movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-14 05:29:20 +03:00
Code Issues Projects Releases Packages Wiki Activity
nixpkgs/nixos/modules/services/networking/quorum.nix

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

251 lines
7.8 KiB
Nix
Raw Normal View History

treewide: set defaultText for options using simple path defaults adds defaultText for all options that set their default to a path expression using the ubiquitous `cfg` shortcut bindings.
2021-12-05 20:40:24 +01:00
{
config,
options,
pkgs,
lib,
...
}:
nixos/quorum: init
2020-03-22 17:26:55 +01:00
let
nixos/doc: clean up defaults and examples
2021-10-03 18:06:03 +02:00
inherit (lib)
mkEnableOption
mkIf
mkOption
literalExpression
types
optionalString
;
nixos/quorum: init
2020-03-22 17:26:55 +01:00
cfg = config.services.quorum;
treewide: set defaultText for options using simple path defaults adds defaultText for all options that set their default to a path expression using the ubiquitous `cfg` shortcut bindings.
2021-12-05 20:40:24 +01:00
opt = options.services.quorum;
nixos/quorum: init
2020-03-22 17:26:55 +01:00
dataDir = "/var/lib/quorum";
genesisFile = pkgs.writeText "genesis.json" (builtins.toJSON cfg.genesis);
staticNodesFile = pkgs.writeText "static-nodes.json" (builtins.toJSON cfg.staticNodes);
in
{
options = {
services.quorum = {
enable = mkEnableOption "Quorum blockchain daemon";
user = mkOption {
type = types.str;
default = "quorum";
description = "The user as which to run quorum.";
};
group = mkOption {
type = types.str;
default = cfg.user;
treewide: set defaultText for options using simple path defaults adds defaultText for all options that set their default to a path expression using the ubiquitous `cfg` shortcut bindings.
2021-12-05 20:40:24 +01:00
defaultText = literalExpression "config.${opt.user}";
nixos/quorum: init
2020-03-22 17:26:55 +01:00
description = "The group as which to run quorum.";
};
port = mkOption {
type = types.port;
default = 21000;
description = "Override the default port on which to listen for connections.";
};
nodekeyFile = mkOption {
type = types.path;
default = "${dataDir}/nodekey";
description = "Path to the nodekey.";
};
staticNodes = mkOption {
type = types.listOf types.str;
default = [ ];
example = [
"enode://dd333ec28f0a8910c92eb4d336461eea1c20803eed9cf2c056557f986e720f8e693605bba2f4e8f289b1162e5ac7c80c914c7178130711e393ca76abc1d92f57@0.0.0.0:30303?discport=0"
];
description = "List of validator nodes.";
};
privateconfig = mkOption {
type = types.str;
default = "ignore";
description = "Configuration of privacy transaction manager.";
};
syncmode = mkOption {
type = types.enum [
"fast"
"full"
"light"
];
default = "full";
description = "Blockchain sync mode.";
};
blockperiod = mkOption {
type = types.int;
default = 5;
description = "Default minimum difference between two consecutive block's timestamps in seconds.";
};
permissioned = mkOption {
type = types.bool;
default = true;
description = "Allow only a defined list of nodes to connect.";
};
rpc = {
enable = mkOption {
type = types.bool;
default = true;
description = "Enable RPC interface.";
};
address = mkOption {
type = types.str;
default = "0.0.0.0";
description = "Listening address for RPC connections.";
};
port = mkOption {
type = types.port;
default = 22004;
description = "Override the default port on which to listen for RPC connections.";
};
api = mkOption {
type = types.str;
default = "admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul";
description = "API's offered over the HTTP-RPC interface.";
};
};
ws = {
enable = mkOption {
type = types.bool;
default = true;
description = "Enable WS-RPC interface.";
};
address = mkOption {
type = types.str;
default = "0.0.0.0";
description = "Listening address for WS-RPC connections.";
};
port = mkOption {
type = types.port;
default = 8546;
description = "Override the default port on which to listen for WS-RPC connections.";
};
api = mkOption {
type = types.str;
default = "admin,db,eth,debug,miner,net,shh,txpool,personal,web3,quorum,istanbul";
description = "API's offered over the WS-RPC interface.";
};
origins = mkOption {
type = types.str;
default = "*";
description = "Origins from which to accept websockets requests";
};
};
genesis = mkOption {
type = types.nullOr types.attrs;
default = null;
nixos/doc: clean up defaults and examples
2021-10-03 18:06:03 +02:00
example = literalExpression ''
{
nixos/quorum: init
2020-03-22 17:26:55 +01:00
