Loading nixos/modules/services/blockchain/ethereum/geth.nix +37 −3 Original line number Diff line number Diff line Loading @@ -61,6 +61,35 @@ let }; }; authrpc = { enable = lib.mkEnableOption "Go Ethereum Auth RPC API"; address = mkOption { type = types.str; default = "127.0.0.1"; description = lib.mdDoc "Listen address of Go Ethereum Auth RPC API."; }; port = mkOption { type = types.port; default = 8551; description = lib.mdDoc "Port number of Go Ethereum Auth RPC API."; }; vhosts = mkOption { type = types.nullOr (types.listOf types.str); default = ["localhost"]; description = lib.mdDoc "List of virtual hostnames from which to accept requests."; example = ["localhost" "geth.example.org"]; }; jwtsecret = mkOption { type = types.str; default = ""; description = lib.mdDoc "Path to a JWT secret for authenticated RPC endpoint."; example = "/var/run/geth/jwtsecret"; }; }; metrics = { enable = lib.mkEnableOption "Go Ethereum prometheus metrics"; address = mkOption { Loading Loading @@ -136,7 +165,10 @@ in cfg.package ]) eachGeth); systemd.services = mapAttrs' (gethName: cfg: ( systemd.services = mapAttrs' (gethName: cfg: let stateDir = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}"; dataDir = "/var/lib/${stateDir}"; in ( nameValuePair "geth-${gethName}" (mkIf cfg.enable { description = "Go Ethereum node (${gethName})"; wantedBy = [ "multi-user.target" ]; Loading @@ -145,7 +177,7 @@ in serviceConfig = { DynamicUser = true; Restart = "always"; StateDirectory = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}"; StateDirectory = stateDir; # Hardening measures PrivateTmp = "true"; Loading @@ -169,8 +201,10 @@ in ${if cfg.websocket.enable then ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}'' else ""} \ ${optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \ ${optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \ --authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \ ${if (cfg.authrpc.jwtsecret != "") then ''--authrpc.jwtsecret ${cfg.authrpc.jwtsecret}'' else ''--authrpc.jwtsecret ${dataDir}/geth/jwtsecret''} \ ${lib.escapeShellArgs cfg.extraArgs} \ --datadir /var/lib/goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network} --datadir ${dataDir} ''; }))) eachGeth; Loading Loading
nixos/modules/services/blockchain/ethereum/geth.nix +37 −3 Original line number Diff line number Diff line Loading @@ -61,6 +61,35 @@ let }; }; authrpc = { enable = lib.mkEnableOption "Go Ethereum Auth RPC API"; address = mkOption { type = types.str; default = "127.0.0.1"; description = lib.mdDoc "Listen address of Go Ethereum Auth RPC API."; }; port = mkOption { type = types.port; default = 8551; description = lib.mdDoc "Port number of Go Ethereum Auth RPC API."; }; vhosts = mkOption { type = types.nullOr (types.listOf types.str); default = ["localhost"]; description = lib.mdDoc "List of virtual hostnames from which to accept requests."; example = ["localhost" "geth.example.org"]; }; jwtsecret = mkOption { type = types.str; default = ""; description = lib.mdDoc "Path to a JWT secret for authenticated RPC endpoint."; example = "/var/run/geth/jwtsecret"; }; }; metrics = { enable = lib.mkEnableOption "Go Ethereum prometheus metrics"; address = mkOption { Loading Loading @@ -136,7 +165,10 @@ in cfg.package ]) eachGeth); systemd.services = mapAttrs' (gethName: cfg: ( systemd.services = mapAttrs' (gethName: cfg: let stateDir = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}"; dataDir = "/var/lib/${stateDir}"; in ( nameValuePair "geth-${gethName}" (mkIf cfg.enable { description = "Go Ethereum node (${gethName})"; wantedBy = [ "multi-user.target" ]; Loading @@ -145,7 +177,7 @@ in serviceConfig = { DynamicUser = true; Restart = "always"; StateDirectory = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}"; StateDirectory = stateDir; # Hardening measures PrivateTmp = "true"; Loading @@ -169,8 +201,10 @@ in ${if cfg.websocket.enable then ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}'' else ""} \ ${optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \ ${optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \ --authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \ ${if (cfg.authrpc.jwtsecret != "") then ''--authrpc.jwtsecret ${cfg.authrpc.jwtsecret}'' else ''--authrpc.jwtsecret ${dataDir}/geth/jwtsecret''} \ ${lib.escapeShellArgs cfg.extraArgs} \ --datadir /var/lib/goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network} --datadir ${dataDir} ''; }))) eachGeth; Loading
