nixpkgs/nixos/modules/services/networking/ergo.nix

{ config, lib, pkgs, ... }:

let
  cfg = config.services.ergo;

  inherit (lib) mkEnableOption mkIf mkOption optionalString types;

  configFile = pkgs.writeText "ergo.conf" (''
ergo {
  directory = "${cfg.dataDir}"
  node {
    mining = false
  }
  wallet.secretStorage.secretDir = "${cfg.dataDir}/wallet/keystore"
}

scorex {
  network {
    bindAddress = "${cfg.listen.ip}:${toString cfg.listen.port}"
  }
'' + optionalString (cfg.api.keyHash != null) ''
 restApi {
    apiKeyHash = "${cfg.api.keyHash}"
    bindAddress = "${cfg.api.listen.ip}:${toString cfg.api.listen.port}"
 }
'' + ''
}
'');

in {

  options = {

    services.ergo = {
      enable = mkEnableOption "Ergo service";

      dataDir = mkOption {
        type = types.path;
        default = "/var/lib/ergo";
        description = "The data directory for the Ergo node.";
      };

      listen = {
        ip = mkOption {
          type = types.str;
          default = "0.0.0.0";
          description = "IP address on which the Ergo node should listen.";
        };

        port = mkOption {
          type = types.port;
          default = 9006;
          description = "Listen port for the Ergo node.";
        };
      };

      api = {
       keyHash = mkOption {
        type = types.nullOr types.str;
        default = null;
        example = "324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf";
        description = "Hex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string.";
       };

       listen = {
        ip = mkOption {
          type = types.str;
          default = "0.0.0.0";
          description = "IP address that the Ergo node API should listen on if <option>api.keyHash</option> is defined.";
          };

        port = mkOption {
          type = types.port;
          default = 9052;
          description = "Listen port for the API endpoint if <option>api.keyHash</option> is defined.";
        };
       };
      };

      testnet = mkOption {
         type = types.bool;
         default = false;
         description = "Connect to testnet network instead of the default mainnet.";
      };

      user = mkOption {
        type = types.str;
        default = "ergo";
        description = "The user as which to run the Ergo node.";
      };

      group = mkOption {
        type = types.str;
        default = cfg.user;
        description = "The group as which to run the Ergo node.";
      };

      openFirewall = mkOption {
        type = types.bool;
        default = false;
        description = "Open ports in the firewall for the Ergo node as well as the API.";
      };
    };
  };

  config = mkIf cfg.enable {

    systemd.tmpfiles.rules = [
      "d '${cfg.dataDir}' 0770 '${cfg.user}' '${cfg.group}' - -"
    ];

    systemd.services.ergo = {
      description = "ergo server";
      wantedBy = [ "multi-user.target" ];
      after = [ "network-online.target" ];
      serviceConfig = {
        User = cfg.user;
        Group = cfg.group;
        ExecStart = ''${pkgs.ergo}/bin/ergo \
                      ${optionalString (!cfg.testnet)
                      "--mainnet"} \
                      -c ${configFile}'';
      };
    };

    networking.firewall = mkIf cfg.openFirewall {
      allowedTCPPorts = [ cfg.listen.port ] ++ [ cfg.api.listen.port ];
    };

    users.users.${cfg.user} = {
      name = cfg.user;
      group = cfg.group;
      description = "Ergo daemon user";
      home = cfg.dataDir;
      isSystemUser = true;
    };

    users.groups.${cfg.group} = {};

  };
}
nixos/ergo: init 2020-05-24 20:39:10 +02:00			`{ config, lib, pkgs, ... }:`

			`let`
			`cfg = config.services.ergo;`

			`inherit (lib) mkEnableOption mkIf mkOption optionalString types;`

			`configFile = pkgs.writeText "ergo.conf" (''`
			`ergo {`
			`directory = "${cfg.dataDir}"`
			`node {`
			`mining = false`
			`}`
			`wallet.secretStorage.secretDir = "${cfg.dataDir}/wallet/keystore"`
			`}`

			`scorex {`
			`network {`
			`bindAddress = "${cfg.listen.ip}:${toString cfg.listen.port}"`
			`}`
			`'' + optionalString (cfg.api.keyHash != null) ''`
			`restApi {`
			`apiKeyHash = "${cfg.api.keyHash}"`
			`bindAddress = "${cfg.api.listen.ip}:${toString cfg.api.listen.port}"`
			`}`
			`'' + ''`
			`}`
			`'');`

			`in {`

			`options = {`

			`services.ergo = {`
			`enable = mkEnableOption "Ergo service";`

			`dataDir = mkOption {`
			`type = types.path;`
			`default = "/var/lib/ergo";`
			`description = "The data directory for the Ergo node.";`
			`};`

			`listen = {`
			`ip = mkOption {`
			`type = types.str;`
			`default = "0.0.0.0";`
			`description = "IP address on which the Ergo node should listen.";`
			`};`

			`port = mkOption {`
			`type = types.port;`
			`default = 9006;`
			`description = "Listen port for the Ergo node.";`
			`};`
			`};`

			`api = {`
			`keyHash = mkOption {`
			`type = types.nullOr types.str;`
			`default = null;`
			`example = "324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf";`
			`description = "Hex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string.";`
			`};`

			`listen = {`
			`ip = mkOption {`
			`type = types.str;`
			`default = "0.0.0.0";`
			`description = "IP address that the Ergo node API should listen on if <option>api.keyHash</option> is defined.";`
			`};`

			`port = mkOption {`
			`type = types.port;`
			`default = 9052;`
			`description = "Listen port for the API endpoint if <option>api.keyHash</option> is defined.";`
			`};`
			`};`
			`};`

			`testnet = mkOption {`
			`type = types.bool;`
			`default = false;`
			`description = "Connect to testnet network instead of the default mainnet.";`
			`};`

			`user = mkOption {`
			`type = types.str;`
			`default = "ergo";`
			`description = "The user as which to run the Ergo node.";`
			`};`

			`group = mkOption {`
			`type = types.str;`
			`default = cfg.user;`
			`description = "The group as which to run the Ergo node.";`
			`};`

			`openFirewall = mkOption {`
			`type = types.bool;`
			`default = false;`
			`description = "Open ports in the firewall for the Ergo node as well as the API.";`
			`};`
			`};`
			`};`

			`config = mkIf cfg.enable {`

			`systemd.tmpfiles.rules = [`
			`"d '${cfg.dataDir}' 0770 '${cfg.user}' '${cfg.group}' - -"`
			`];`

			`systemd.services.ergo = {`
			`description = "ergo server";`
			`wantedBy = [ "multi-user.target" ];`
			`after = [ "network-online.target" ];`
			`serviceConfig = {`
			`User = cfg.user;`
			`Group = cfg.group;`
			`ExecStart = ''${pkgs.ergo}/bin/ergo \`
			`${optionalString (!cfg.testnet)`
			`"--mainnet"} \`
			`-c ${configFile}'';`
			`};`
			`};`

			`networking.firewall = mkIf cfg.openFirewall {`
			`allowedTCPPorts = [ cfg.listen.port ] ++ [ cfg.api.listen.port ];`
			`};`

			`users.users.${cfg.user} = {`
			`name = cfg.user;`
			`group = cfg.group;`
			`description = "Ergo daemon user";`
			`home = cfg.dataDir;`
			`isSystemUser = true;`
			`};`

			`users.groups.${cfg.group} = {};`

			`};`
			`}`