alloc = {
a47385db68718bdcbddc2d2bb7c54018066ec111 = {
balance = "1000000000000000000000000000";
};
treewide: format all inactive Nix files After final improvements to the official formatter implementation, this commit now performs the first treewide reformat of Nix files using it. This is part of the implementation of RFC 166. Only "inactive" files are reformatted, meaning only files that aren't being touched by any PR with activity in the past 2 months. This is to avoid conflicts for PRs that might soon be merged. Later we can do a full treewide reformat to get the rest, which should not cause as many conflicts. A CI check has already been running for some time to ensure that new and already-formatted files are formatted, so the files being reformatted here should also stay formatted. This commit was automatically created and can be verified using nix-build https://github.com/infinisil/treewide-nixpkgs-reformat-script/archive/a08b3a4d199c6124ac5b36a889d9099b4383463f.tar.gz \ --argstr baseRev 57b193d8ddeaf4f5219d2bae1d23b081e4906e57 result/bin/apply-formatting $NIXPKGS_PATH
2024-12-10 20:27:17 +01:00
};
nixos/quorum: init
2020-03-22 17:26:55 +01:00
coinbase = "0x0000000000000000000000000000000000000000";
config = {
byzantiumBlock = 4;
chainId = 494702925;
eip150Block = 2;
eip155Block = 3;
eip158Block = 3;
homesteadBlock = 1;
isQuorum = true;
istanbul = {
epoch = 30000;
policy = 0;
};
};
difficulty = "0x1";
extraData = "0x0000000000000000000000000000000000000000000000000000000000000000f85ad59438f0508111273d8e482f49410ca4078afc86a961b8410000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c0";
gasLimit = "0x2FEFD800";
mixHash = "0x63746963616c2062797a616e74696e65201111756c7420746f6c6572616e6365";
nonce = "0x0";
parentHash = "0x0000000000000000000000000000000000000000000000000000000000000000";
timestamp = "0x00";
}'';
description = "Blockchain genesis settings.";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.quorum ];
systemd.tmpfiles.rules = [
"d '${dataDir}' 0770 '${cfg.user}' '${cfg.group}' - -"
];
systemd.services.quorum = {
description = "Quorum daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
environment = {
PRIVATE_CONFIG = "${cfg.privateconfig}";
};
preStart = ''
if [ ! -d ${dataDir}/geth ]; then
if [ ! -d ${dataDir}/keystore ]; then
echo ERROR: You need to create a wallet before initializing your genesis file, run:
echo # su -s /bin/sh - quorum
echo $ geth --datadir ${dataDir} account new
echo and configure your genesis file accordingly.
exit 1;
fi
ln -s ${staticNodesFile} ${dataDir}/static-nodes.json
${pkgs.quorum}/bin/geth --datadir ${dataDir} init ${genesisFile}
fi
'';
serviceConfig = {
User = cfg.user;
Group = cfg.group;
ExecStart = ''
${pkgs.quorum}/bin/geth \
--nodiscover \
--verbosity 5 \
--nodekey ${cfg.nodekeyFile} \
--istanbul.blockperiod ${toString cfg.blockperiod} \
--syncmode ${cfg.syncmode} \
${optionalString (cfg.permissioned) "--permissioned"} \
nixos/quorum: update geth flags - upstream commit changing ws args: https://github.com/Consensys/quorum/commit/c989bca173681f4462985cec2d30616aa0774edd - upstream commit changing minerthreads arg: https://github.com/Consensys/quorum/commit/f0998415ba9a73f0add32f9b5aed2aec98b9a7f3
2024-09-11 13:25:32 +03:00
--mine --miner.threads 1 \
nixos/quorum: init
2020-03-22 17:26:55 +01:00
${optionalString (cfg.rpc.enable) "--rpc --rpcaddr ${cfg.rpc.address} --rpcport ${toString cfg.rpc.port} --rpcapi ${cfg.rpc.api}"} \
nixos/quorum: update geth flags - upstream commit changing ws args: https://github.com/Consensys/quorum/commit/c989bca173681f4462985cec2d30616aa0774edd - upstream commit changing minerthreads arg: https://github.com/Consensys/quorum/commit/f0998415ba9a73f0add32f9b5aed2aec98b9a7f3
2024-09-11 13:25:32 +03:00
${optionalString (cfg.ws.enable) "--ws --ws.addr ${cfg.ws.address} --ws.port ${toString cfg.ws.port} --ws.api ${cfg.ws.api} --ws.origins ${cfg.ws.origins}"} \
nixos/quorum: init
2020-03-22 17:26:55 +01:00
--emitcheckpoints \
--datadir ${dataDir} \
--port ${toString cfg.port}'';
Restart = "on-failure";
# Hardening measures
PrivateTmp = "true";
ProtectSystem = "full";
NoNewPrivileges = "true";
PrivateDevices = "true";
MemoryDenyWriteExecute = "true";
};
};
users.users.${cfg.user} = {
name = cfg.user;
group = cfg.group;
description = "Quorum daemon user";
home = dataDir;
isSystemUser = true;
};
users.groups.${cfg.group} = { };
};
}
Reference in a new issue Copy permalink