···
openFirewall = mkOption {
52
-
description = "Opens port in firewall for fedimintd's p2p port";
52
+
description = "Opens port in firewall for fedimintd's p2p port (both TCP and UDP)";
57
-
description = "Port to bind on for p2p connections from peers";
57
+
description = "Port to bind on for p2p connections from peers (both TCP and UDP)";
62
-
description = "Address to bind on for p2p connections from peers";
62
+
description = "Address to bind on for p2p connections from peers (both TCP and UDP)";
65
+
type = types.nullOr types.str;
example = "fedimint://p2p.myfedimint.com:8173";
68
-
Public address for p2p connections from peers
68
+
Public address for p2p connections from peers (if TCP is used)
openFirewall = mkOption {
76
-
description = "Opens port in firewall for fedimintd's api port";
76
+
description = "Opens TCP port in firewall for fedimintd's Websocket API";
81
-
description = "Port to bind on for API connections relied by the reverse proxy/tls terminator.";
81
+
description = "TCP Port to bind on for API connections relayed by the reverse proxy/tls terminator.";
···
description = "Address to bind on for API connections relied by the reverse proxy/tls terminator.";
89
+
type = types.nullOr types.str;
Public URL of the API address of the reverse proxy/tls terminator. Usually starting with `wss://`.
96
+
openFirewall = mkOption {
99
+
description = "Opens UDP port in firewall for fedimintd's API Iroh endpoint";
104
+
description = "UDP Port to bind Iroh endpoint for API connections";
108
+
default = "0.0.0.0";
109
+
description = "Address to bind on for Iroh endpoint for API connections";
113
+
openFirewall = mkOption {
116
+
description = "Opens TCP port in firewall for built-in UI";
121
+
description = "TCP Port to bind on for UI connections";
125
+
default = "127.0.0.1";
126
+
description = "Address to bind on for UI connections";
···
example = "api.myfedimint.com";
description = "Public domain of the API address of the reverse proxy/tls terminator.";
196
+
path_ui = mkOption {
200
+
description = "Path to host the built-in UI on and forward to the daemon's api port";
202
+
path_ws = mkOption {
···
networking.firewall.allowedTCPPorts = concatLists (
200
-
(lib.optional cfg.api.openFirewall cfg.api.port ++ lib.optional cfg.p2p.openFirewall cfg.p2p.port)
241
+
lib.optional cfg.api_ws.openFirewall cfg.api_ws.port
242
+
++ lib.optional cfg.p2p.openFirewall cfg.p2p.port
243
+
++ lib.optional cfg.ui.openFirewall cfg.ui.port
248
+
networking.firewall.allowedUDPPorts = concatLists (
250
+
fedimintdName: cfg:
252
+
lib.optional cfg.api_iroh.openFirewall cfg.api_iroh.port
253
+
++ lib.optional cfg.p2p.openFirewall cfg.p2p.port
···
(nameValuePair "fedimintd-${fedimintdName}" (
208
-
startScript = pkgs.writeShellScript "fedimintd-start" (
262
+
startScript = pkgs.writeShellScriptBin "fedimintd" (
if cfg.bitcoin.rpc.secretFile != null then
212
-
secret=$(${pkgs.coreutils}/bin/head -n 1 "${cfg.bitcoin.rpc.secretFile}")
213
-
prefix="''${FM_BITCOIN_RPC_URL%*@*}" # Everything before the last '@'
214
-
suffix="''${FM_BITCOIN_RPC_URL##*@}" # Everything after the last '@'
215
-
FM_BITCOIN_RPC_URL="''${prefix}:''${secret}@''${suffix}"
266
+
>&2 echo "Setting FM_FORCE_BITCOIN_RPC_URL using password from ${cfg.bitcoin.rpc.secretFile}"
267
+
secret=$(${pkgs.coreutils}/bin/head -n 1 "${cfg.bitcoin.rpc.secretFile}" || exit 1)
268
+
export FM_FORCE_BITCOIN_RPC_URL=$(echo "$FM_BITCOIN_RPC_URL" | sed "s|^\(\w\+://[^@]\+\)\(@.*\)|\1:''${secret}\2|")
···
environment = lib.mkMerge [
FM_BIND_P2P = "${cfg.p2p.bind}:${toString cfg.p2p.port}";
232
-
FM_BIND_API = "${cfg.api.bind}:${toString cfg.api.port}";
233
-
FM_P2P_URL = cfg.p2p.url;
234
-
FM_API_URL = cfg.api.url;
285
+
FM_BIND_API_WS = "${cfg.api_ws.bind}:${toString cfg.api_ws.port}";
286
+
FM_BIND_API_IROH = "${cfg.api_iroh.bind}:${toString cfg.api_iroh.port}";
287
+
FM_BIND_UI = "${cfg.ui.bind}:${toString cfg.ui.port}";
FM_DATA_DIR = cfg.dataDir;
FM_BITCOIN_NETWORK = cfg.bitcoin.network;
FM_BITCOIN_RPC_URL = cfg.bitcoin.rpc.url;
FM_BITCOIN_RPC_KIND = cfg.bitcoin.rpc.kind;
294
+
(lib.optionalAttrs (cfg.p2p.url != null) {
295
+
FM_P2P_URL = cfg.p2p.url;
298
+
(lib.optionalAttrs (cfg.api_ws.url != null) {
299
+
FM_API_URL = cfg.api_ws.url;
···
StateDirectory = "fedimintd-${fedimintdName}";
StateDirectoryMode = "0700";
247
-
ExecStart = startScript;
309
+
ExecStart = "${startScript}/bin/fedimintd";
···
RestrictAddressFamilies = [
RestrictNamespaces = true;
337
+
SocketBindAllow = "udp:${builtins.toString cfg.api_iroh.port}";
SystemCallArchitectures = "native";
···
# overridden by default value from vhost-options.nix
enableACME = mkOverride 99 true;
forceSSL = mkOverride 99 true;
295
-
locations.${cfg.nginx.path} = {
296
-
proxyPass = "http://127.0.0.1:${toString cfg.api.port}/";
359
+
locations.${cfg.nginx.path_ws} = {
360
+
proxyPass = "http://127.0.0.1:${builtins.toString cfg.api_ws.port}/";
363
+
proxy_pass_header Authorization;
366
+
locations.${cfg.nginx.path_ui} = {
367
+
proxyPass = "http://127.0.0.1:${builtins.toString cfg.ui.port}/";
proxy_pass_header Authorization;
pyrox.dev