-
-
Notifications
You must be signed in to change notification settings - Fork 32
/
default.nix
149 lines (136 loc) · 4.47 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
{
config,
lib,
pkgs,
...
}: let
inherit
(builtins)
isBool
isList
toString
;
inherit
(lib)
boolToString
concatStringsSep
filterAttrs
findFirst
flatten
hasPrefix
mapAttrs'
mapAttrsToList
mkIf
mkMerge
nameValuePair
optionals
zipAttrsWith
;
modulesLib = import ../lib.nix lib;
inherit (modulesLib) mkArgs baseServiceConfig;
# capture config for all configured netherminds
eachNethermind = config.services.ethereum.nethermind;
in {
###### interface
inherit (import ./options.nix {inherit lib pkgs;}) options;
###### implementation
config = mkIf (eachNethermind != {}) {
# configure the firewall for each service
networking.firewall = let
openFirewall = filterAttrs (_: cfg: cfg.openFirewall) eachNethermind;
perService =
mapAttrsToList
(
_: cfg:
with cfg.args; {
allowedUDPPorts = [modules.Network.DiscoveryPort];
allowedTCPPorts =
[modules.Network.P2PPort modules.JsonRpc.EnginePort]
++ (optionals modules.JsonRpc.Enabled [modules.JsonRpc.Port modules.JsonRpc.WebSocketsPort])
++ (optionals modules.Metrics.Enabled && (modules.Metrics.ExposePort != null) [modules.Metrics.ExposePort]);
}
)
openFirewall;
in
zipAttrsWith (_name: flatten) perService;
# create a service for each instance
systemd.services =
mapAttrs' (
nethermindName: let
serviceName = "nethermind-${nethermindName}";
in
cfg: let
scriptArgs = let
# custom arg reducer for nethermind
argReducer = value:
if (isList value)
then concatStringsSep "," value
else if (isBool value)
then boolToString value
else toString value;
# remove modules from arguments
pathReducer = path: let
arg = concatStringsSep "." (lib.lists.remove "modules" path);
in "--${arg}";
# custom arg formatter for nethermind
argFormatter = {
path,
value,
argReducer,
pathReducer,
...
}: let
arg = pathReducer path;
in "${arg} ${argReducer value}";
jwtSecret =
if cfg.args.modules.JsonRpc.JwtSecretFile != null
then "--JsonRpc.JwtSecretFile %d/jwtsecret"
else "";
datadir =
if cfg.args.datadir != null
then "--datadir ${cfg.args.datadir}"
else "--datadir %S/${serviceName}";
# generate flags
args = let
opts = import ./args.nix lib;
in
mkArgs {
inherit pathReducer argReducer argFormatter opts;
inherit (cfg) args;
};
# filter out certain args which need to be treated differently
specialArgs = ["--JsonRpc.JwtSecretFile"];
isNormalArg = name: (findFirst (arg: hasPrefix arg name) null specialArgs) == null;
filteredArgs = builtins.filter isNormalArg args;
in ''
${datadir}
${jwtSecret} \
${concatStringsSep " \\\n" filteredArgs} \
${lib.escapeShellArgs cfg.extraArgs}
'';
in
nameValuePair serviceName (mkIf cfg.enable {
after = ["network.target"];
wantedBy = ["multi-user.target"];
description = "Nethermind Node (${nethermindName})";
environment = {
WEB3_HTTP_HOST = cfg.args.modules.JsonRpc.EngineHost;
WEB3_HTTP_PORT = builtins.toString cfg.args.modules.JsonRpc.Port;
};
# create service config by merging with the base config
serviceConfig = mkMerge [
baseServiceConfig
{
User = serviceName;
StateDirectory = serviceName;
ExecStart = "${cfg.package}/bin/nethermind ${scriptArgs}";
}
(mkIf (cfg.args.modules.JsonRpc.JwtSecretFile != null) {
LoadCredential = ["jwtsecret:${cfg.args.modules.JsonRpc.JwtSecretFile}"];
})
];
})
)
eachNethermind;
};
}