From 9c341e1ba305508553b9a277b66723081d256ef7 Mon Sep 17 00:00:00 2001 From: happysalada Date: Sat, 5 Nov 2022 00:16:56 -0400 Subject: [PATCH] erigon: init module --- nixos/modules/module-list.nix | 1 + .../services/blockchain/ethereum/erigon.nix | 105 ++++++++++++++++++ 2 files changed, 106 insertions(+) create mode 100644 nixos/modules/services/blockchain/ethereum/erigon.nix diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index fac882b4150..cffd73cd8b1 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -319,6 +319,7 @@ ./services/backup/zfs-replication.nix ./services/backup/znapzend.nix ./services/blockchain/ethereum/geth.nix + ./services/blockchain/ethereum/erigon.nix ./services/backup/zrepl.nix ./services/cluster/corosync/default.nix ./services/cluster/hadoop/default.nix diff --git a/nixos/modules/services/blockchain/ethereum/erigon.nix b/nixos/modules/services/blockchain/ethereum/erigon.nix new file mode 100644 index 00000000000..16277473097 --- /dev/null +++ b/nixos/modules/services/blockchain/ethereum/erigon.nix @@ -0,0 +1,105 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + + cfg = config.services.erigon; + + settingsFormat = pkgs.formats.toml { }; + configFile = settingsFormat.generate "config.toml" cfg.settings; +in { + + options = { + services.erigon = { + enable = mkEnableOption (lib.mdDoc "Ethereum implementation on the efficiency frontier"); + + settings = mkOption { + description = lib.mdDoc '' + Configuration for Erigon + Refer to for details on supported values. + ''; + + type = settingsFormat.type; + + example = { + datadir = "/var/lib/erigon"; + chain = "mainnet"; + http = true; + "http.port" = 8545; + "http.api" = ["eth" "debug" "net" "trace" "web3" "erigon"]; + ws = true; + port = 30303; + "authrpc.port" = 8551; + "torrent.port" = 42069; + "private.api.addr" = "localhost:9090"; + "log.console.verbosity" = 3; # info + }; + + defaultText = literalExpression '' + { + datadir = "/var/lib/erigon"; + chain = "mainnet"; + http = true; + "http.port" = 8545; + "http.api" = ["eth" "debug" "net" "trace" "web3" "erigon"]; + ws = true; + port = 30303; + "authrpc.port" = 8551; + "torrent.port" = 42069; + "private.api.addr" = "localhost:9090"; + "log.console.verbosity" = 3; # info + } + ''; + }; + }; + }; + + config = mkIf cfg.enable { + # Default values are the same as in the binary, they are just written here for convenience. + services.erigon.settings = { + datadir = mkDefault "/var/lib/erigon"; + chain = mkDefault "mainnet"; + http = mkDefault true; + "http.port" = mkDefault 8545; + "http.api" = mkDefault ["eth" "debug" "net" "trace" "web3" "erigon"]; + ws = mkDefault true; + port = mkDefault 30303; + "authrpc.port" = mkDefault 8551; + "torrent.port" = mkDefault 42069; + "private.api.addr" = mkDefault "localhost:9090"; + "log.console.verbosity" = mkDefault 3; # info + }; + + systemd.services.erigon = { + description = "Erigon ethereum implemenntation"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + + serviceConfig = { + ExecStart = "${pkgs.erigon}/bin/erigon --config ${configFile}"; + Restart = "on-failure"; + StateDirectory = "erigon"; + CapabilityBoundingSet = ""; + DynamicUser = true; + NoNewPrivileges = true; + PrivateTmp = true; + ProtectHome = true; + ProtectClock = true; + ProtectProc = "noaccess"; + ProcSubset = "pid"; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectControlGroups = true; + ProtectHostname = true; + RestrictSUIDSGID = true; + RestrictRealtime = true; + RestrictNamespaces = true; + LockPersonality = true; + RemoveIPC = true; + RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; + SystemCallFilter = [ "@system-service" "~@privileged" ]; + }; + }; + }; +}