nixpkgs/nixos/modules/services/networking/namecoind.nix

200 lines
5.1 KiB
Nix
Raw Normal View History

2015-09-08 17:24:40 +00:00
{ config, lib, pkgs, ... }:
with lib;
let
2017-01-18 18:53:11 +00:00
cfg = config.services.namecoind;
dataDir = "/var/lib/namecoind";
useSSL = (cfg.rpc.certificate != null) && (cfg.rpc.key != null);
useRPC = (cfg.rpc.user != null) && (cfg.rpc.password != null);
2015-09-08 17:24:40 +00:00
2017-01-18 18:53:11 +00:00
listToConf = option: list:
concatMapStrings (value :"${option}=${value}\n") list;
configFile = pkgs.writeText "namecoin.conf" (''
2015-09-08 17:24:40 +00:00
server=1
daemon=0
txindex=1
txprevcache=1
2017-01-18 18:53:11 +00:00
walletpath=${cfg.wallet}
gen=${if cfg.generate then "1" else "0"}
${listToConf "addnode" cfg.extraNodes}
${listToConf "connect" cfg.trustedNodes}
'' + optionalString useRPC ''
rpcbind=${cfg.rpc.address}
rpcport=${toString cfg.rpc.port}
rpcuser=${cfg.rpc.user}
rpcpassword=${cfg.rpc.password}
${listToConf "rpcallowip" cfg.rpc.allowFrom}
'' + optionalString useSSL ''
rpcssl=1
rpcsslcertificatechainfile=${cfg.rpc.certificate}
rpcsslprivatekeyfile=${cfg.rpc.key}
rpcsslciphers=TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH
'');
2015-09-08 17:24:40 +00:00
in
{
###### interface
options = {
services.namecoind = {
enable = mkEnableOption (lib.mdDoc "namecoind, Namecoin client");
2017-01-18 18:53:11 +00:00
wallet = mkOption {
type = types.path;
default = "${dataDir}/wallet.dat";
description = lib.mdDoc ''
2017-01-18 18:53:11 +00:00
Wallet file. The ownership of the file has to be
namecoin:namecoin, and the permissions must be 0640.
'';
};
generate = mkOption {
2015-09-08 17:24:40 +00:00
type = types.bool;
default = false;
description = lib.mdDoc ''
2017-01-18 18:53:11 +00:00
Whether to generate (mine) Namecoins.
2015-09-08 17:24:40 +00:00
'';
};
2017-01-18 18:53:11 +00:00
extraNodes = mkOption {
type = types.listOf types.str;
default = [ ];
description = lib.mdDoc ''
2017-01-18 18:53:11 +00:00
List of additional peer IP addresses to connect to.
2015-09-08 17:24:40 +00:00
'';
};
2017-01-18 18:53:11 +00:00
trustedNodes = mkOption {
type = types.listOf types.str;
default = [ ];
description = lib.mdDoc ''
2017-01-18 18:53:11 +00:00
List of the only peer IP addresses to connect to. If specified
no other connection will be made.
'';
};
rpc.user = mkOption {
type = types.nullOr types.str;
2015-09-08 17:24:40 +00:00
default = null;
description = lib.mdDoc ''
2017-01-18 18:53:11 +00:00
User name for RPC connections.
2015-09-08 17:24:40 +00:00
'';
};
2017-01-18 18:53:11 +00:00
rpc.password = mkOption {
type = types.nullOr types.str;
2017-01-18 18:53:11 +00:00
default = null;
description = lib.mdDoc ''
2017-01-18 18:53:11 +00:00
Password for RPC connections.
2015-09-08 17:24:40 +00:00
'';
};
2017-01-18 18:53:11 +00:00
rpc.address = mkOption {
type = types.str;
default = "0.0.0.0";
description = lib.mdDoc ''
2017-01-18 18:53:11 +00:00
IP address the RPC server will bind to.
'';
};
rpc.port = mkOption {
2021-06-18 15:27:42 +00:00
type = types.port;
2017-01-18 18:53:11 +00:00
default = 8332;
description = lib.mdDoc ''
2017-01-18 18:53:11 +00:00
Port the RPC server will bind to.
'';
};
rpc.certificate = mkOption {
2015-09-08 17:24:40 +00:00
type = types.nullOr types.path;
default = null;
2017-01-18 18:53:11 +00:00
example = "/var/lib/namecoind/server.cert";
description = lib.mdDoc ''
2015-09-08 17:24:40 +00:00
Certificate file for securing RPC connections.
'';
};
2017-01-18 18:53:11 +00:00
rpc.key = mkOption {
2015-09-08 17:24:40 +00:00
type = types.nullOr types.path;
default = null;
2017-01-18 18:53:11 +00:00
example = "/var/lib/namecoind/server.pem";
description = lib.mdDoc ''
2015-09-08 17:24:40 +00:00
Key file for securing RPC connections.
'';
};
2017-01-18 18:53:11 +00:00
rpc.allowFrom = mkOption {
type = types.listOf types.str;
default = [ "127.0.0.1" ];
description = lib.mdDoc ''
2017-01-18 18:53:11 +00:00
List of IP address ranges allowed to use the RPC API.
Wiledcards (*) can be user to specify a range.
'';
};
2015-09-08 17:24:40 +00:00
};
};
###### implementation
config = mkIf cfg.enable {
users.users.namecoin = {
2017-01-18 18:53:11 +00:00
uid = config.ids.uids.namecoin;
description = "Namecoin daemon user";
home = dataDir;
createHome = true;
};
2015-09-08 17:24:40 +00:00
users.groups.namecoin = {
2017-01-18 18:53:11 +00:00
gid = config.ids.gids.namecoin;
};
2015-09-08 17:24:40 +00:00
systemd.services.namecoind = {
2017-01-18 18:53:11 +00:00
description = "Namecoind daemon";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
startLimitIntervalSec = 120;
startLimitBurst = 5;
2017-01-18 18:53:11 +00:00
serviceConfig = {
User = "namecoin";
2017-09-15 21:08:53 +00:00
Group = "namecoin";
ExecStart = "${pkgs.namecoind}/bin/namecoind -conf=${configFile} -datadir=${dataDir} -printtoconsole";
2017-01-18 18:53:11 +00:00
ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
Nice = "10";
PrivateTmp = true;
TimeoutStopSec = "60s";
TimeoutStartSec = "2s";
Restart = "always";
};
preStart = optionalString (cfg.wallet != "${dataDir}/wallet.dat") ''
# check wallet file permissions
if [ "$(stat --printf '%u' ${cfg.wallet})" != "${toString config.ids.uids.namecoin}" \
-o "$(stat --printf '%g' ${cfg.wallet})" != "${toString config.ids.gids.namecoin}" \
-o "$(stat --printf '%a' ${cfg.wallet})" != "640" ]; then
echo "ERROR: bad ownership or rights on ${cfg.wallet}" >&2
exit 1
fi
'';
2015-09-08 17:24:40 +00:00
};
};
2019-12-04 16:07:45 +00:00
meta.maintainers = with lib.maintainers; [ rnhmjoj ];
2015-09-08 17:24:40 +00:00
}