lighthouse: add package option to service (#285005)

2025-02-27 14:34:33 +00:00 · 2024-11-01 09:23:02 +01:00 · 2024-11-01 09:23:02 +01:00 · 3becff6754
commit 3becff6754
parent 6715341f6a 6b5d6b760e
1 changed files with 37 additions and 18 deletions
--- a/nixos/modules/services/blockchain/ethereum/lighthouse.nix
+++ b/nixos/modules/services/blockchain/ethereum/lighthouse.nix
@ -1,14 +1,18 @@
-{ config, lib, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 let
-
  cfg = config.services.lighthouse;
-in {
-
+in
+{
  options = {
    services.lighthouse = {
      beacon = lib.mkOption {
        description = "Beacon node";
-        default = {};
+        default = { };
        type = lib.types.submodule {
          options = {
            enable = lib.mkEnableOption "Lightouse Beacon node";
@ -133,7 +137,7 @@ in {

      validator = lib.mkOption {
        description = "Validator node";
-        default = {};
+        default = { };
        type = lib.types.submodule {
          options = {
            enable = lib.mkOption {
@ -152,7 +156,7 @@ in {

            beaconNodes = lib.mkOption {
              type = lib.types.listOf lib.types.str;
-              default = ["http://localhost:5052"];
+              default = [ "http://localhost:5052" ];
              description = ''
                Beacon nodes to connect to.
              '';
@ -190,7 +194,13 @@ in {
      };

      network = lib.mkOption {
-        type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ];
+        type = lib.types.enum [
+          "mainnet"
+          "gnosis"
+          "chiado"
+          "sepolia"
+          "holesky"
+        ];
        default = "mainnet";
        description = ''
          The network to connect to. Mainnet is the default ethereum network.
@ -205,19 +215,19 @@ in {
        default = "";
        example = "";
      };
+
+      package = lib.mkPackageOption pkgs "lighthouse" { };
    };
  };

  config = lib.mkIf (cfg.beacon.enable || cfg.validator.enable) {
-
-    environment.systemPackages = [ pkgs.lighthouse ] ;
+    environment.systemPackages = [ cfg.package ];

    networking.firewall = lib.mkIf cfg.beacon.enable {
      allowedTCPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ];
      allowedUDPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ];
    };

-
    systemd.services.lighthouse-beacon = lib.mkIf cfg.beacon.enable {
      description = "Lighthouse beacon node (connect to P2P nodes and verify blocks)";
      wantedBy = [ "multi-user.target" ];
@ -227,7 +237,7 @@ in {
        # make sure the chain data directory is created on first run
        mkdir -p ${cfg.beacon.dataDir}/${cfg.network}

-        ${pkgs.lighthouse}/bin/lighthouse beacon_node \
+        ${lib.getExe cfg.package} beacon_node \
          --disable-upnp \
          ${lib.optionalString cfg.beacon.disableDepositContractSync "--disable-deposit-contract-sync"} \
          --port ${toString cfg.beacon.port} \
@ -236,8 +246,8 @@ in {
          --datadir ${cfg.beacon.dataDir}/${cfg.network} \
          --execution-endpoint http://${cfg.beacon.execution.address}:${toString cfg.beacon.execution.port} \
          --execution-jwt ''${CREDENTIALS_DIRECTORY}/LIGHTHOUSE_JWT \
-          ${lib.optionalString cfg.beacon.http.enable '' --http --http-address ${cfg.beacon.http.address} --http-port ${toString cfg.beacon.http.port}''} \
-          ${lib.optionalString cfg.beacon.metrics.enable '' --metrics --metrics-address ${cfg.beacon.metrics.address} --metrics-port ${toString cfg.beacon.metrics.port}''} \
+          ${lib.optionalString cfg.beacon.http.enable ''--http --http-address ${cfg.beacon.http.address} --http-port ${toString cfg.beacon.http.port}''} \
+          ${lib.optionalString cfg.beacon.metrics.enable ''--metrics --metrics-address ${cfg.beacon.metrics.address} --metrics-port ${toString cfg.beacon.metrics.port}''} \
          ${cfg.extraArgs} ${cfg.beacon.extraArgs}
      '';
      serviceConfig = {
@ -262,7 +272,10 @@ in {
        RestrictNamespaces = true;
        LockPersonality = true;
        RemoveIPC = true;
-        SystemCallFilter = [ "@system-service" "~@privileged" ];
+        SystemCallFilter = [
+          "@system-service"
+          "~@privileged"
+        ];
      };
    };

@ -275,7 +288,7 @@ in {
        # make sure the chain data directory is created on first run
        mkdir -p ${cfg.validator.dataDir}/${cfg.network}

-        ${pkgs.lighthouse}/bin/lighthouse validator_client \
+        ${lib.getExe cfg.package} validator_client \
          --network ${cfg.network} \
          --beacon-nodes ${lib.concatStringsSep "," cfg.validator.beaconNodes} \
          --datadir ${cfg.validator.dataDir}/${cfg.network} \
@ -305,8 +318,14 @@ in {
        RestrictNamespaces = true;
        LockPersonality = true;
        RemoveIPC = true;
-        RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
-        SystemCallFilter = [ "@system-service" "~@privileged" ];
+        RestrictAddressFamilies = [
+          "AF_INET"
+          "AF_INET6"
+        ];
+        SystemCallFilter = [
+          "@system-service"
+          "~@privileged"
+        ];
      };
    };
  };