# NixOps configuration for the hosts running a Cardano node { config, pkgs, lib, ... }: let sources = import ../nix/sources.nix; cardanoNodeProject = import sources.cardano-node {}; in { imports = [ ../secrets/cardano.nix "${sources.cardano-node}/nix/nixos" ]; environment.systemPackages = [ cardanoNodeProject.cardano-cli ]; services = { cardano-node = { enable = true; environment = "ff"; hostAddr = "0.0.0.0"; topology = builtins.toFile "topology.json" (builtins.toJSON { Producers = [ { addr = "172.105.184.221"; port = 3001; valency = 1; } ]; }); nodeConfig = config.services.cardano-node.environments.alpha1.nodeConfig // { hasPrometheus = [ "127.0.0.1" 12798 ]; setupScribes = [{ scKind = "JournalSK"; scName = "cardano"; scFormat = "ScText"; }]; defaultScribes = [ [ "JournalSK" "cardano" ] ]; }; kesKey = "/run/keys/cardano-kes"; vrfKey = "/run/keys/cardano-vrf"; operationalCertificate = "/run/keys/cardano-opcert"; }; }; networking = { firewall = { allowedTCPPorts = [ 3001 # cardano-node ]; }; }; users.groups.keys.members = [ "cardano-node" ]; # Required due to NixOps issue #1204 }