diff options
Diffstat (limited to 'nixos/modules/services/networking/namecoind.nix')
| -rw-r--r-- | nixos/modules/services/networking/namecoind.nix | 211 |
1 files changed, 132 insertions, 79 deletions
diff --git a/nixos/modules/services/networking/namecoind.nix b/nixos/modules/services/networking/namecoind.nix index 83fc1ec66679..9df9f67cde83 100644 --- a/nixos/modules/services/networking/namecoind.nix +++ b/nixos/modules/services/networking/namecoind.nix @@ -3,25 +3,35 @@ with lib; let - cfg = config.services.namecoind; + cfg = config.services.namecoind; + dataDir = "/var/lib/namecoind"; + useSSL = (cfg.rpc.certificate != null) && (cfg.rpc.key != null); + useRPC = (cfg.rpc.user != null) && (cfg.rpc.password != null); - namecoinConf = - let - useSSL = (cfg.rpcCertificate != null) && (cfg.rpcKey != null); - in - pkgs.writeText "namecoin.conf" '' + listToConf = option: list: + concatMapStrings (value :"${option}=${value}\n") list; + + configFile = pkgs.writeText "namecoin.conf" ('' server=1 daemon=0 - rpcallowip=127.0.0.1 - walletpath=${cfg.wallet} - gen=${if cfg.generate then "1" else "0"} - rpcssl=${if useSSL then "1" else "0"} - ${optionalString useSSL "rpcsslcertificatechainfile=${cfg.rpcCertificate}"} - ${optionalString useSSL "rpcsslprivatekeyfile=${cfg.rpcKey}"} - ${optionalString useSSL "rpcsslciphers=TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH"} txindex=1 txprevcache=1 - ''; + walletpath=${cfg.wallet} + gen=${if cfg.generate then "1" else "0"} + ${listToConf "addnode" cfg.extraNodes} + ${listToConf "connect" cfg.trustedNodes} + '' + optionalString useRPC '' + rpcbind=${cfg.rpc.address} + rpcport=${toString cfg.rpc.port} + rpcuser=${cfg.rpc.user} + rpcpassword=${cfg.rpc.password} + ${listToConf "rpcallowip" cfg.rpc.allowFrom} + '' + optionalString useSSL '' + rpcssl=1 + rpcsslcertificatechainfile=${cfg.rpc.certificate} + rpcsslprivatekeyfile=${cfg.rpc.key} + rpcsslciphers=TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH + ''); in @@ -33,66 +43,102 @@ in services.namecoind = { - enable = mkOption { + enable = mkEnableOption "namecoind, Namecoin client."; + + wallet = mkOption { + type = types.path; + default = "${dataDir}/wallet.dat"; + description = '' + Wallet file. The ownership of the file has to be + namecoin:namecoin, and the permissions must be 0640. + ''; + }; + + generate = mkOption { type = types.bool; default = false; description = '' - Whether to run namecoind. + Whether to generate (mine) Namecoins. ''; }; - wallet = mkOption { - type = types.path; - example = "/etc/namecoin/wallet.dat"; + extraNodes = mkOption { + type = types.listOf types.str; + default = [ ]; description = '' - Wallet file. The ownership of the file has to be - namecoin:namecoin, and the permissions must be 0640. + List of additional peer IP addresses to connect to. ''; }; - userFile = mkOption { - type = types.nullOr types.path; + trustedNodes = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + List of the only peer IP addresses to connect to. If specified + no other connection will be made. + ''; + }; + + rpc.user = mkOption { + type = types.nullOr types.str; default = null; - example = "/etc/namecoin/user"; description = '' - File containing the user name and user password to - authenticate RPC connections to namecoind. - The content of the file is of the form: - <literal> - USER=namecoin - PASSWORD=secret - </literal> - The ownership of the file has to be namecoin:namecoin, - and the permissions must be 0640. + User name for RPC connections. ''; }; - generate = mkOption { - type = types.bool; - default = false; + rpc.password = mkOption { + type = types.str; + default = null; description = '' - Whether to generate (mine) Namecoins. + Password for RPC connections. ''; }; - rpcCertificate = mkOption { + rpc.address = mkOption { + type = types.str; + default = "0.0.0.0"; + description = '' + IP address the RPC server will bind to. + ''; + }; + + rpc.port = mkOption { + type = types.int; + default = 8332; + description = '' + Port the RPC server will bind to. + ''; + }; + + rpc.certificate = mkOption { type = types.nullOr types.path; default = null; - example = "/etc/namecoin/server.cert"; + example = "/var/lib/namecoind/server.cert"; description = '' Certificate file for securing RPC connections. ''; }; - rpcKey = mkOption { + rpc.key = mkOption { type = types.nullOr types.path; default = null; - example = "/etc/namecoin/server.pem"; + example = "/var/lib/namecoind/server.pem"; description = '' Key file for securing RPC connections. ''; }; + + rpc.allowFrom = mkOption { + type = types.listOf types.str; + default = [ "127.0.0.1" ]; + description = '' + List of IP address ranges allowed to use the RPC API. + Wiledcards (*) can be user to specify a range. + ''; + }; + }; }; @@ -102,47 +148,54 @@ in config = mkIf cfg.enable { - users.extraUsers = singleton - { name = "namecoin"; - uid = config.ids.uids.namecoin; - description = "Namecoin daemon user"; - home = "/var/lib/namecoin"; - createHome = true; - }; + services.dnschain.extraConfig = '' + [namecoin] + config = ${configFile} + ''; + + users.extraUsers = singleton { + name = "namecoin"; + uid = config.ids.uids.namecoin; + description = "Namecoin daemon user"; + home = dataDir; + createHome = true; + }; - users.extraGroups = singleton - { name = "namecoin"; - gid = config.ids.gids.namecoin; - }; + users.extraGroups = singleton { + name = "namecoin"; + gid = config.ids.gids.namecoin; + }; systemd.services.namecoind = { - description = "Namecoind Daemon"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - preStart = '' - if [ "$(stat --printf '%u' ${cfg.userFile})" != "${toString config.ids.uids.namecoin}" \ - -o "$(stat --printf '%g' ${cfg.userFile})" != "${toString config.ids.gids.namecoin}" \ - -o "$(stat --printf '%a' ${cfg.userFile})" != "640" ]; then - echo "ERROR: bad ownership or rights on ${cfg.userFile}" >&2 - exit 1 - fi - if [ "$(stat --printf '%u' ${cfg.wallet})" != "${toString config.ids.uids.namecoin}" \ - -o "$(stat --printf '%g' ${cfg.wallet})" != "${toString config.ids.gids.namecoin}" \ - -o "$(stat --printf '%a' ${cfg.wallet})" != "640" ]; then - echo "ERROR: bad ownership or rights on ${cfg.wallet}" >&2 - exit 1 - fi - ''; - serviceConfig = { - Type = "simple"; - User = "namecoin"; - EnvironmentFile = cfg.userFile; - ExecStart = "${pkgs.altcoins.namecoind}/bin/namecoind -conf=${namecoinConf} -rpcuser=\${USER} -rpcpassword=\${PASSWORD} -printtoconsole"; - ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; - ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID"; - StandardOutput = "null"; - Nice = "10"; - }; + description = "Namecoind daemon"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + User = "namecoin"; + Griup = "namecoin"; + ExecStart = "${pkgs.altcoins.namecoind}/bin/namecoind -conf=${configFile} -datadir=${dataDir} -printtoconsole"; + ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID"; + ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; + Nice = "10"; + PrivateTmp = true; + TimeoutStopSec = "60s"; + TimeoutStartSec = "2s"; + Restart = "always"; + StartLimitInterval = "120s"; + StartLimitBurst = "5"; + }; + + preStart = optionalString (cfg.wallet != "${dataDir}/wallet.dat") '' + # check wallet file permissions + if [ "$(stat --printf '%u' ${cfg.wallet})" != "${toString config.ids.uids.namecoin}" \ + -o "$(stat --printf '%g' ${cfg.wallet})" != "${toString config.ids.gids.namecoin}" \ + -o "$(stat --printf '%a' ${cfg.wallet})" != "640" ]; then + echo "ERROR: bad ownership or rights on ${cfg.wallet}" >&2 + exit 1 + fi + ''; + }; }; |