mio-ops/profiles/cardano-node.nix

94 lines
2.3 KiB
Nix
Raw Normal View History

2020-05-13 04:59:08 +00:00
# NixOps configuration for the hosts running a Cardano node
2022-03-07 14:26:15 +00:00
{
config,
inputs,
2022-03-07 14:26:15 +00:00
pkgs,
lib,
...
}: let
cardanoNodeProject = import (inputs.cardano-node + "/nix") {
gitrev = inputs.cardano-node.rev;
2021-11-16 04:57:23 +00:00
};
in {
age.secrets = {
cardano-kes = {
file = ../secrets/cardano/cardano-kes.age;
path = "/run/keys/cardano-kes";
owner = "cardano-node";
group = "cardano-node";
mode = "0600";
};
cardano-opcert = {
file = ../secrets/cardano/cardano-opcert.age;
path = "/run/keys/cardano-opcert";
owner = "cardano-node";
group = "cardano-node";
mode = "0600";
};
cardano-vrf = {
file = ../secrets/cardano/cardano-vrf.age;
path = "/run/keys/cardano-vrf";
owner = "cardano-node";
group = "cardano-node";
mode = "0600";
};
};
#imports = [../secrets/cardano/producers.nix];
2020-05-13 04:59:08 +00:00
environment.systemPackages = [inputs.cardano-node.packages.${pkgs.system}.cardano-cli];
2020-05-13 04:59:08 +00:00
services = {
cardano-node = {
enable = true;
2020-07-30 03:01:37 +00:00
environment = "mainnet";
2020-05-13 04:59:08 +00:00
hostAddr = "0.0.0.0";
2022-03-07 14:26:15 +00:00
nodeConfig =
inputs.cardano-node.environments.x86_64-linux.mainnet
2022-03-07 14:26:15 +00:00
// {
Protocol = "Cardano";
2022-03-07 14:26:15 +00:00
hasPrometheus = ["127.0.0.1" 12798];
setupScribes = [
{
scKind = "JournalSK";
scName = "cardano";
scFormat = "ScText";
}
];
defaultScribes = [["JournalSK" "cardano"]];
};
kesKey = "${config.age.secrets.cardano-kes.path}";
vrfKey = "${config.age.secrets.cardano-vrf.path}";
operationalCertificate = "${config.age.secrets.cardano-opcert.path}";
2020-05-13 04:59:08 +00:00
};
};
systemd = {
services = {
cardano-node = {
# Ensure cardano-node starts after nixops keys are loaded
after = [
"cardano-kes-key.service"
"cardano-opcert-key.service"
"cardano-vrf-key.service"
];
wants = [
"cardano-kes-key.service"
"cardano-opcert-key.service"
"cardano-vrf-key.service"
];
};
};
};
2020-05-13 04:59:08 +00:00
networking = {
firewall = {
allowedTCPPorts = [
2021-11-16 04:57:23 +00:00
3001 # cardano-node
2020-05-13 04:59:08 +00:00
];
};
};
2022-03-07 14:26:15 +00:00
users.groups.keys.members = ["cardano-node"]; # Required due to NixOps issue #1204
2020-05-13 04:59:08 +00:00
}