···
+
cfg = config.services.namecoind;
+
dataDir = "/var/lib/namecoind";
+
useSSL = (cfg.rpc.certificate != null) && (cfg.rpc.key != null);
+
useRPC = (cfg.rpc.user != null) && (cfg.rpc.password != null);
+
listToConf = option: list:
+
concatMapStrings (value :"${option}=${value}\n") list;
+
configFile = pkgs.writeText "namecoin.conf" (''
gen=${if cfg.generate then "1" else "0"}
+
${listToConf "addnode" cfg.extraNodes}
+
${listToConf "connect" cfg.trustedNodes}
+
'' + optionalString useRPC ''
+
rpcbind=${cfg.rpc.address}
+
rpcport=${toString cfg.rpc.port}
+
rpcuser=${cfg.rpc.user}
+
rpcpassword=${cfg.rpc.password}
+
${listToConf "rpcallowip" cfg.rpc.allowFrom}
+
'' + optionalString useSSL ''
+
rpcsslcertificatechainfile=${cfg.rpc.certificate}
+
rpcsslprivatekeyfile=${cfg.rpc.key}
+
rpcsslciphers=TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH
···
+
enable = mkEnableOption "namecoind, Namecoin client.";
+
default = "${dataDir}/wallet.dat";
+
Wallet file. The ownership of the file has to be
+
namecoin:namecoin, and the permissions must be 0640.
+
Whether to generate (mine) Namecoins.
+
extraNodes = mkOption {
+
type = types.listOf types.str;
+
List of additional peer IP addresses to connect to.
+
trustedNodes = mkOption {
+
type = types.listOf types.str;
+
List of the only peer IP addresses to connect to. If specified
+
no other connection will be made.
+
type = types.nullOr types.str;
+
User name for RPC connections.
+
rpc.password = mkOption {
+
Password for RPC connections.
+
rpc.address = mkOption {
+
IP address the RPC server will bind to.
+
Port the RPC server will bind to.
+
rpc.certificate = mkOption {
type = types.nullOr types.path;
+
example = "/var/lib/namecoind/server.cert";
Certificate file for securing RPC connections.
type = types.nullOr types.path;
+
example = "/var/lib/namecoind/server.pem";
Key file for securing RPC connections.
+
rpc.allowFrom = mkOption {
+
type = types.listOf types.str;
+
default = [ "127.0.0.1" ];
+
List of IP address ranges allowed to use the RPC API.
+
Wiledcards (*) can be user to specify a range.
···
config = mkIf cfg.enable {
+
services.dnschain.extraConfig = ''
+
users.extraUsers = singleton {
+
uid = config.ids.uids.namecoin;
+
description = "Namecoin daemon user";
+
users.extraGroups = singleton {
+
gid = config.ids.gids.namecoin;
+
systemd.services.namecoind = {
+
description = "Namecoind daemon";
+
after = [ "network.target" ];
+
wantedBy = [ "multi-user.target" ];
+
ExecStart = "${pkgs.altcoins.namecoind}/bin/namecoind -conf=${configFile} -datadir=${dataDir} -printtoconsole";
+
ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
+
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+
TimeoutStopSec = "60s";
+
TimeoutStartSec = "2s";
+
StartLimitInterval = "120s";
+
preStart = optionalString (cfg.wallet != "${dataDir}/wallet.dat") ''
+
# check wallet file permissions
+
if [ "$(stat --printf '%u' ${cfg.wallet})" != "${toString config.ids.uids.namecoin}" \
+
-o "$(stat --printf '%g' ${cfg.wallet})" != "${toString config.ids.gids.namecoin}" \
+
-o "$(stat --printf '%a' ${cfg.wallet})" != "640" ]; then
+
echo "ERROR: bad ownership or rights on ${cfg.wallet}" >&2
pyrox.dev