3
0
Fork 0
forked from mirrors/nixpkgs

go-ethereum: add support for Auth RPC CLI flags

The split of Ethereum into Execution Layer and Consensus Layer adds a
requirement for communication between execution client and consensus
client using secur JWT tokens. In Geth this is configurable using the
`--authrpc.*` CLI flags which are currently not exposed by this service.

For more details read the following article:
https://geth.ethereum.org/docs/interface/consensus-clients

Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
Jakub Sokołowski 2022-08-22 13:29:45 +02:00
parent 629ec1b38a
commit 54b76185d8
No known key found for this signature in database
GPG key ID: 09AA5403E54D9931

View file

@ -61,6 +61,35 @@ let
};
};
authrpc = {
enable = lib.mkEnableOption "Go Ethereum Auth RPC API";
address = mkOption {
type = types.str;
default = "127.0.0.1";
description = lib.mdDoc "Listen address of Go Ethereum Auth RPC API.";
};
port = mkOption {
type = types.port;
default = 8551;
description = lib.mdDoc "Port number of Go Ethereum Auth RPC API.";
};
vhosts = mkOption {
type = types.nullOr (types.listOf types.str);
default = ["localhost"];
description = lib.mdDoc "List of virtual hostnames from which to accept requests.";
example = ["localhost" "geth.example.org"];
};
jwtsecret = mkOption {
type = types.str;
default = "";
description = lib.mdDoc "Path to a JWT secret for authenticated RPC endpoint.";
example = "/var/run/geth/jwtsecret";
};
};
metrics = {
enable = lib.mkEnableOption "Go Ethereum prometheus metrics";
address = mkOption {
@ -136,7 +165,10 @@ in
cfg.package
]) eachGeth);
systemd.services = mapAttrs' (gethName: cfg: (
systemd.services = mapAttrs' (gethName: cfg: let
stateDir = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}";
dataDir = "/var/lib/${stateDir}";
in (
nameValuePair "geth-${gethName}" (mkIf cfg.enable {
description = "Go Ethereum node (${gethName})";
wantedBy = [ "multi-user.target" ];
@ -145,7 +177,7 @@ in
serviceConfig = {
DynamicUser = true;
Restart = "always";
StateDirectory = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}";
StateDirectory = stateDir;
# Hardening measures
PrivateTmp = "true";
@ -169,8 +201,10 @@ in
${if cfg.websocket.enable then ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}'' else ""} \
${optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \
${optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \
--authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \
${if (cfg.authrpc.jwtsecret != "") then ''--authrpc.jwtsecret ${cfg.authrpc.jwtsecret}'' else ''--authrpc.jwtsecret ${dataDir}/geth/jwtsecret''} \
${lib.escapeShellArgs cfg.extraArgs} \
--datadir /var/lib/goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}
--datadir ${dataDir}
'';
}))) eachGeth;