diff --git a/README.md b/README.md
index 71b38f2..3c5b718 100644
--- a/README.md
+++ b/README.md
@@ -1,144 +1,103 @@
-nix-bitcoin
-===
-
-[](https://cirrus-ci.com/github/fort-nix/nix-bitcoin)
-
-Nix packages and nixos modules for easily installing Bitcoin nodes and higher layer protocols with an emphasis on security.
-This is a work in progress - don't expect it to be bug-free, secure or stable.
-
-The default configuration sets up a Bitcoin Core node and c-lightning. The user can enable spark-wallet in `configuration.nix` to make c-lightning accessible with a smartphone using spark-wallet.
-A simple webpage shows the lightning nodeid and links to nanopos letting the user receive donations.
-It also includes elements-daemon.
-Outbound peer-to-peer traffic is forced through Tor, and listening services are bound to onion addresses.
-
-A demo installation is running at [http://6tr4dg3f2oa7slotdjp4syvnzzcry2lqqlcvqkfxdavxo6jsuxwqpxad.onion](http://6tr4dg3f2oa7slotdjp4syvnzzcry2lqqlcvqkfxdavxo6jsuxwqpxad.onion).
-The following screen cast shows a fresh deployment of a nix-bitcoin node.
-
- 
+ 
+
+
+
+ 
+
+
+ 
+
+
+ 
+
+
+ 
+
+
+ 
+
+
+
+nix-bitcoin is a collection of Nix packages and NixOS modules for easily installing **full-featured Bitcoin nodes** with an emphasis on **security**.
+Overview
+---
+A Bitcoin node verifies the Bitcoin protocol and provides ways of interacting with the Bitcoin network. nix-bitcoin
+nodes are used for a variety of purposes and can serve as personal or merchant wallets, second layer public
+infrastructure and as backends for Bitcoin applications. In all cases, the aim is to provide security and privacy by
+default. However, while nix-bitcoin is used in production today, it is still considered experimental.
-The goal is to make it easy to deploy a reasonably secure Bitcoin node with a usable wallet.
-It should allow managing bitcoin (the currency) effectively and providing public infrastructure.
-It should be a reproducible and extensible platform for applications building on Bitcoin.
+A full installation of nix-bitcoin is usually deployed either on a dedicated (virtual) machine or runs in a container
+and is online 24/7. Alternatively, the Nix packages, NixOS modules and configurations can be used independently and
+combined freely.
+
+nix-bitcoin is built on top of Nix and NixOS which provide powerful abstractions to keep it highly customizable and
+maintainable. Testament to this are nix-bitcoin's robust security features and its potent test framework. However,
+running nix-bitcoin does not require any previous experience with the Nix ecosystem.
Examples
---
-The easiest way to try out nix-bitcoin is to use one of the provided examples.
+See the [examples directory](examples/README.md).
-```bash
-git clone https://github.com/fort-nix/nix-bitcoin
-cd nix-bitcoin/examples/
-nix-shell
-```
-
-The following example scripts set up a nix-bitcoin node according to [`examples/configuration.nix`](examples/configuration.nix) and then
-shut down immediately. They leave no traces (outside of `/nix/store`) on the host system.
-
-- [`./deploy-container.sh`](examples/deploy-container.sh) creates a [NixOS container](https://github.com/erikarvstedt/extra-container).\
- This is the fastest way to set up a node.\
- Requires: [Nix](https://nixos.org/), a systemd-based Linux distro and root privileges
-
-- [`./deploy-qemu-vm.sh`](examples/deploy-qemu-vm.sh) creates a QEMU VM.\
- Requires: [Nix](https://nixos.org/nix/)
-
-- [`./deploy-nixops.sh`](examples/deploy-nixops.sh) creates a VirtualBox VM via [NixOps](https://github.com/NixOS/nixops).\
- NixOps can be used to deploy to various other backends like cloud providers.\
- Requires: [Nix](https://nixos.org/nix/), [VirtualBox](https://www.virtualbox.org)
-
-- [`./deploy-container-minimal.sh`](examples/deploy-container-minimal.sh) creates a
- container defined by [minimal-configuration.nix](examples/minimal-configuration.nix) that
- doesn't use the [secure-node.nix](modules/presets/secure-node.nix) preset.
- Also shows how to use nix-bitcoin in an existing NixOS config.\
- Requires: [Nix](https://nixos.org/), a systemd-based Linux distro and root privileges
-
-Run the examples with option `--interactive` or `-i` to start a shell for interacting with
-the node:
-```bash
-./deploy-qemu-vm.sh -i
-```
-
-#### Tests
-The internal test suite is also useful for exploring features.\
-The following `run-tests.sh` commands leave no traces (outside of `/nix/store`) on
-the host system.
