pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / networking / wasabibackend.nix
at 25.11-pre 5.5 kB view raw
1{ 2 config, 3 lib, 4 options, 5 pkgs, 6 ... 7}: 8 9let 10 cfg = config.services.wasabibackend; 11 opt = options.services.wasabibackend; 12 13 inherit (lib) 14 literalExpression 15 mkEnableOption 16 mkIf 17 mkOption 18 optionalAttrs 19 optionalString 20 types 21 ; 22 23 confOptions = 24 { 25 BitcoinRpcConnectionString = "${cfg.rpc.user}:${cfg.rpc.password}"; 26 } 27 // optionalAttrs (cfg.network == "mainnet") { 28 Network = "Main"; 29 MainNetBitcoinP2pEndPoint = "${cfg.endpoint.ip}:${toString cfg.endpoint.port}"; 30 MainNetBitcoinCoreRpcEndPoint = "${cfg.rpc.ip}:${toString cfg.rpc.port}"; 31 } 32 // optionalAttrs (cfg.network == "testnet") { 33 Network = "TestNet"; 34 TestNetBitcoinP2pEndPoint = "${cfg.endpoint.ip}:${toString cfg.endpoint.port}"; 35 TestNetBitcoinCoreRpcEndPoint = "${cfg.rpc.ip}:${toString cfg.rpc.port}"; 36 } 37 // optionalAttrs (cfg.network == "regtest") { 38 Network = "RegTest"; 39 RegTestBitcoinP2pEndPoint = "${cfg.endpoint.ip}:${toString cfg.endpoint.port}"; 40 RegTestBitcoinCoreRpcEndPoint = "${cfg.rpc.ip}:${toString cfg.rpc.port}"; 41 }; 42 43 configFile = pkgs.writeText "wasabibackend.conf" (builtins.toJSON confOptions); 44 45in 46{ 47 48 options = { 49 50 services.wasabibackend = { 51 enable = mkEnableOption "Wasabi backend service"; 52 53 dataDir = mkOption { 54 type = types.path; 55 default = "/var/lib/wasabibackend"; 56 description = "The data directory for the Wasabi backend node."; 57 }; 58 59 customConfigFile = mkOption { 60 type = types.nullOr types.path; 61 default = null; 62 description = "Defines the path to a custom configuration file that is copied to the user's directory. Overrides any config options."; 63 }; 64 65 network = mkOption { 66 type = types.enum [ 67 "mainnet" 68 "testnet" 69 "regtest" 70 ]; 71 default = "mainnet"; 72 description = "The network to use for the Wasabi backend service."; 73 }; 74 75 endpoint = { 76 ip = mkOption { 77 type = types.str; 78 default = "127.0.0.1"; 79 description = "IP address for P2P connection to bitcoind."; 80 }; 81 82 port = mkOption { 83 type = types.port; 84 default = 8333; 85 description = "Port for P2P connection to bitcoind."; 86 }; 87 }; 88 89 rpc = { 90 ip = mkOption { 91 type = types.str; 92 default = "127.0.0.1"; 93 description = "IP address for RPC connection to bitcoind."; 94 }; 95 96 port = mkOption { 97 type = types.port; 98 default = 8332; 99 description = "Port for RPC connection to bitcoind."; 100 }; 101 102 user = mkOption { 103 type = types.str; 104 default = "bitcoin"; 105 description = "RPC user for the bitcoin endpoint."; 106 }; 107 108 password = mkOption { 109 type = types.str; 110 default = "password"; 111 description = "RPC password for the bitcoin endpoint. Warning: this is stored in cleartext in the Nix store! Use `configFile` or `passwordFile` if needed."; 112 }; 113 114 passwordFile = mkOption { 115 type = types.nullOr types.path; 116 default = null; 117 description = "File that contains the password of the RPC user."; 118 }; 119 }; 120 121 user = mkOption { 122 type = types.str; 123 default = "wasabibackend"; 124 description = "The user as which to run the wasabibackend node."; 125 }; 126 127 group = mkOption { 128 type = types.str; 129 default = cfg.user; 130 defaultText = literalExpression "config.${opt.user}"; 131 description = "The group as which to run the wasabibackend node."; 132 }; 133 }; 134 }; 135 136 config = mkIf cfg.enable { 137 138 systemd.tmpfiles.rules = [ 139 "d '${cfg.dataDir}' 0770 '${cfg.user}' '${cfg.group}' - -" 140 ]; 141 142 systemd.services.wasabibackend = { 143 description = "wasabibackend server"; 144 wantedBy = [ "multi-user.target" ]; 145 wants = [ "network-online.target" ]; 146 after = [ "network-online.target" ]; 147 environment = { 148 DOTNET_PRINT_TELEMETRY_MESSAGE = "false"; 149 DOTNET_CLI_TELEMETRY_OPTOUT = "true"; 150 }; 151 preStart = '' 152 mkdir -p ${cfg.dataDir}/.walletwasabi/backend 153 ${ 154 if cfg.customConfigFile != null then 155 '' 156 cp -v ${cfg.customConfigFile} ${cfg.dataDir}/.walletwasabi/backend/Config.json 157 '' 158 else 159 '' 160 cp -v ${configFile} ${cfg.dataDir}/.walletwasabi/backend/Config.json 161 ${optionalString (cfg.rpc.passwordFile != null) '' 162 CONFIGTMP=$(mktemp) 163 cat ${cfg.dataDir}/.walletwasabi/backend/Config.json | ${pkgs.jq}/bin/jq --arg rpconnection "${cfg.rpc.user}:$(cat "${cfg.rpc.passwordFile}")" '. + { BitcoinRpcConnectionString: $rpconnection }' > $CONFIGTMP 164 mv $CONFIGTMP ${cfg.dataDir}/.walletwasabi/backend/Config.json 165 ''} 166 '' 167 } 168 chmod ug+w ${cfg.dataDir}/.walletwasabi/backend/Config.json 169 ''; 170 serviceConfig = { 171 User = cfg.user; 172 Group = cfg.group; 173 ExecStart = "${pkgs.wasabibackend}/bin/WasabiBackend"; 174 ProtectSystem = "full"; 175 }; 176 }; 177 178 users.users.${cfg.user} = { 179 name = cfg.user; 180 group = cfg.group; 181 description = "wasabibackend daemon user"; 182 home = cfg.dataDir; 183 isSystemUser = true; 184 }; 185 186 users.groups.${cfg.group} = { }; 187 188 }; 189}