node.nix

# configuration.nix
{ config, pkgs, ... }:

{
  imports =
    [ 
      ./hardware-configuration
      ./bitcoin
    ];
    services.openssh.enable = true;
    services.openssh.permitRootLogin = "prohibit-password";
    users.users.root.openssh.authorizedKeys.keys = [
   
    ];
    system.stateVersion = "20.03";
# bitcoin.nix
{ config, pkgs, lib, ... }: {
  imports = [
    <nix-bitcoin/modules/presets/secure-node.nix>
    <nix-bitcoin/modules/secrets/generate-secrets.nix>
  ];
  services.lnd.enable = true;
  
  services.lnd.extraConfig = ''
      accept-keysend=1
      rpclisten=127.0.0.1:10009
      rpclisten=10.100.0.4:10009
    '';
  services.lightning-loop.enable = true;

}

## krops.nix
let
  krops = builtins.fetchGit {
    url = "https://cgit.krebsco.de/krops/";
  };
  lib = import "${krops}/lib";
  pkgs = import "${krops}/pkgs" {};
nodeSource = lib.evalSource [
  {
    nixpkgs.git = {
        ref = "origin/nixos-20.03";
        url = https://github.com/NixOS/nixpkgs-channels;
      };
    nix-bitcoin.git = {
      ref = "origin/lightning-loop";
      url = "https://github.com/nixbitcoin/nix-bitcoin.git";
    };
    nixos-config.file = toString ./node/configuration.nix;
    hardware-configuration.file = toString ./node/hardware-configuration.nix;
    bitcoin.file = toString ./node/bitcoin.nix;
  }
];
in {
  node = pkgs.krops.writeDeploy "deploy-server01" {
    source = nodeSource;
    target = "root@x.x.x.x";
  };
}

deploy with nix-build --show-trace ./krops.nix -A node && ./result