mio-ops/profiles/cardano-node.nix

# NixOps configuration for the hosts running a Cardano node
{
  config,
  inputs,
  pkgs,
  lib,
  ...
}: let
  cardanoNodeProject = import (inputs.cardano-node + "/nix") {
    gitrev = inputs.cardano-node.rev;
  };
in {
  age.secrets = {
    cardano-kes = {
      file = ../secrets/cardano/cardano-kes.age;
      path = "/run/keys/cardano-kes";
      owner = "cardano-node";
      group = "cardano-node";
      mode = "0600";
    };
    cardano-opcert = {
      file = ../secrets/cardano/cardano-opcert.age;
      path = "/run/keys/cardano-opcert";
      owner = "cardano-node";
      group = "cardano-node";
      mode = "0600";
    };
    cardano-vrf = {
      file = ../secrets/cardano/cardano-vrf.age;
      path = "/run/keys/cardano-vrf";
      owner = "cardano-node";
      group = "cardano-node";
      mode = "0600";
    };
  };

  #imports = [../secrets/cardano/producers.nix];

  environment.systemPackages = [inputs.cardano-node.packages.${pkgs.system}.cardano-cli];

  services = {
    cardano-node = {
      enable = true;
      environment = "mainnet";
      hostAddr = "0.0.0.0";
      nodeConfig =
        inputs.cardano-node.environments.x86_64-linux.mainnet
        // {
          Protocol = "Cardano";
          hasPrometheus = ["127.0.0.1" 12798];
          setupScribes = [
            {
              scKind = "JournalSK";
              scName = "cardano";
              scFormat = "ScText";
            }
          ];
          defaultScribes = [["JournalSK" "cardano"]];
        };
      kesKey = "${config.age.secrets.cardano-kes.path}";
      vrfKey = "${config.age.secrets.cardano-vrf.path}";
      operationalCertificate = "${config.age.secrets.cardano-opcert.path}";
    };
  };

  systemd = {
    services = {
      cardano-node = {
        # Ensure cardano-node starts after nixops keys are loaded
        after = [
          "cardano-kes-key.service"
          "cardano-opcert-key.service"
          "cardano-vrf-key.service"
        ];
        wants = [
          "cardano-kes-key.service"
          "cardano-opcert-key.service"
          "cardano-vrf-key.service"
        ];
      };
    };
  };

  networking = {
    firewall = {
      allowedTCPPorts = [
        3001 # cardano-node
      ];
    };
  };

  users.groups.keys.members = ["cardano-node"]; # Required due to NixOps issue #1204
}
Initial commit 2020-05-13 04:59:08 +00:00			`# NixOps configuration for the hosts running a Cardano node`
treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`{`
			`config,`
chore(cardano-node): convert to using flake 2024-08-25 14:57:23 +00:00			`inputs,`
treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`pkgs,`
			`lib,`
			`...`
			`}: let`
chore(cardano-node): convert to using flake 2024-08-25 14:57:23 +00:00			`cardanoNodeProject = import (inputs.cardano-node + "/nix") {`
			`gitrev = inputs.cardano-node.rev;`
nix: nixfmt 2021-11-16 04:57:23 +00:00			`};`
			`in {`
chore(cardano-node): convert to using flake 2024-08-25 14:57:23 +00:00			`age.secrets = {`
			`cardano-kes = {`
			`file = ../secrets/cardano/cardano-kes.age;`
			`path = "/run/keys/cardano-kes";`
			`owner = "cardano-node";`
			`group = "cardano-node";`
			`mode = "0600";`
			`};`
			`cardano-opcert = {`
			`file = ../secrets/cardano/cardano-opcert.age;`
			`path = "/run/keys/cardano-opcert";`
			`owner = "cardano-node";`
			`group = "cardano-node";`
			`mode = "0600";`
			`};`
			`cardano-vrf = {`
			`file = ../secrets/cardano/cardano-vrf.age;`
			`path = "/run/keys/cardano-vrf";`
			`owner = "cardano-node";`
			`group = "cardano-node";`
			`mode = "0600";`
			`};`
			`};`

			`#imports = [../secrets/cardano/producers.nix];`
Initial commit 2020-05-13 04:59:08 +00:00
chore(cardano-node): convert to using flake 2024-08-25 14:57:23 +00:00			`environment.systemPackages = [inputs.cardano-node.packages.${pkgs.system}.cardano-cli];`
Initial commit 2020-05-13 04:59:08 +00:00
			`services = {`
			`cardano-node = {`
			`enable = true;`
Bumped to mainnet in the Shelley era 2020-07-30 03:01:37 +00:00			`environment = "mainnet";`
Initial commit 2020-05-13 04:59:08 +00:00			`hostAddr = "0.0.0.0";`
treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`nodeConfig =`
chore(cardano-node): convert to using flake 2024-08-25 14:57:23 +00:00			`inputs.cardano-node.environments.x86_64-linux.mainnet`
treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`// {`
chore(cardano-node): convert to using flake 2024-08-25 14:57:23 +00:00			`Protocol = "Cardano";`
treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`hasPrometheus = ["127.0.0.1" 12798];`
			`setupScribes = [`
			`{`
			`scKind = "JournalSK";`
			`scName = "cardano";`
			`scFormat = "ScText";`
			`}`
			`];`
			`defaultScribes = [["JournalSK" "cardano"]];`
			`};`
chore(cardano-node): convert to using flake 2024-08-25 14:57:23 +00:00			`kesKey = "${config.age.secrets.cardano-kes.path}";`
			`vrfKey = "${config.age.secrets.cardano-vrf.path}";`
			`operationalCertificate = "${config.age.secrets.cardano-opcert.path}";`
Initial commit 2020-05-13 04:59:08 +00:00			`};`
			`};`

cardano-node: ensure service starts after nixops keys are loaded 2022-08-16 04:35:24 +00:00			`systemd = {`
			`services = {`
			`cardano-node = {`
			`# Ensure cardano-node starts after nixops keys are loaded`
			`after = [`
			`"cardano-kes-key.service"`
			`"cardano-opcert-key.service"`
			`"cardano-vrf-key.service"`
			`];`
			`wants = [`
			`"cardano-kes-key.service"`
			`"cardano-opcert-key.service"`
			`"cardano-vrf-key.service"`
			`];`
			`};`
			`};`
			`};`

Initial commit 2020-05-13 04:59:08 +00:00			`networking = {`
			`firewall = {`
			`allowedTCPPorts = [`
nix: nixfmt 2021-11-16 04:57:23 +00:00			`3001 # cardano-node`
Initial commit 2020-05-13 04:59:08 +00:00			`];`
			`};`
			`};`

treefmt: formatted all nix files 2022-03-07 14:26:15 +00:00			`users.groups.keys.members = ["cardano-node"]; # Required due to NixOps issue #1204`
Initial commit 2020-05-13 04:59:08 +00:00			`}`