mio-ops/profiles/cardano-node.nix

70 lines
1.6 KiB
Nix

# NixOps configuration for the hosts running a Cardano node
{
config,
pkgs,
lib,
cardano-node,
iohkNix,
...
}: let
cardanoNodeProject = import (cardano-node + "/nix") {
gitrev = cardano-node.rev;
};
in {
imports = [../secrets/cardano/producers.nix "${cardano-node.cardano-node}/nix/nixos"];
environment.systemPackages = [cardanoNodeProject.cardano-cli];
services = {
cardano-node = {
enable = true;
environment = "mainnet";
hostAddr = "0.0.0.0";
nodeConfig =
iohkNix.cardanoLib.environments.mainnet.nodeConfig
// {
hasPrometheus = ["127.0.0.1" 12798];
setupScribes = [
{
scKind = "JournalSK";
scName = "cardano";
scFormat = "ScText";
}
];
defaultScribes = [["JournalSK" "cardano"]];
};
kesKey = "/run/keys/cardano-kes";
vrfKey = "/run/keys/cardano-vrf";
operationalCertificate = "/run/keys/cardano-opcert";
};
};
systemd = {
services = {
cardano-node = {
# Ensure cardano-node starts after nixops keys are loaded
after = [
"cardano-kes-key.service"
"cardano-opcert-key.service"
"cardano-vrf-key.service"
];
wants = [
"cardano-kes-key.service"
"cardano-opcert-key.service"
"cardano-vrf-key.service"
];
};
};
};
networking = {
firewall = {
allowedTCPPorts = [
3001 # cardano-node
];
};
};
users.groups.keys.members = ["cardano-node"]; # Required due to NixOps issue #1204
}