diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix
index e56c704..cd2e27f 100644
--- a/modules/bitcoind.nix
+++ b/modules/bitcoind.nix
@@ -9,6 +9,8 @@ let
     ${optionalString cfg.testnet "testnet=1"}
     ${optionalString (cfg.dbCache != null) "dbcache=${toString cfg.dbCache}"}
     ${optionalString (cfg.prune != null) "prune=${toString cfg.prune}"}
+    ${optionalString (cfg.sysperms != null) "sysperms=${if cfg.sysperms then "1" else "0"}"}
+    ${optionalString (cfg.disablewallet != null) "disablewallet=${if cfg.disablewallet then "1" else "0"}"}
 
     # Connection options
     ${optionalString (cfg.port != null) "port=${toString cfg.port}"}
@@ -151,6 +153,20 @@ in {
           If enabled, the bitcoin service will listen.
         '';
       };
+      sysperms = mkOption {
+        type = types.nullOr types.bool;
+        default = null;
+        description = ''
+        Create new files with system default permissions, instead of umask 077 (only effective with disabled wallet functionality)
+        '';
+      };
+      disablewallet = mkOption {
+        type = types.nullOr types.bool;
+        default = null;
+        description = ''
+        Do not load the wallet and disable wallet RPC calls
+        '';
+      };
       dbCache = mkOption {
         type = types.nullOr (types.ints.between 4 16384);
         default = null;
@@ -195,6 +211,7 @@ in {
         chmod o-rw  '${cfg.dataDir}/bitcoin.conf'
         chown '${cfg.user}:${cfg.group}' '${cfg.dataDir}/bitcoin.conf'
         echo "rpcpassword=$(cat /secrets/bitcoin-rpcpassword)" >> '${cfg.dataDir}/bitcoin.conf'
+        chmod -R g+rX '${cfg.dataDir}/blocks'
       '';
       postStart = ''
         until '${cfg.package}'/bin/bitcoin-cli -datadir='${cfg.dataDir}' getnetworkinfo; do sleep 1; done
diff --git a/modules/electrs.nix b/modules/electrs.nix
index 69df588..20359b5 100644
--- a/modules/electrs.nix
+++ b/modules/electrs.nix
@@ -4,6 +4,8 @@ with lib;
 
 let
   cfg = config.services.electrs;
+  index-batch-size = "${if cfg.high-memory then "" else "--index-batch-size=10"}";
+  jsonrpc-import = "${if cfg.high-memory then "" else "--jsonrpc-import"}";
 in {
   options.services.electrs = {
     enable = mkOption {
@@ -18,13 +20,20 @@ in {
       default = "/var/lib/electrs";
       description = "The data directory for electrs.";
     };
+    high-memory = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+      If enabled, the electrs service will sync faster on high-memory systems (≤ 8GB).
+      '';
+    };
   };
 
