mio-ops/profiles/cardano-node.nix

52 lines
1.2 KiB
Nix
Raw Normal View History

2020-05-13 04:59:08 +00:00
# NixOps configuration for the hosts running a Cardano node
{ config, pkgs, lib, ... }:
let
2020-05-14 09:50:34 +00:00
2020-05-13 04:59:08 +00:00
sources = import ../nix/sources.nix;
2021-11-16 04:57:23 +00:00
cardanoNodeProject = import (sources.cardano-node + "/nix") {
gitrev = sources.cardano-node.rev;
};
iohkNix = import (sources.iohk-nix) { };
2020-05-13 04:59:08 +00:00
2021-11-16 04:57:23 +00:00
in {
2020-05-13 04:59:08 +00:00
2021-11-16 04:57:23 +00:00
imports =
[ ../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos" ];
2020-05-14 09:50:34 +00:00
2021-11-16 04:57:23 +00:00
environment.systemPackages = [ cardanoNodeProject.cardano-cli ];
2020-05-13 04:59:08 +00:00
services = {
cardano-node = {
enable = true;
2020-07-30 03:01:37 +00:00
environment = "mainnet";
2020-05-13 04:59:08 +00:00
hostAddr = "0.0.0.0";
nodeConfig = iohkNix.cardanoLib.environments.mainnet.nodeConfig // {
2020-05-13 04:59:08 +00:00
hasPrometheus = [ "127.0.0.1" 12798 ];
setupScribes = [{
scKind = "JournalSK";
scName = "cardano";
scFormat = "ScText";
}];
2021-11-16 04:57:23 +00:00
defaultScribes = [[ "JournalSK" "cardano" ]];
2020-05-13 04:59:08 +00:00
};
2020-05-14 08:17:45 +00:00
kesKey = "/run/keys/cardano-kes";
vrfKey = "/run/keys/cardano-vrf";
operationalCertificate = "/run/keys/cardano-opcert";
2020-05-13 04:59:08 +00:00
};
};
networking = {
firewall = {
allowedTCPPorts = [
2021-11-16 04:57:23 +00:00
3001 # cardano-node
2020-05-13 04:59:08 +00:00
];
};
};
2021-11-16 04:57:23 +00:00
users.groups.keys.members =
[ "cardano-node" ]; # Required due to NixOps issue #1204
2020-05-14 09:50:34 +00:00
2020-05-13 04:59:08 +00:00
}