lighthouse: add `package` option to service (#285005)

pyrox.dev / nixpkgs

fork atom

lol

fork atom

authored by

Ramses and committed by

GitHub 1 year ago 3becff67 6715341f

+37 -18

1 changed file

expand all

nixos

modules

services

blockchain

ethereum

lighthouse.nix

+37 -18

nixos/modules/services/blockchain/ethereum/lighthouse.nix

··· 1 - { config, lib, pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 let 3 - 4 8 cfg = config.services.lighthouse; 5 - in { 6 - 9 + in 10 + { 7 11 options = { 8 12 services.lighthouse = { 9 13 beacon = lib.mkOption { 10 14 description = "Beacon node"; 11 - default = {}; 15 + default = { }; 12 16 type = lib.types.submodule { 13 17 options = { 14 18 enable = lib.mkEnableOption "Lightouse Beacon node"; ··· 133 137 134 138 validator = lib.mkOption { 135 139 description = "Validator node"; 136 - default = {}; 140 + default = { }; 137 141 type = lib.types.submodule { 138 142 options = { 139 143 enable = lib.mkOption { ··· 152 156 153 157 beaconNodes = lib.mkOption { 154 158 type = lib.types.listOf lib.types.str; 155 - default = ["http://localhost:5052"]; 159 + default = [ "http://localhost:5052" ]; 156 160 description = '' 157 161 Beacon nodes to connect to. 158 162 ''; ··· 190 194 }; 191 195 192 196 network = lib.mkOption { 193 - type = lib.types.enum [ "mainnet" "gnosis" "chiado" "sepolia" "holesky" ]; 197 + type = lib.types.enum [ 198 + "mainnet" 199 + "gnosis" 200 + "chiado" 201 + "sepolia" 202 + "holesky" 203 + ]; 194 204 default = "mainnet"; 195 205 description = '' 196 206 The network to connect to. Mainnet is the default ethereum network. ··· 205 215 default = ""; 206 216 example = ""; 207 217 }; 218 + 219 + package = lib.mkPackageOption pkgs "lighthouse" { }; 208 220 }; 209 221 }; 210 222 211 223 config = lib.mkIf (cfg.beacon.enable || cfg.validator.enable) { 212 - 213 - environment.systemPackages = [ pkgs.lighthouse ] ; 224 + environment.systemPackages = [ cfg.package ]; 214 225 215 226 networking.firewall = lib.mkIf cfg.beacon.enable { 216 227 allowedTCPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; 217 228 allowedUDPPorts = lib.mkIf cfg.beacon.openFirewall [ cfg.beacon.port ]; 218 229 }; 219 - 220 230 221 231 systemd.services.lighthouse-beacon = lib.mkIf cfg.beacon.enable { 222 232 description = "Lighthouse beacon node (connect to P2P nodes and verify blocks)"; ··· 227 237 # make sure the chain data directory is created on first run 228 238 mkdir -p ${cfg.beacon.dataDir}/${cfg.network} 229 239 230 - ${pkgs.lighthouse}/bin/lighthouse beacon_node \ 240 + ${lib.getExe cfg.package} beacon_node \ 231 241 --disable-upnp \ 232 242 ${lib.optionalString cfg.beacon.disableDepositContractSync "--disable-deposit-contract-sync"} \ 233 243 --port ${toString cfg.beacon.port} \ ··· 236 246 --datadir ${cfg.beacon.dataDir}/${cfg.network} \ 237 247 --execution-endpoint http://${cfg.beacon.execution.address}:${toString cfg.beacon.execution.port} \ 238 248 --execution-jwt ''${CREDENTIALS_DIRECTORY}/LIGHTHOUSE_JWT \ 239 - ${lib.optionalString cfg.beacon.http.enable '' --http --http-address ${cfg.beacon.http.address} --http-port ${toString cfg.beacon.http.port}''} \ 240 - ${lib.optionalString cfg.beacon.metrics.enable '' --metrics --metrics-address ${cfg.beacon.metrics.address} --metrics-port ${toString cfg.beacon.metrics.port}''} \ 249 + ${lib.optionalString cfg.beacon.http.enable ''--http --http-address ${cfg.beacon.http.address} --http-port ${toString cfg.beacon.http.port}''} \ 250 + ${lib.optionalString cfg.beacon.metrics.enable ''--metrics --metrics-address ${cfg.beacon.metrics.address} --metrics-port ${toString cfg.beacon.metrics.port}''} \ 241 251 ${cfg.extraArgs} ${cfg.beacon.extraArgs} 242 252 ''; 243 253 serviceConfig = { ··· 262 272 RestrictNamespaces = true; 263 273 LockPersonality = true; 264 274 RemoveIPC = true; 265 - SystemCallFilter = [ "@system-service" "~@privileged" ]; 275 + SystemCallFilter = [ 276 + "@system-service" 277 + "~@privileged" 278 + ]; 266 279 }; 267 280 }; 268 281 ··· 275 288 # make sure the chain data directory is created on first run 276 289 mkdir -p ${cfg.validator.dataDir}/${cfg.network} 277 290 278 - ${pkgs.lighthouse}/bin/lighthouse validator_client \ 291 + ${lib.getExe cfg.package} validator_client \ 279 292 --network ${cfg.network} \ 280 293 --beacon-nodes ${lib.concatStringsSep "," cfg.validator.beaconNodes} \ 281 294 --datadir ${cfg.validator.dataDir}/${cfg.network} \ ··· 305 318 RestrictNamespaces = true; 306 319 LockPersonality = true; 307 320 RemoveIPC = true; 308 - RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ]; 309 - SystemCallFilter = [ "@system-service" "~@privileged" ]; 321 + RestrictAddressFamilies = [ 322 + "AF_INET" 323 + "AF_INET6" 324 + ]; 325 + SystemCallFilter = [ 326 + "@system-service" 327 + "~@privileged" 328 + ]; 310 329 }; 311 330 }; 312 331 };