diff options
author | Jakub Sokołowski <jakub@status.im> | 2022-08-22 13:29:45 +0200 |
---|---|---|
committer | Jakub Sokołowski <jakub@status.im> | 2022-08-22 15:30:57 +0200 |
commit | 54b76185d8281a4b770979d06c84decd688108b0 (patch) | |
tree | 1dbd7fbf12bb4b74aeec0a94b92dead69f01b074 /nixos/modules/services/blockchain/ethereum/geth.nix | |
parent | 629ec1b38a27b08628cff24724fcf806ccda14e2 (diff) | |
download | nixpkgs-54b76185d8281a4b770979d06c84decd688108b0.tar nixpkgs-54b76185d8281a4b770979d06c84decd688108b0.tar.gz nixpkgs-54b76185d8281a4b770979d06c84decd688108b0.tar.bz2 nixpkgs-54b76185d8281a4b770979d06c84decd688108b0.tar.lz nixpkgs-54b76185d8281a4b770979d06c84decd688108b0.tar.xz nixpkgs-54b76185d8281a4b770979d06c84decd688108b0.tar.zst nixpkgs-54b76185d8281a4b770979d06c84decd688108b0.zip |
go-ethereum: add support for Auth RPC CLI flags
The split of Ethereum into Execution Layer and Consensus Layer adds a requirement for communication between execution client and consensus client using secur JWT tokens. In Geth this is configurable using the `--authrpc.*` CLI flags which are currently not exposed by this service. For more details read the following article: https://geth.ethereum.org/docs/interface/consensus-clients Signed-off-by: Jakub Sokołowski <jakub@status.im>
Diffstat (limited to 'nixos/modules/services/blockchain/ethereum/geth.nix')
-rw-r--r-- | nixos/modules/services/blockchain/ethereum/geth.nix | 40 |
1 files changed, 37 insertions, 3 deletions
diff --git a/nixos/modules/services/blockchain/ethereum/geth.nix b/nixos/modules/services/blockchain/ethereum/geth.nix index 4f045acd956..1d443d91d19 100644 --- a/nixos/modules/services/blockchain/ethereum/geth.nix +++ b/nixos/modules/services/blockchain/ethereum/geth.nix @@ -61,6 +61,35 @@ let }; }; + authrpc = { + enable = lib.mkEnableOption "Go Ethereum Auth RPC API"; + address = mkOption { + type = types.str; + default = "127.0.0.1"; + description = lib.mdDoc "Listen address of Go Ethereum Auth RPC API."; + }; + + port = mkOption { + type = types.port; + default = 8551; + description = lib.mdDoc "Port number of Go Ethereum Auth RPC API."; + }; + + vhosts = mkOption { + type = types.nullOr (types.listOf types.str); + default = ["localhost"]; + description = lib.mdDoc "List of virtual hostnames from which to accept requests."; + example = ["localhost" "geth.example.org"]; + }; + + jwtsecret = mkOption { + type = types.str; + default = ""; + description = lib.mdDoc "Path to a JWT secret for authenticated RPC endpoint."; + example = "/var/run/geth/jwtsecret"; + }; + }; + metrics = { enable = lib.mkEnableOption "Go Ethereum prometheus metrics"; address = mkOption { @@ -136,7 +165,10 @@ in cfg.package ]) eachGeth); - systemd.services = mapAttrs' (gethName: cfg: ( + systemd.services = mapAttrs' (gethName: cfg: let + stateDir = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}"; + dataDir = "/var/lib/${stateDir}"; + in ( nameValuePair "geth-${gethName}" (mkIf cfg.enable { description = "Go Ethereum node (${gethName})"; wantedBy = [ "multi-user.target" ]; @@ -145,7 +177,7 @@ in serviceConfig = { DynamicUser = true; Restart = "always"; - StateDirectory = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}"; + StateDirectory = stateDir; # Hardening measures PrivateTmp = "true"; @@ -169,8 +201,10 @@ in ${if cfg.websocket.enable then ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}'' else ""} \ ${optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \ ${optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \ + --authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \ + ${if (cfg.authrpc.jwtsecret != "") then ''--authrpc.jwtsecret ${cfg.authrpc.jwtsecret}'' else ''--authrpc.jwtsecret ${dataDir}/geth/jwtsecret''} \ ${lib.escapeShellArgs cfg.extraArgs} \ - --datadir /var/lib/goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network} + --datadir ${dataDir} ''; }))) eachGeth; |