nixos/modules/services/networking/wasabibackend.nix at 21.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / networking / wasabibackend.nix
at 21.11-pre 5.2 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3let
  4  cfg = config.services.wasabibackend;
  5
  6  inherit (lib) mkEnableOption mkIf mkOption optionalAttrs optionalString types;
  7
  8  confOptions = {
  9      BitcoinRpcConnectionString = "${cfg.rpc.user}:${cfg.rpc.password}";
 10  } // optionalAttrs (cfg.network == "mainnet") {
 11      Network = "Main";
 12      MainNetBitcoinP2pEndPoint = "${cfg.endpoint.ip}:${toString cfg.endpoint.port}";
 13      MainNetBitcoinCoreRpcEndPoint = "${cfg.rpc.ip}:${toString cfg.rpc.port}";
 14  } // optionalAttrs (cfg.network == "testnet") {
 15      Network = "TestNet";
 16      TestNetBitcoinP2pEndPoint = "${cfg.endpoint.ip}:${toString cfg.endpoint.port}";
 17      TestNetBitcoinCoreRpcEndPoint = "${cfg.rpc.ip}:${toString cfg.rpc.port}";
 18  } // optionalAttrs (cfg.network == "regtest") {
 19      Network = "RegTest";
 20      RegTestBitcoinP2pEndPoint = "${cfg.endpoint.ip}:${toString cfg.endpoint.port}";
 21      RegTestBitcoinCoreRpcEndPoint = "${cfg.rpc.ip}:${toString cfg.rpc.port}";
 22  };
 23
 24  configFile = pkgs.writeText "wasabibackend.conf" (builtins.toJSON confOptions);
 25
 26in {
 27
 28  options = {
 29
 30    services.wasabibackend = {
 31      enable = mkEnableOption "Wasabi backend service";
 32
 33      dataDir = mkOption {
 34        type = types.path;
 35        default = "/var/lib/wasabibackend";
 36        description = "The data directory for the Wasabi backend node.";
 37      };
 38
 39      customConfigFile = mkOption {
 40        type = types.nullOr types.path;
 41        default = null;
 42        description = "Defines the path to a custom configuration file that is copied to the user's directory. Overrides any config options.";
 43      };
 44
 45      network = mkOption {
 46        type = types.enum [ "mainnet" "testnet" "regtest" ];
 47        default = "mainnet";
 48        description = "The network to use for the Wasabi backend service.";
 49      };
 50
 51      endpoint = {
 52        ip = mkOption {
 53          type = types.str;
 54          default = "127.0.0.1";
 55          description = "IP address for P2P connection to bitcoind.";
 56        };
 57
 58        port = mkOption {
 59          type = types.port;
 60          default = 8333;
 61          description = "Port for P2P connection to bitcoind.";
 62        };
 63      };
 64
 65      rpc = {
 66        ip = mkOption {
 67          type = types.str;
 68          default = "127.0.0.1";
 69          description = "IP address for RPC connection to bitcoind.";
 70        };
 71
 72        port = mkOption {
 73          type = types.port;
 74          default = 8332;
 75          description = "Port for RPC connection to bitcoind.";
 76        };
 77
 78        user = mkOption {
 79          type = types.str;
 80          default = "bitcoin";
 81          description = "RPC user for the bitcoin endpoint.";
 82        };
 83
 84        password = mkOption {
 85          type = types.str;
 86          default = "password";
 87          description = "RPC password for the bitcoin endpoint. Warning: this is stored in cleartext in the Nix store! Use <literal>configFile</literal> or <literal>passwordFile</literal> if needed.";
 88        };
 89
 90        passwordFile = mkOption {
 91          type = types.nullOr types.path;
 92          default = null;
 93          description = "File that contains the password of the RPC user.";
 94        };
 95      };
 96
 97      user = mkOption {
 98        type = types.str;
 99        default = "wasabibackend";
100        description = "The user as which to run the wasabibackend node.";
101      };
102
103      group = mkOption {
104        type = types.str;
105        default = cfg.user;
106        description = "The group as which to run the wasabibackend node.";
107      };
108    };
109  };
110
111  config = mkIf cfg.enable {
112
113    systemd.tmpfiles.rules = [
114      "d '${cfg.dataDir}' 0770 '${cfg.user}' '${cfg.group}' - -"
115    ];
116
117    systemd.services.wasabibackend = {
118      description = "wasabibackend server";
119      wantedBy = [ "multi-user.target" ];
120      after = [ "network-online.target" ];
121      environment = {
122        DOTNET_PRINT_TELEMETRY_MESSAGE = "false";
123        DOTNET_CLI_TELEMETRY_OPTOUT = "true";
124      };
125      preStart = ''
126        mkdir -p ${cfg.dataDir}/.walletwasabi/backend
127        ${if cfg.customConfigFile != null then ''
128          cp -v ${cfg.customConfigFile} ${cfg.dataDir}/.walletwasabi/backend/Config.json
129        '' else ''
130          cp -v ${configFile} ${cfg.dataDir}/.walletwasabi/backend/Config.json
131          ${optionalString (cfg.rpc.passwordFile != null) ''
132            CONFIGTMP=$(mktemp)
133            cat ${cfg.dataDir}/.walletwasabi/backend/Config.json | ${pkgs.jq}/bin/jq --arg rpconnection "${cfg.rpc.user}:$(cat "${cfg.rpc.passwordFile}")" '. + { BitcoinRpcConnectionString: $rpconnection }' > $CONFIGTMP
134            mv $CONFIGTMP ${cfg.dataDir}/.walletwasabi/backend/Config.json
135          ''}
136        ''}
137        chmod ug+w ${cfg.dataDir}/.walletwasabi/backend/Config.json
138      '';
139      serviceConfig = {
140        User = cfg.user;
141        Group = cfg.group;
142        ExecStart = "${pkgs.wasabibackend}/bin/WasabiBackend";
143        ProtectSystem = "full";
144      };
145    };
146
147    users.users.${cfg.user} = {
148      name = cfg.user;
149      group = cfg.group;
150      description = "wasabibackend daemon user";
151      home = cfg.dataDir;
152      isSystemUser = true;
153    };
154
155    users.groups.${cfg.group} = {};
156
157  };
158}