Merge pull request #227 from naturallaw777/copilot/fix-btcpay-default-state

[WIP] Fix BTCPay Server default state in Node mode

app/sovran_systemsos_web/server.py

@@ -291,7 +291,7 @@ _PORTS_ELEMENT_CALLING = _PORTS_WEB + [
 
 SERVICE_PORT_REQUIREMENTS: dict[str, list[dict]] = {
     # Infrastructure
-    "caddy.service":                    _PORTS_WEB,
+    "caddy.service":                    [],
     # Communication
     "matrix-synapse.service":           _PORTS_MATRIX_FEDERATION,
     "livekit.service":                  _PORTS_ELEMENT_CALLING,

app/sovran_systemsos_web/static/js/update.js

@@ -163,21 +163,46 @@ function saveErrorReport() {
 
 // ── Reboot ────────────────────────────────────────────────────────
 
+var _rebootStartTime = 0;
+var _serverWentDown = false;
+
 function doReboot() {
   if ($modal) $modal.classList.remove("open");
   if ($rebuildModal) $rebuildModal.classList.remove("open");
   stopUpdatePoll();
   stopRebuildPoll();
   if ($rebootOverlay) $rebootOverlay.classList.add("visible");
+  _rebootStartTime = Date.now();
+  _serverWentDown = false;
   fetch("/api/reboot", { method: "POST" }).catch(function() {});
-  setTimeout(waitForServerReboot, REBOOT_CHECK_INTERVAL);
+  // Wait 15 seconds before the first check — give the system time to actually shut down
+  setTimeout(waitForServerReboot, 15000);
 }
 
 function waitForServerReboot() {
-  fetch("/api/config", { cache: "no-store" })
+  var controller = new AbortController();
+  var timeoutId = setTimeout(function() { controller.abort(); }, REBOOT_CHECK_INTERVAL);
+
+  fetch("/api/config", { cache: "no-store", signal: controller.signal })
     .then(function(res) {
-      if (res.ok) window.location.reload();
-      else setTimeout(waitForServerReboot, REBOOT_CHECK_INTERVAL);
+      clearTimeout(timeoutId);
+      if (res.ok && _serverWentDown) {
+        // Server is back after having been down — reboot is complete
+        window.location.reload();
+      } else if (res.ok && !_serverWentDown && (Date.now() - _rebootStartTime) < 30000) {
+        // Server still responding but hasn't gone down yet — keep waiting
+        setTimeout(waitForServerReboot, REBOOT_CHECK_INTERVAL);
+      } else if (res.ok) {
+        // Been over 30 seconds and server is responding — just reload
+        window.location.reload();
+      } else {
+        _serverWentDown = true;
+        setTimeout(waitForServerReboot, REBOOT_CHECK_INTERVAL);
+      }
     })
-    .catch(function() { setTimeout(waitForServerReboot, REBOOT_CHECK_INTERVAL); });
+    .catch(function() {
+      clearTimeout(timeoutId);
+      _serverWentDown = true;
+      setTimeout(waitForServerReboot, REBOOT_CHECK_INTERVAL);
+    });
 }

configuration.nix

@@ -31,8 +31,8 @@
   networking.hostName = "nixos";
   networking.networkmanager.enable = true;
   networking.firewall.enable = true;
-  networking.firewall.allowedTCPPorts = [ 80 443 8448 3051 ];
-  networking.firewall.allowedUDPPorts = [ 80 443 8448 3051 5353 ];
+  networking.firewall.allowedTCPPorts = [ 8448 3051 ];
+  networking.firewall.allowedUDPPorts = [ 8448 3051 5353 ];
 
   # ── Avahi (mDNS) ───────────────────────────────────────────
   services.avahi = {

modules/bitcoinecosystem.nix

@@ -55,7 +55,7 @@ lib.mkIf config.sovran_systemsOS.services.bitcoin {
   };
 
   services.btcpayserver = {
-    enable = true;
+    enable = config.sovran_systemsOS.web.btcpayserver;
   };
 
   services.btcpayserver.lightningBackend = "lnd";

modules/core/caddy.nix

@@ -3,6 +3,16 @@
 let
   exposeBtcpay = config.sovran_systemsOS.web.btcpayserver;
   extraVhosts = config.sovran_systemsOS.caddy.extraVirtualHosts;
+
+  # True when any service needs HTTPS/ACME (domain-based vhosts)
+  needsHttpsPorts =
+    config.sovran_systemsOS.web.btcpayserver
+    || config.sovran_systemsOS.services.synapse
+    || config.sovran_systemsOS.services.wordpress
+    || config.sovran_systemsOS.services.nextcloud
+    || config.sovran_systemsOS.services.vaultwarden
+    || config.sovran_systemsOS.features.haven
+    || config.sovran_systemsOS.features.element-calling;
 in
 {
   services.caddy = {
@@ -11,6 +21,10 @@ in
     group = "root";
   };
 
+  # Only open ports 80/443 when at least one domain-based service is active
+  networking.firewall.allowedTCPPorts = lib.mkIf needsHttpsPorts [ 80 443 ];
+  networking.firewall.allowedUDPPorts = lib.mkIf needsHttpsPorts [ 80 443 ];
+
   systemd.tmpfiles.rules = [
     "d /var/lib/domains 0755 caddy root -"
   ];
@@ -55,12 +69,20 @@ in
       HAVEN=$(read_domain haven)
       ACME_EMAIL=$(read_domain sslemail)
 
-      # Start with global config
+      # Start with global config — use ACME only when domain-based services are active
+      ${if needsHttpsPorts then ''
       cat > /run/caddy/Caddyfile <<EOF
 {
   email $ACME_EMAIL
 }
 EOF
+      '' else ''
+      cat > /run/caddy/Caddyfile <<EOF
+{
+  auto_https off
+}
+EOF
+      ''}
 
       # ── Matrix ──────────────────────────────────────
       if [ -n "$MATRIX" ]; then

modules/core/role-logic.nix

@@ -5,6 +5,7 @@
 
     # ── Server+Desktop Role (default) ─────────────────────────
     (lib.mkIf config.sovran_systemsOS.roles.server_plus_desktop {
+      sovran_systemsOS.web.btcpayserver = lib.mkDefault true;
     })
 
     # ── Desktop Only Role ─────────────────────────────────────

modules/core/roles.nix

@@ -55,7 +55,7 @@
     web = {
       btcpayserver = lib.mkOption {
         type = lib.types.bool;
-        default = true;
+        default = false;
         description = "Expose BTCPay Server via Caddy";
       };
     };