-
-```bash
-git clone https://github.com/fort-nix/nix-bitcoin
-cd nix-bitcoin/test
-
-# Run a Python test shell inside a VM node
-./run-tests.sh debug
-print(succeed("systemctl status bitcoind"))
-
-# Run a node in a container. Requires systemd and root privileges.
-./run-tests.sh container
-c systemctl status bitcoind
-
-# Explore a single feature
-./run-tests.sh --scenario electrs container
-```
-See [`run-tests.sh`](test/run-tests.sh) for a complete documentation.
-
-Available modules
+Features
---
-By default the `configuration.nix` provides:
-* bitcoind with outbound connections through Tor and inbound connections through a hidden service. By default loaded with banlist of spy nodes.
-* [clightning](https://github.com/ElementsProject/lightning) with outbound connections through Tor, not listening
-* includes "nodeinfo" script which prints basic info about the node
-* adds non-root user "operator" which has access to bitcoin-cli and lightning-cli
+A [configuration preset](modules/presets/secure-node.nix) for setting up a secure node
+* All applications use Tor for outbound connections and accept inbound connections via onion services.
+* Includes a [nodeinfo](modules/nodeinfo.nix) script which prints basic info about the node.
-In `configuration.nix` the user can enable:
-* a clightning hidden service with [plugins](https://github.com/lightningd/plugins)
-* [liquid](https://github.com/elementsproject/elements)
-* [lightning charge](https://github.com/ElementsProject/lightning-charge)
-* [nanopos](https://github.com/ElementsProject/nanopos)
-* an index page using nginx to display node information and link to nanopos
-* [spark-wallet](https://github.com/shesek/spark-wallet)
-* [electrs](https://github.com/romanz/electrs)
-* recurring-donations, a module to repeatedly send lightning payments to recipients specified in the configuration.
-* [bitcoin-core-hwi](https://github.com/bitcoin-core/HWI).
- * You no longer need extra software to connect your hardware wallet to Bitcoin Core. Use Bitcoin Core's own **H**ardware **W**allet **I**nterface with one `configuration.nix` setting.
-
-The data directories of the services can be found in `/var/lib` on the deployed machines.
-
-Installation
----
-See [install.md](docs/install.md) for a detailed tutorial.
+NixOS modules
+* Application services
+ * [bitcoind](https://github.com/bitcoin/bitcoin), with a default banlist against spy nodes
+ * [clightning](https://github.com/ElementsProject/lightning) with support for announcing an onion service\
+ Available plugins:
+ * [clboss](https://github.com/ZmnSCPxj/clboss): automated C-Lightning Node Manager
+ * [helpme](https://github.com/lightningd/plugins/tree/master/helpme): walks you through setting up a fresh c-lightning node
+ * [monitor](https://github.com/renepickhardt/plugins/tree/master/monitor): helps you analyze the health of your peers and channels
+ * [prometheus](https://github.com/lightningd/plugins/tree/master/prometheus): lightning node exporter for the prometheus timeseries server
+ * [rebalance](https://github.com/lightningd/plugins/tree/master/rebalance): keeps your channels balanced
+ * [summary](https://github.com/lightningd/plugins/tree/master/summary): print a nice summary of the node status
+ * [zmq](https://github.com/lightningd/plugins/tree/master/zmq): publishes notifications via ZeroMQ to configured endpoints
+ * [lnd](https://github.com/lightningnetwork/lnd) with support for announcing an onion service
+ * [spark-wallet](https://github.com/shesek/spark-wallet)
+ * [electrs](https://github.com/romanz/electrs)
+ * [btcpayserver](https://github.com/btcpayserver/btcpayserver)
+ * [liquid](https://github.com/elementsproject/elements)
+ * [lightning charge](https://github.com/ElementsProject/lightning-charge) (deprecated)
+ * [nanopos](https://github.com/ElementsProject/nanopos) (deprecated)
+ * [Lightning Loop](https://github.com/lightninglabs/loop)
+ * [JoinMarket](https://github.com/joinmarket-org/joinmarket-clientserver)
+ * [recurring-donations](modules/recurring-donations.nix): for periodic lightning payments
+ * [bitcoin-core-hwi](https://github.com/bitcoin-core/HWI)
+* Helper
+ * [netns-isolation](modules/netns-isolation.nix): isolates applications on the network-level via network namespaces
+ * [backups](modules/backups.nix): daily duplicity backups of all your node's important files
+ * [operator](modules/operator.nix): adds non-root user `operator` who has access to client tools (e.g. `bitcoin-cli`, `lightning-cli`)
+ * [nix-bitcoin webindex](modules/nix-bitcoin-webindex.nix): a local website to display node information
Security
---
-* **Simplicity:** Only services you select in `configuration.nix` and their dependencies are installed, packages and dependencies are [pinned](pkgs/nixpkgs-pinned.nix), most packages are built from the [nixos stable channel](https://github.com/NixOS/nixpkgs-channels/tree/nixos-19.03), with a few exceptions that are built from the nixpkgs unstable channel, builds happen in a [sandboxed environment](https://nixos.org/nix/manual/), code is continuously reviewed and refined.