   config = mkIf cfg.enable {
     users.users.electrs = {
         description = "electrs User";
         group = "electrs";
-        extraGroups = [ "bitcoinrpc" "keys" ];
+        extraGroups = [ "bitcoinrpc" "keys" "bitcoin"];
         home = cfg.dataDir;
     };
     users.groups.electrs = {
@@ -40,7 +49,7 @@ in {
       preStart = ''
         mkdir -m 0770 -p ${cfg.dataDir}
         chown 'electrs:electrs' ${cfg.dataDir}
-        echo "${pkgs.electrs}/bin/electrs -vvv --timestamp --db-dir ${cfg.dataDir} --daemon-dir /var/lib/bitcoind --cookie=${config.services.bitcoind.rpcuser}:$(cat /secrets/bitcoin-rpcpassword)" > /var/lib/electrs/startscript.sh
+        echo "${pkgs.electrs}/bin/electrs -vvv ${index-batch-size} ${jsonrpc-import} --timestamp --db-dir ${cfg.dataDir} --daemon-dir /var/lib/bitcoind --cookie=${config.services.bitcoind.rpcuser}:$(cat /secrets/bitcoin-rpcpassword)" > /var/lib/electrs/startscript.sh
         chown -R 'electrs:electrs' ${cfg.dataDir}
         chmod u+x ${cfg.dataDir}/startscript.sh
         '';	
diff --git a/modules/nix-bitcoin.nix b/modules/nix-bitcoin.nix
index 7653c98..acdea76 100644
--- a/modules/nix-bitcoin.nix
+++ b/modules/nix-bitcoin.nix
@@ -17,8 +17,7 @@ let
     lightning-charge.package
     nanopos.package
     spark-wallet.package
-    # TODO: re-enable when fixed
-    #electrs
+    electrs
     nodejs-8_x
     nginx
   ];
@@ -80,6 +79,8 @@ in {
     # bitcoind
     services.bitcoind.enable = true;
     services.bitcoind.listen = true;
+    services.bitcoind.sysperms = if config.services.electrs.enable then true else null;
+    services.bitcoind.disablewallet = if config.services.electrs.enable then true else null;
     services.bitcoind.proxy = config.services.tor.client.socksListenAddress;
     services.bitcoind.port = 8333;
     services.bitcoind.rpcuser = "bitcoinrpc";
@@ -167,14 +168,20 @@ in {
     services.nix-bitcoin-webindex.enable = cfg.modules == "all";
     services.clightning.autolisten = cfg.modules == "all";
     services.spark-wallet.enable = cfg.modules == "all";
-    # TODO: re-enable when fixed
-    services.electrs.enable = false;
     services.tor.hiddenServices.spark-wallet = {
       map = [{
         port = 80; toPort = 9737;
       }];
       version = 3;
     };
+    services.electrs.enable = cfg.modules == "all";
+    services.electrs.high-memory = false;
+    services.tor.hiddenServices.electrs = {
+      map = [{
+        port = 50001; toPort = 50001;
+      }];
+      version = 3;
+    };
     environment.systemPackages = if (cfg.modules == "all") then (minimalPackages ++ allPackages) else minimalPackages;
   };
 }
diff --git a/pkgs/electrs.nix b/pkgs/electrs.nix
index 3310084..e4527aa 100644
--- a/pkgs/electrs.nix
+++ b/pkgs/electrs.nix
@@ -2,11 +2,11 @@ let
   overlay = builtins.fetchGit {
      url = "https://github.com/mozilla/nixpkgs-mozilla";
      ref = "master";
-     rev = "f61795ea78ea2a489a2cabb27abde254d2a37d25";
+     rev = "e37160aaf4de5c4968378e7ce6fe5212f4be239f";
    };
   defaultPkgs = import <nixpkgs> {overlays = [ (import overlay) ]; };
-  defaultRust = defaultPkgs.latest.rustChannels.nightly.rust;
-  defaultCargo = defaultPkgs.latest.rustChannels.nightly.cargo;
+  defaultRust = (defaultPkgs.rustChannelOf { date = "2019-03-05"; channel = "nightly"; }).rust;
+  defaultCargo = (defaultPkgs.rustChannelOf { date = "2019-03-05"; channel = "nightly"; }).cargo;
   defaultBuildRustPackage = defaultPkgs.callPackage (import <nixpkgs/pkgs/build-support/rust>) {
     rust = {
       rustc = defaultRust;
@@ -19,7 +19,7 @@ pkgs.lib.flip pkgs.callPackage { inherit buildRustPackage; } (
   { lib, buildRustPackage, fetchFromGitHub, llvmPackages, clang }:
 
   let
-    version = "0.4.2";
+    version = "0.4.3";
 
   in buildRustPackage {
     name = "electrs-${version}";
@@ -27,11 +27,11 @@ pkgs.lib.flip pkgs.callPackage { inherit buildRustPackage; } (
     src = fetchFromGitHub {
       owner = "romanz";
       repo = "electrs";
-      rev = "5f2d4289dcb98ef283725b3d12f8733a7b9e832b";
-      sha256 = "1lqhrcyd8hdaja5k01a2banvjcbxxcwvb2p7zh05984fpzzs02gr";
+      rev = "5ab3b4648769bf4a421d48fb29c93ef048db7dbf";
+      sha256 = "1xjjs1j4wm8pv7h0gr7i8xi2j78ss3haai4hyaiavwph8kk5n0ch";
     };
 
-    cargoSha256 = "0v0cc62mx728cqfyz3x1bfh2436yiw2hkv58672j2f45cafcgp2h";
+    cargoSha256 = "0a80i77s3r4nivrrxndadzgxcpnyamrw7xqrrlz1ylwyjz00xcnf";
 
     LIBCLANG_PATH = "${llvmPackages.libclang}/lib";
     buildInputs = [ clang ];
@@ -44,5 +44,3 @@ pkgs.lib.flip pkgs.callPackage { inherit buildRustPackage; } (
     };
   }
 )
-
-
diff --git a/pkgs/nodeinfo.sh b/pkgs/nodeinfo.sh
index eb849b4..c490901 100644
--- a/pkgs/nodeinfo.sh
+++ b/pkgs/nodeinfo.sh
@@ -29,6 +29,12 @@ if [ -e "$SPARKWALLET_ONION_FILE" ]; then
     echo SPARKWALLET_ONION="http://$SPARKWALLET_ONION"
 fi
 
+ELECTRS_ONION_FILE=/var/lib/tor/onion/electrs/hostname
+if [ -e "$ELECTRS_ONION_FILE" ]; then
+    ELECTRS_ONION="$(cat $ELECTRS_ONION_FILE)"
+    echo ELECTRS_ONION="$ELECTRS_ONION"
+fi
+
 SSHD_ONION_FILE=/var/lib/tor/onion/sshd/hostname
 if [ -e "$SSHD_ONION_FILE" ]; then
     SSHD_ONION="$(cat $SSHD_ONION_FILE)"