https://image.nostr.build/287002a8c5b5be9b0a3c6e2527f8bdb47a59db6acee3fcf0f8ffbbe301a9d09f.gif
```
{
description = "Killy the killing machine";
inputs = {
nixpkgs = {
url = "github:NixOS/nixpkgs/nixos-unstable";
follows = "nix-bitcoin/nixpkgs-unstable";
};
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.1";
inputs = {
nixpkgs = {
follows = "nixpkgs";
};
};
};
nix-bitcoin = {
url = "github:fort-nix/nix-bitcoin/release";
};
};
outputs = { self, nixpkgs, lanzaboote, nix-bitcoin, ...}: {
nixosConfigurations = {
killy = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./configuration.nix
nix-bitcoin.nixosModules.default
lanzaboote.nixosModules.lanzaboote
({ pkgs, lib, ... }: {
environment = {
systemPackages = [
pkgs.sbctl
];
};
boot = {
loader = {
systemd-boot = {
enable = lib.mkForce false;
};
};
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
nix-bitcoin = {
generateSecrets = true;
nodeinfo = {
enable = true;
};
};
services = {
bitcoind = {
enable = true;
txindex = true;
zmqpubrawblock = "tcp://127.0.0.1:28332";
zmqpubrawtx = "tcp://127.0.0.1:28333";
};
fulcrum = {
enable = true;
};
lnd = {
enable = true;
certificate = {
extraIPs = [
“[REDACTED]”
“[REDACTED]”
];
};
};
lightning-loop = {
enable = true;
certificate = {
extraIPs = [
“[REDACTED]”
“[REDACTED]”
];
};
};
lightning-pool = {
enable = true;
};
};
})
];
};
};
};
}
``` Wish more Bitcoin related stuff used Unix socket. Sucks to have a bunch of open ports on your machine even though those are listening on loopback. With sockets you can control the access to the file using file system ACLs.
Easy peasy lemon squeezy
nostr:nevent1qqsp7umyyu5gdcynw4guqe65ytmy70wcp3gkfp9u63w6u4krrp3zr9spz9mhxue69uhkummnw3ezuamfdejj7q3qnmk2399jazpsup0vsm6dzxw7gydzm5atedj4yhdkn3yx7jh7tzpqxpqqqqqqzs0raph
Oddbean new post about login | logout 