+* **Simplicity:** Only services you select in `configuration.nix` and their dependencies are installed, packages and dependencies are [pinned](pkgs/nixpkgs-pinned.nix), most packages are built from the [NixOS stable channel](https://github.com/NixOS/nixpkgs/tree/nixos-20.09), with a few exceptions that are built from the nixpkgs unstable channel, builds happen in a [sandboxed environment](https://nixos.org/manual/nix/stable/#conf-sandbox), code is continuously reviewed and refined.
* **Integrity:** Nix package manager, NixOS and packages can be built from source to reduce reliance on binary caches, nix-bitcoin merge commits are signed, all commits are approved by multiple nix-bitcoin developers, upstream packages are cryptographically verified where possible, we use this software ourselves.
-* **Principle of Least Privilege:** Services operate with least privileges; they each have their own user and are restricted further with [systemd options](modules/nix-bitcoin-services.nix), there's a non-root user *operator* to interact with the various services.
-* **Defense-in-depth:** nix-bitcoin is built with a [hardened kernel](https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix) by default, services are confined through discretionary access control, Linux namespaces, and seccomp-bpf with continuous improvements.
+* **Principle of Least Privilege:** Services operate with least privileges; they each have their own user and are restricted further with [systemd options](modules/nix-bitcoin-services.nix), [RPC whitelisting](modules/bitcoind-rpc-public-whitelist.nix), and [netns-isolation](modules/netns-isolation.nix). There's a non-root user *operator* to interact with the various services.
+* **Defense-in-depth:** nix-bitcoin is built with a [hardened kernel](https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix) by default, services are confined through discretionary access control, Linux namespaces, [dbus firewall](modules/security.nix) and seccomp-bpf with continuous improvements.
-Note that nix-bitcoin is still experimental.
-Also, by design if the machine you're deploying *from* is insecure, there is nothing nix-bitcoin can do to protect itself.
+Note that if the machine you're deploying *from* is insecure, there is nothing nix-bitcoin can do to protect itself.
-Hardware requirements
+Docs
---
-* Disk space: 300 GB (235GB for Bitcoin blockchain + some room)
- * Bitcoin Core pruning is not supported at the moment because it's not supported by c-lightning. It's possible to use pruning but you need to know what you're doing.
-* RAM: 2GB of memory. ECC memory is better. Additionally, it's recommended to use DDR4 memory with targeted row refresh (TRR) enabled (https://rambleed.com/).
-
-Tested hardware includes [pcengine's apu2c4](https://pcengines.ch/apu2c4.htm), [GB-BACE-3150](https://www.gigabyte.com/Mini-PcBarebone/GB-BACE-3150-rev-10), [GB-BACE-3160](https://www.gigabyte.com/de/Mini-PcBarebone/GB-BACE-3160-rev-10#ov).
-Some hardware (including Intel NUCs) may not be compatible with the hardened kernel turned on by default (see https://github.com/fort-nix/nix-bitcoin/issues/39#issuecomment-517366093 for a workaround).
-
-Usage
----
-For usage instructions, such as how to connect to spark-wallet, electrs and the ssh Tor Hidden Service, see [usage.md](docs/usage.md).
+* [FAQ](docs/faq.md)
+* [Hardware Requirements](docs/hardware.md)
+* [Install instructions](docs/install.md)
+* [Usage instructions](docs/usage.md)
Troubleshooting
---
If you are having problems with nix-bitcoin check the [FAQ](docs/faq.md) or submit an issue.
There's also a `#nix-bitcoin` IRC channel on freenode.
We are always happy to help.
-
-Docs
----
-* [FAQ](docs/faq.md)
-* [Install instructions](docs/install.md)
-* [Usage instructions](docs/usage.md)
diff --git a/docs/hardware.md b/docs/hardware.md
new file mode 100644
index 0000000..46279e8
--- /dev/null
+++ b/docs/hardware.md
@@ -0,0 +1,8 @@
+Hardware requirements
+---
+* Disk space: 500 GB (400GB for Bitcoin blockchain + some room)
+ * Bitcoin Core pruning is not supported at the moment because it's not supported by c-lightning. It's possible to use pruning but you need to know what you're doing.
