITS_EXTENSIONS_PATH = "/var/lib/lnbits/extensions";
|
|
LNBITS_ADMIN_UI = "true";
|
|
AUTH_ALLOWED_METHODS = "user-id-only, username-password";
|
|
LNBITS_BACKEND_WALLET_CLASS = "FakeWallet";
|
|
LNBITS_BASEURL="https://lnbits.${domain}/";
|
|
FORWARDED_ALLOW_IPS = "*";
|
|
LNBITS_SITE_TITLE = "AIO";
|
|
LNBITS_SITE_TAGLINE = "Open Source Lightning Payments Platform";
|
|
LNBITS_SITE_DESCRIPTION = "A lightning wallet for the community";
|
|
LIGHTNING_INVOICE_EXPIRY = "3600";
|
|
LNBITS_DEFAULT_WALLET_NAME = "AIO Wallet";
|
|
LNBITS_EXTENSIONS_MANIFESTS =
|
|
"https://raw.githubusercontent.com/lnbits/lnbits-extensions/main/extensions.json";
|
|
# LNBITS_EXTENSIONS_DEFAULT_INSTALL =
|
|
# "nostrclient,nostrmarket,nostrrelay,lnurlp,events";
|
|
LNBITS_ADMIN_EXTENSIONS = "ngrok,nostrclient,nostrrelay";
|
|
LNBITS_USER_DEFAULT_EXTENSIONS = "lnurlp,nostrmarket,events";
|
|
};
|
|
};
|
|
|
|
# Make openssh and sshpass available to lnbits service
|
|
systemd.services.lnbits = {
|
|
path = with pkgs; [ openssh sshpass ];
|
|
};
|
|
|
|
services.nginx = {
|
|
# Add the connection upgrade map
|
|
appendHttpConfig = ''
|
|
map $http_upgrade $connection_upgrade {
|
|
default upgrade;
|
|
"" close;
|
|
}
|
|
'';
|
|
|
|
virtualHosts."lnbits.${domain}" = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations = {
|
|
# WebSocket endpoints with additional headers that LNbits might expect
|
|
"~ ^/(api/v1/ws/|.*relay.*/)" = {
|
|
proxyPass = "http://127.0.0.1:5000";
|
|
extraConfig = ''
|
|
# WebSocket configuration
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection $connection_upgrade;
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
# WebSocket timeouts
|
|
proxy_read_timeout 3600s;
|
|
proxy_send_timeout 3600s;
|
|
proxy_connect_timeout 60s;
|
|
|
|
# Disable buffering
|
|
proxy_buffering off;
|
|
proxy_request_buffering off;
|
|
proxy_cache off;
|
|
'';
|
|
};
|
|
|
|
# General HTTP requests (with basic proxy headers)
|
|
"/" = {
|
|
proxyPass = "http://127.0.0.1:5000";
|
|
extraConfig = ''
|
|
# Basic proxy headers for HTTP (not WebSocket)
|
|
proxy_set_header Host $host;
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# Deploy custom extensions
|
|
# WARNING: L+ will REPLACE /var/lib/lnbits/extensions if it already exists!
|
|
# This will DELETE any extensions installed via the LNBits UI.
|
|
#
|
|
# Option 1: Replace extensions directory entirely (use with caution)
|
|
# Create symlink and fix ownership of deployed extensions
|
|
systemd.tmpfiles.rules = [
|
|
"L+ /var/lib/lnbits/extensions - lnbits lnbits - /var/src/lnbits-extensions"
|
|
];
|
|
|
|
# Fix ownership of deployed extensions (krops deploys as root:root)
|
|
systemd.services.lnbits-fix-extensions-ownership = {
|
|
description = "Fix ownership of deployed LNBits extensions";
|
|
before = [ "lnbits.service" ];
|
|
wantedBy = [ "lnbits.service" ];
|
|
serviceConfig = {
|
|
Type = "oneshot";
|
|
ExecStart = "${pkgs.coreutils}/bin/chown -R lnbits:lnbits /var/src/lnbits-extensions";
|
|
};
|
|
};
|
|
#
|
|
# Option 2: Manually merge deployed extensions with existing ones
|
|
# Copy deployed extensions into the extensions directory without replacing it:
|
|
# systemd.tmpfiles.rules = [
|
|
# "d /var/src/lnbits-extensions 0755 root root - -"
|
|
# ];
|
|
# systemd.services.lnbits-copy-extensions = {
|
|
# description = "Copy deployed LNBits extensions";
|
|
# before = [ "lnbits.service" ];
|
|
# wantedBy = [ "lnbits.service" ];
|
|
# serviceConfig = {
|
|
# Type = "oneshot";
|
|
# ExecStart = "${pkgs.bash}/bin/bash -c '${pkgs.rsync}/bin/rsync -av /var/src/lnbits-extensions/ /var/lib/lnbits/extensions/ && ${pkgs.coreutils}/bin/chown -R lnbits:lnbits /var/lib/lnbits/extensions/'";
|
|
# };
|
|
# };
|
|
}
|