nb-container-vm.sh

vm=$(nix-build --no-out-link - <<'EOF'
let

# https://github.com/fort-nix/nix-bitcoin/issues/241
nbConfig = { config, pkgs, lib, ... }:
let
  nix-bitcoin = fetchGit rec {
    url = https://github.com/fort-nix/nix-bitcoin.git;
    ref = "master";
    rev = "43cac9d35e94f58c615aa9bd71e46310ddf17ab8";
    name = "nix-bitcoin-${rev}";
  };
  containerName = "nix-bitcoin"; # container name length is limited to 11 chars
  localAddress = "10.251.0.2"; # container address
  hostAddress = "10.251.0.1";
in {
  systemd.tmpfiles.rules = [
    "d /hdd/bitcoin - root root - -"
    "d /hdd/bitcoin/bitcoind - root root - -"
  ];
  containers.${containerName} = {
    bindMounts."/bitcoin" = {
      hostPath = "/hdd/bitcoin";
      isReadOnly = false;
    };

    autoStart = true;

    privateNetwork = true;
    inherit localAddress hostAddress;

    config = { pkgs, config, lib, ... }: {
      imports = [
        "${nix-bitcoin}/modules/presets/secure-node.nix"
        "${nix-bitcoin}/modules/secrets/generate-secrets.nix"
      ];

      # Speed up evaluation
      documentation.nixos.enable = false;

      services.bitcoind = {
        enable = true;
        package = pkgs.bitcoind;
        dataDir = "/bitcoin/bitcoind";
      };

      networking.hostName = "nix-bitcoin";
      time.timeZone = "UTC";
    };
  };

  # Allow WAN access
  systemd.services."container@${containerName}" = {
    preStart = "${pkgs.iptables}/bin/iptables -w -t nat -A POSTROUTING -s ${localAddress} -j MASQUERADE";
    # Delete rule
    postStop = "${pkgs.iptables}/bin/iptables -w -t nat -D POSTROUTING -s ${localAddress} -j MASQUERADE || true";
  };
};

in
(import <nixpkgs/nixos> {
configuration = { pkgs, lib, ... }: with lib; {
  imports = [ nbConfig ];
  virtualisation.graphics = false;
  services.mingetty.autologinUser = "root";
};
}).vm
EOF
)
export NIX_DISK_IMAGE=/tmp/vmimg; rm -f $NIX_DISK_IMAGE; QEMU_OPTS='-m 1024 -smp 3' $vm/bin/run-*-vm