BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

namecoind: refactor nixos module

Browse source
This commit is contained in:
rnhmjoj 2017-01-18 19:53:11 +01:00 committed by Joachim F
parent 50f1d8d2fa
commit a3ff62d48c
1 changed files with 134 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

215
nixos/modules/services/networking/namecoind.nix
View file

@ -3,25 +3,35 @@
with lib; with lib;
let let
cfg = config.services.namecoind; cfg = config.services.namecoind;
dataDir = "/var/lib/namecoind";
useSSL = (cfg.rpc.certificate != null) && (cfg.rpc.key != null);
useRPC = (cfg.rpc.user != null) && (cfg.rpc.password != null);
namecoinConf = listToConf = option: list:
let concatMapStrings (value :"${option}=${value}\n") list;
useSSL = (cfg.rpcCertificate != null) && (cfg.rpcKey != null);
in configFile = pkgs.writeText "namecoin.conf" (''
pkgs.writeText "namecoin.conf" ''
server=1 server=1
daemon=0 daemon=0
rpcallowip=127.0.0.1
walletpath=${cfg.wallet}
gen=${if cfg.generate then "1" else "0"}
rpcssl=${if useSSL then "1" else "0"}
${optionalString useSSL "rpcsslcertificatechainfile=${cfg.rpcCertificate}"}
${optionalString useSSL "rpcsslprivatekeyfile=${cfg.rpcKey}"}
${optionalString useSSL "rpcsslciphers=TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH"}
txindex=1 txindex=1
txprevcache=1 txprevcache=1
''; walletpath=${cfg.wallet}
gen=${if cfg.generate then "1" else "0"}
${listToConf "addnode" cfg.extraNodes}
${listToConf "connect" cfg.trustedNodes}
'' + optionalString useRPC ''
rpcbind=${cfg.rpc.address}
rpcport=${toString cfg.rpc.port}
rpcuser=${cfg.rpc.user}
rpcpassword=${cfg.rpc.password}
${listToConf "rpcallowip" cfg.rpc.allowFrom}
'' + optionalString useSSL ''
rpcssl=1
rpcsslcertificatechainfile=${cfg.rpc.certificate}
rpcsslprivatekeyfile=${cfg.rpc.key}
rpcsslciphers=TLSv1.2+HIGH:TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!3DES:@STRENGTH
'');
in in
@ -33,40 +43,17 @@ in
services.namecoind = { services.namecoind = {
enable = mkOption { enable = mkEnableOption "namecoind, Namecoin client.";
type = types.bool;
default = false;
description = ''
Whether to run namecoind.
'';
};
wallet = mkOption { wallet = mkOption {
type = types.path; type = types.path;
example = "/etc/namecoin/wallet.dat"; default = "${dataDir}/wallet.dat";
description = '' description = ''
Wallet file. The ownership of the file has to be Wallet file. The ownership of the file has to be
namecoin:namecoin, and the permissions must be 0640. namecoin:namecoin, and the permissions must be 0640.
''; '';
}; };
userFile = mkOption {
type = types.nullOr types.path;
default = null;
example = "/etc/namecoin/user";
description = ''
File containing the user name and user password to
authenticate RPC connections to namecoind.
The content of the file is of the form:
<literal>
USER=namecoin
PASSWORD=secret
</literal>
The ownership of the file has to be namecoin:namecoin,
and the permissions must be 0640.
'';
};
generate = mkOption { generate = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -75,24 +62,83 @@ in
''; '';
}; };
rpcCertificate = mkOption { extraNodes = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
List of additional peer IP addresses to connect to.
'';
};
trustedNodes = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
List of the only peer IP addresses to connect to. If specified
no other connection will be made.
'';
};
rpc.user = mkOption {
type = types.nullOr types.str;
default = null;
description = ''
User name for RPC connections.
'';
};
rpc.password = mkOption {
type = types.str;
default = null;
description = ''
Password for RPC connections.
'';
};
rpc.address = mkOption {
type = types.str;
default = "0.0.0.0";
description = ''
IP address the RPC server will bind to.
