# NixOps configuration for the hosts running a Cardano node { config, pkgs, lib, ... }: let sources = import ../nix/sources.nix; cardanoNodeProject = import sources.cardano-node {}; in { imports = [ ../secrets/cardano.nix ../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos" ]; environment.systemPackages = [ cardanoNodeProject.cardano-cli ]; services = { cardano-node = { enable = true; environment = "mainnet"; hostAddr = "0.0.0.0"; nodeConfig = config.services.cardano-node.environments.mainnet.nodeConfig // { hasPrometheus = [ "127.0.0.1" 12798 ]; setupScribes = [{ scKind = "JournalSK"; scName = "cardano"; scFormat = "ScText"; }]; defaultScribes = [ [ "JournalSK" "cardano" ] ]; }; kesKey = "/run/keys/cardano-kes"; vrfKey = "/run/keys/cardano-vrf"; operationalCertificate = "/run/keys/cardano-opcert"; }; }; networking = { firewall = { allowedTCPPorts = [ 3001 # cardano-node ]; }; }; users.groups.keys.members = [ "cardano-node" ]; # Required due to NixOps issue #1204 }