- Create a new nix-bitcoin node config
- Deploy the
packer
NixOS base image - Deploy the nix-bitcoin node config.
You should use a NixOS deployment method that includes local building.
In this way, common build components are cached on your main dev system so that new nodes can be built very quickly.
One possible method:- Add
nix-bitcoin.setupSecrets = true;
to the node config - For deploying:
- Generate and copy the secrets:
nix-shell ./shell.nix --run generate-secrets rsync --recursive --perms --times ./secrets/ root@usernode123:/etc/nix-bitcoin-secrets
- Build the system locally, then copy it to the host and activate it:
(This cmd is untested, it might require minor changes.)nix-shell ./shell.nix --run "NIXOS_CONFIG=$(realpath ./configuration.nix) nixos-rebuild switch --build-host localhost --target-host usernode123"
- Generate and copy the secrets:
- Add
- Create the master VM running bitcoind and lnd.
There's no need to run lnd in a separate VM, but if you really want to do it, refer to this doc section. - Create a config template for the user VM config.
This config should enablertl
and include these settings to enable public access to the remote bitcoind instance. - For each user VM (write a script to fully automate this):
- Create a folder containing:
shell.nix
, where./nix-bitcoin-release.nix
is replaced by../user-config-template/nix-bitcoin-release.nix
- A
configuration.nix
that just imports../user-config-template/configuration.nix
.
You can also add user-specific settings here.
- Copy the bitcoind RPC password:
install ../user-config-template/secrets/bitcoin-rpcpassword-public -Dt ./secrets
- Generate the secrets
nix-shell ./shell.nix --run generate-secrets
- Deploy the config
- Setup the lightning ring channels via
ssh usernode3 lncli ...
- Hand out
./secrets/rtl-password
to the user
- Create a folder containing: