diff --git a/modules/bitcoind.nix b/modules/bitcoind.nix
index f7ba15e..92f3516 100644
--- a/modules/bitcoind.nix
+++ b/modules/bitcoind.nix
@@ -33,7 +33,7 @@ let
     rpcbind=${cfg.rpc.address}
     rpcport=${toString cfg.rpc.port}
     rpcconnect=${cfg.rpc.address}
-    ${optionalString (cfg.rpc.threads != null) "rpcthreads=${toString cfg.rpcthreads}"}
+    ${optionalString (cfg.rpc.threads != null) "rpcthreads=${toString cfg.rpc.threads}"}
     rpcwhitelistdefault=0
     ${concatMapStrings (user: ''
         ${optionalString (!user.passwordHMACFromFile) "rpcauth=${user.name}:${passwordHMAC}"}
@@ -41,7 +41,7 @@ let
           "rpcwhitelist=${user.name}:${lib.strings.concatStringsSep "," user.rpcwhitelist}"}
       '') (builtins.attrValues cfg.rpc.users)
     }
-    ${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpcallowip}
+    ${lib.concatMapStrings (rpcallowip: "rpcallowip=${rpcallowip}\n") cfg.rpc.allowip}
 
     # Wallet options
     ${optionalString (cfg.addresstype != null) "addresstype=${cfg.addresstype}"}
@@ -110,6 +110,18 @@ in {
           default = 8332;
           description = "Port to listen for JSON-RPC connections.";
         };
+        threads = mkOption {
+          type = types.nullOr types.ints.u16;
+          default = null;
+          description = "The number of threads to service RPC calls.";
+        };
+        allowip = mkOption {
+          type = types.listOf types.str;
+          default = [ "127.0.0.1" ];
+          description = ''
+            Allow JSON-RPC connections from specified sources.
+          '';
+        };
         users = mkOption {
           default = {};
           example = {
@@ -154,18 +166,6 @@ in {
           '';
         };
       };
-      rpcthreads = mkOption {
-        type = types.nullOr types.ints.u16;
-        default = null;
-        description = "Set the number of threads to service RPC calls";
-      };
-      rpcallowip = mkOption {
-        type = types.listOf types.str;
-        default = [ "127.0.0.1" ];
-        description = ''
-          Allow JSON-RPC connections from specified source.
-        '';
-      };
       regtest = mkOption {
         type = types.bool;
         default = false;
diff --git a/modules/netns-isolation.nix b/modules/netns-isolation.nix
index cb61410..835ce4d 100644
--- a/modules/netns-isolation.nix
+++ b/modules/netns-isolation.nix
@@ -247,7 +247,7 @@ in {
     services.bitcoind = {
       address = netns.bitcoind.address;
       rpc.address = netns.bitcoind.address;
-      rpcallowip = [
+      rpc.allowip = [
         bridgeIp # For operator user
         netns.bitcoind.address
       ] ++ map (n: netns.${n}.address) netns.bitcoind.availableNetns;
diff --git a/modules/presets/secure-node.nix b/modules/presets/secure-node.nix
index 3d40bb7..a5a0acd 100644
--- a/modules/presets/secure-node.nix
+++ b/modules/presets/secure-node.nix
@@ -60,7 +60,7 @@ in {
       dbCache = 1000;
       # higher rpcthread count due to reports that lightning implementations fail
       # under high bitcoind rpc load
-      rpcthreads = 16;
+      rpc.threads = 16;
     };
     services.tor.hiddenServices.bitcoind = mkHiddenService { port = cfg.bitcoind.port; toHost = cfg.bitcoind.address; };