Loading nixos/modules/services/blockchain/ethereum/lighthouse.nix +37 −18 Original line number Diff line number Diff line { config, lib, pkgs, ... }: { config, lib, pkgs, ... }: let cfg = config.services.lighthouse; in { in { options = { services.lighthouse = { beacon = lib.mkOption { Loading Loading @@ -190,7 +194,13 @@ in { }; network = lib.mkOption { type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; default = "mainnet"; description = '' The network to connect to. Mainnet is the default ethereum network. Loading @@ -205,19 +215,19 @@ in { default = ""; example = ""; }; package = lib.mkPackageOption pkgs "lighthouse" { }; }; }; config = lib.mkIf (cfg.beacon.enable || cfg.validator.enable) { environment.systemPackages = [ pkgs.lighthouse ] ; environment.systemPackages = [ cfg.package ]; networking.firewall = lib.mkIf cfg.beacon.enable { allowedTCPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; allowedUDPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; }; systemd.services.lighthouse-beacon = lib.mkIf cfg.beacon.enable { description = "Lighthouse beacon node (connect to P2P nodes and verify blocks)"; wantedBy = [ "multi-user.target" ]; Loading @@ -227,7 +237,7 @@ in { # make sure the chain data directory is created on first run mkdir -p ${cfg.beacon.dataDir}/${cfg.network} ${pkgs.lighthouse}/bin/lighthouse beacon_node \ ${lib.getExe cfg.package} beacon_node \ --disable-upnp \ ${lib.optionalString cfg.beacon.disableDepositContractSync "--disable-deposit-contract-sync"} \ --port ${toString cfg.beacon.port} \ Loading Loading @@ -262,7 +272,10 @@ in { RestrictNamespaces = true; LockPersonality = true; RemoveIPC = true; SystemCallFilter = [ "@system-service" "~@privileged" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; Loading @@ -275,7 +288,7 @@ in { # make sure the chain data directory is created on first run mkdir -p ${cfg.validator.dataDir}/${cfg.network} ${pkgs.lighthouse}/bin/lighthouse validator_client \ ${lib.getExe cfg.package} validator_client \ --network ${cfg.network} \ --beacon-nodes ${lib.concatStringsSep "," cfg.validator.beaconNodes} \ --datadir ${cfg.validator.dataDir}/${cfg.network} \ Loading Loading @@ -305,8 +318,14 @@ in { RestrictNamespaces = true; LockPersonality = true; RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; }; Loading Loading
nixos/modules/services/blockchain/ethereum/lighthouse.nix +37 −18 Original line number Diff line number Diff line { config, lib, pkgs, ... }: { config, lib, pkgs, ... }: let cfg = config.services.lighthouse; in { in { options = { services.lighthouse = { beacon = lib.mkOption { Loading Loading @@ -190,7 +194,13 @@ in { }; network = lib.mkOption { type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; default = "mainnet"; description = '' The network to connect to. Mainnet is the default ethereum network. Loading @@ -205,19 +215,19 @@ in { default = ""; example = ""; }; package = lib.mkPackageOption pkgs "lighthouse" { }; }; }; config = lib.mkIf (cfg.beacon.enable || cfg.validator.enable) { environment.systemPackages = [ pkgs.lighthouse ] ; environment.systemPackages = [ cfg.package ]; networking.firewall = lib.mkIf cfg.beacon.enable { allowedTCPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; allowedUDPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; }; systemd.services.lighthouse-beacon = lib.mkIf cfg.beacon.enable { description = "Lighthouse beacon node (connect to P2P nodes and verify blocks)"; wantedBy = [ "multi-user.target" ]; Loading @@ -227,7 +237,7 @@ in { # make sure the chain data directory is created on first run mkdir -p ${cfg.beacon.dataDir}/${cfg.network} ${pkgs.lighthouse}/bin/lighthouse beacon_node \ ${lib.getExe cfg.package} beacon_node \ --disable-upnp \ ${lib.optionalString cfg.beacon.disableDepositContractSync "--disable-deposit-contract-sync"} \ --port ${toString cfg.beacon.port} \ Loading Loading @@ -262,7 +272,10 @@ in { RestrictNamespaces = true; LockPersonality = true; RemoveIPC = true; SystemCallFilter = [ "@system-service" "~@privileged" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; Loading @@ -275,7 +288,7 @@ in { # make sure the chain data directory is created on first run mkdir -p ${cfg.validator.dataDir}/${cfg.network} ${pkgs.lighthouse}/bin/lighthouse validator_client \ ${lib.getExe cfg.package} validator_client \ --network ${cfg.network} \ --beacon-nodes ${lib.concatStringsSep "," cfg.validator.beaconNodes} \ --datadir ${cfg.validator.dataDir}/${cfg.network} \ Loading Loading @@ -305,8 +318,14 @@ in { RestrictNamespaces = true; LockPersonality = true; RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; }; Loading