+* RAM: 2GB of memory. ECC memory is better. Additionally, it's recommended to use DDR4 memory with targeted row refresh (TRR) enabled (https://rambleed.com/).
+
+Tested hardware includes [pcengine's apu2c4](https://pcengines.ch/apu2c4.htm), [GB-BACE-3150](https://www.gigabyte.com/Mini-PcBarebone/GB-BACE-3150-rev-10), [GB-BACE-3160](https://www.gigabyte.com/de/Mini-PcBarebone/GB-BACE-3160-rev-10#ov).
+Some hardware (including Intel NUCs) may not be compatible with the hardened kernel turned on by default (see https://github.com/fort-nix/nix-bitcoin/issues/39#issuecomment-517366093 for a workaround).
diff --git a/docs/img/nix-bitcoin-logo.png b/docs/img/nix-bitcoin-logo.png
new file mode 100644
index 0000000..72d5683
Binary files /dev/null and b/docs/img/nix-bitcoin-logo.png differ
diff --git a/examples/README.md b/examples/README.md
new file mode 100644
index 0000000..1280afb
--- /dev/null
+++ b/examples/README.md
@@ -0,0 +1,59 @@
+Examples
+---
+
+The easiest way to try out nix-bitcoin is to use one of the provided examples.
+
+```bash
+git clone https://github.com/fort-nix/nix-bitcoin
+cd nix-bitcoin/examples/
+nix-shell
+```
+
+The following example scripts set up a nix-bitcoin node according to [`configuration.nix`](configuration.nix) and then
+shut down immediately. They leave no traces (outside of `/nix/store`) on the host system.\
+By default, [`configuration.nix`](configuration.nix) enables `bitcoind` and `clightning` (with an onion service).
+
+- [`./deploy-container.sh`](deploy-container.sh) creates a [NixOS container](https://github.com/erikarvstedt/extra-container).\
+ This is the fastest way to set up a node.\
+ Requires: [Nix](https://nixos.org/), a systemd-based Linux distro and root privileges
+
+- [`./deploy-qemu-vm.sh`](deploy-qemu-vm.sh) creates a QEMU VM.\
+ Requires: [Nix](https://nixos.org/nix/)
+
+- [`./deploy-nixops.sh`](deploy-nixops.sh) creates a VirtualBox VM via [NixOps](https://github.com/NixOS/nixops).\
+ NixOps can be used to deploy to various other backends like cloud providers.\
+ Requires: [Nix](https://nixos.org/nix/), [VirtualBox](https://www.virtualbox.org)
+
+- [`./deploy-container-minimal.sh`](deploy-container-minimal.sh) creates a
+ container defined by [minimal-configuration.nix](minimal-configuration.nix) that
+ doesn't use the [secure-node.nix](../modules/presets/secure-node.nix) preset.
+ Also shows how to use nix-bitcoin in an existing NixOS config.\
+ Requires: [Nix](https://nixos.org/), a systemd-based Linux distro and root privileges
+
+Run the examples with option `--interactive` or `-i` to start a shell for interacting with
+the node:
+```bash
+./deploy-qemu-vm.sh -i
+```
+
+### Tests
+The internal test suite is also useful for exploring features.\
+The following `run-tests.sh` commands leave no traces (outside of `/nix/store`) on
+the host system.
+
+```bash
+git clone https://github.com/fort-nix/nix-bitcoin
+cd nix-bitcoin/test
+
+# Run a Python test shell inside a VM node
+./run-tests.sh debug
+print(succeed("systemctl status bitcoind"))
+
+# Run a node in a container. Requires systemd and root privileges.
+./run-tests.sh container
+c systemctl status bitcoind
+
+# Explore a single feature
+./run-tests.sh --scenario electrs container
+```
+See [`run-tests.sh`](../test/run-tests.sh) for a complete documentation.
diff --git a/test/run-tests.sh b/test/run-tests.sh
index 5b24a33..b4da8d2 100755
--- a/test/run-tests.sh
+++ b/test/run-tests.sh
@@ -1,7 +1,7 @@
#!/usr/bin/env bash
# Modules integration test runner.
-# The tests (./tests.nix) use the NixOS testing framework and are executed in a VM.
+# The tests (defined in ./tests.nix) use the NixOS testing framework and are executed in a VM.
#
# Usage:
# Run all tests