'';
};
rpc.port = mkOption {
type = types.int;
default = 8332;
description = ''
Port the RPC server will bind to.
'';
};
rpc.certificate = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
example = "/etc/namecoin/server.cert"; example = "/var/lib/namecoind/server.cert";
description = '' description = ''
Certificate file for securing RPC connections. Certificate file for securing RPC connections.
''; '';
}; };
rpcKey = mkOption { rpc.key = mkOption {
type = types.nullOr types.path; type = types.nullOr types.path;
default = null; default = null;
example = "/etc/namecoin/server.pem"; example = "/var/lib/namecoind/server.pem";
description = '' description = ''
Key file for securing RPC connections. Key file for securing RPC connections.
''; '';
}; };
rpc.allowFrom = mkOption {
type = types.listOf types.str;
default = [ "127.0.0.1" ];
description = ''
List of IP address ranges allowed to use the RPC API.
Wiledcards (*) can be user to specify a range.
'';
};
}; };
}; };
@ -102,47 +148,54 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
users.extraUsers = singleton services.dnschain.extraConfig = ''
{ name = "namecoin"; [namecoin]
uid = config.ids.uids.namecoin; config = ${configFile}
description = "Namecoin daemon user"; '';
home = "/var/lib/namecoin";
createHome = true;
};
users.extraGroups = singleton users.extraUsers = singleton {
{ name = "namecoin"; name = "namecoin";
gid = config.ids.gids.namecoin; uid = config.ids.uids.namecoin;
}; description = "Namecoin daemon user";
home = dataDir;
createHome = true;
};
users.extraGroups = singleton {
name = "namecoin";
gid = config.ids.gids.namecoin;
};
systemd.services.namecoind = { systemd.services.namecoind = {
description = "Namecoind Daemon"; description = "Namecoind daemon";
after = [ "network.target" ]; after = [ "network.target" ];
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
preStart = ''
if [ "$(stat --printf '%u' ${cfg.userFile})" != "${toString config.ids.uids.namecoin}" \ serviceConfig = {
-o "$(stat --printf '%g' ${cfg.userFile})" != "${toString config.ids.gids.namecoin}" \ User = "namecoin";
-o "$(stat --printf '%a' ${cfg.userFile})" != "640" ]; then Griup = "namecoin";
echo "ERROR: bad ownership or rights on ${cfg.userFile}" >&2 ExecStart = "${pkgs.altcoins.namecoind}/bin/namecoind -conf=${configFile} -datadir=${dataDir} -printtoconsole";
exit 1 ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID";
fi ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
if [ "$(stat --printf '%u' ${cfg.wallet})" != "${toString config.ids.uids.namecoin}" \ Nice = "10";
-o "$(stat --printf '%g' ${cfg.wallet})" != "${toString config.ids.gids.namecoin}" \ PrivateTmp = true;
-o "$(stat --printf '%a' ${cfg.wallet})" != "640" ]; then TimeoutStopSec = "60s";
echo "ERROR: bad ownership or rights on ${cfg.wallet}" >&2 TimeoutStartSec = "2s";
exit 1 Restart = "always";
fi StartLimitInterval = "120s";
''; StartLimitBurst = "5";
serviceConfig = { };
Type = "simple";
User = "namecoin"; preStart = optionalString (cfg.wallet != "${dataDir}/wallet.dat") ''
EnvironmentFile = cfg.userFile; # check wallet file permissions
ExecStart = "${pkgs.altcoins.namecoind}/bin/namecoind -conf=${namecoinConf} -rpcuser=\${USER} -rpcpassword=\${PASSWORD} -printtoconsole"; if [ "$(stat --printf '%u' ${cfg.wallet})" != "${toString config.ids.uids.namecoin}" \
ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID"; -o "$(stat --printf '%g' ${cfg.wallet})" != "${toString config.ids.gids.namecoin}" \
ExecStop = "${pkgs.coreutils}/bin/kill -KILL $MAINPID"; -o "$(stat --printf '%a' ${cfg.wallet})" != "640" ]; then
StandardOutput = "null"; echo "ERROR: bad ownership or rights on ${cfg.wallet}" >&2
Nice = "10"; exit 1
}; fi
'';
}; };
}; };