Loading nixos/modules/services/blockchain/ethereum/lighthouse.nix +33 −16 Original line number Diff line number Diff line { config, lib, pkgs, ... }: { config, lib, pkgs, ... }: let cfg = config.services.lighthouse; in { in { options = { services.lighthouse = { beacon = lib.mkOption { Loading Loading @@ -190,7 +194,13 @@ in { }; network = lib.mkOption { type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; default = "mainnet"; description = '' The network to connect to. Mainnet is the default ethereum network. Loading @@ -216,7 +226,6 @@ in { }; config = lib.mkIf (cfg.beacon.enable || cfg.validator.enable) { environment.systemPackages = [ cfg.package ]; networking.firewall = lib.mkIf cfg.beacon.enable { Loading @@ -224,7 +233,6 @@ in { allowedUDPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; }; systemd.services.lighthouse-beacon = lib.mkIf cfg.beacon.enable { description = "Lighthouse beacon node (connect to P2P nodes and verify blocks)"; wantedBy = [ "multi-user.target" ]; Loading Loading @@ -269,7 +277,10 @@ in { RestrictNamespaces = true; LockPersonality = true; RemoveIPC = true; SystemCallFilter = [ "@system-service" "~@privileged" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; Loading Loading @@ -312,8 +323,14 @@ in { RestrictNamespaces = true; LockPersonality = true; RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; }; Loading Loading
nixos/modules/services/blockchain/ethereum/lighthouse.nix +33 −16 Original line number Diff line number Diff line { config, lib, pkgs, ... }: { config, lib, pkgs, ... }: let cfg = config.services.lighthouse; in { in { options = { services.lighthouse = { beacon = lib.mkOption { Loading Loading @@ -190,7 +194,13 @@ in { }; network = lib.mkOption { type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; default = "mainnet"; description = '' The network to connect to. Mainnet is the default ethereum network. Loading @@ -216,7 +226,6 @@ in { }; config = lib.mkIf (cfg.beacon.enable || cfg.validator.enable) { environment.systemPackages = [ cfg.package ]; networking.firewall = lib.mkIf cfg.beacon.enable { Loading @@ -224,7 +233,6 @@ in { allowedUDPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; }; systemd.services.lighthouse-beacon = lib.mkIf cfg.beacon.enable { description = "Lighthouse beacon node (connect to P2P nodes and verify blocks)"; wantedBy = [ "multi-user.target" ]; Loading Loading @@ -269,7 +277,10 @@ in { RestrictNamespaces = true; LockPersonality = true; RemoveIPC = true; SystemCallFilter = [ "@system-service" "~@privileged" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; Loading Loading @@ -312,8 +323,14 @@ in { RestrictNamespaces = true; LockPersonality = true; RemoveIPC = true; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; SystemCallFilter = [ "@system-service" "~@privileged" ]; }; }; }; Loading
