forked from mirrors/nixpkgs
go-ethereum: add support for Auth RPC CLI flags
The split of Ethereum into Execution Layer and Consensus Layer adds a requirement for communication between execution client and consensus client using secur JWT tokens. In Geth this is configurable using the `--authrpc.*` CLI flags which are currently not exposed by this service. For more details read the following article: https://geth.ethereum.org/docs/interface/consensus-clients Signed-off-by: Jakub Sokołowski <jakub@status.im>
This commit is contained in:
parent
629ec1b38a
commit
54b76185d8
|
@ -61,6 +61,35 @@ let
|
|||
};
|
||||
};
|
||||
|
||||
authrpc = {
|
||||
enable = lib.mkEnableOption "Go Ethereum Auth RPC API";
|
||||
address = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = lib.mdDoc "Listen address of Go Ethereum Auth RPC API.";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 8551;
|
||||
description = lib.mdDoc "Port number of Go Ethereum Auth RPC API.";
|
||||
};
|
||||
|
||||
vhosts = mkOption {
|
||||
type = types.nullOr (types.listOf types.str);
|
||||
default = ["localhost"];
|
||||
description = lib.mdDoc "List of virtual hostnames from which to accept requests.";
|
||||
example = ["localhost" "geth.example.org"];
|
||||
};
|
||||
|
||||
jwtsecret = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = lib.mdDoc "Path to a JWT secret for authenticated RPC endpoint.";
|
||||
example = "/var/run/geth/jwtsecret";
|
||||
};
|
||||
};
|
||||
|
||||
metrics = {
|
||||
enable = lib.mkEnableOption "Go Ethereum prometheus metrics";
|
||||
address = mkOption {
|
||||
|
@ -136,7 +165,10 @@ in
|
|||
cfg.package
|
||||
]) eachGeth);
|
||||
|
||||
systemd.services = mapAttrs' (gethName: cfg: (
|
||||
systemd.services = mapAttrs' (gethName: cfg: let
|
||||
stateDir = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}";
|
||||
dataDir = "/var/lib/${stateDir}";
|
||||
in (
|
||||
nameValuePair "geth-${gethName}" (mkIf cfg.enable {
|
||||
description = "Go Ethereum node (${gethName})";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
@ -145,7 +177,7 @@ in
|
|||
serviceConfig = {
|
||||
DynamicUser = true;
|
||||
Restart = "always";
|
||||
StateDirectory = "goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}";
|
||||
StateDirectory = stateDir;
|
||||
|
||||
# Hardening measures
|
||||
PrivateTmp = "true";
|
||||
|
@ -169,8 +201,10 @@ in
|
|||
${if cfg.websocket.enable then ''--ws --ws.addr ${cfg.websocket.address} --ws.port ${toString cfg.websocket.port}'' else ""} \
|
||||
${optionalString (cfg.websocket.apis != null) ''--ws.api ${lib.concatStringsSep "," cfg.websocket.apis}''} \
|
||||
${optionalString cfg.metrics.enable ''--metrics --metrics.addr ${cfg.metrics.address} --metrics.port ${toString cfg.metrics.port}''} \
|
||||
--authrpc.addr ${cfg.authrpc.address} --authrpc.port ${toString cfg.authrpc.port} --authrpc.vhosts ${lib.concatStringsSep "," cfg.authrpc.vhosts} \
|
||||
${if (cfg.authrpc.jwtsecret != "") then ''--authrpc.jwtsecret ${cfg.authrpc.jwtsecret}'' else ''--authrpc.jwtsecret ${dataDir}/geth/jwtsecret''} \
|
||||
${lib.escapeShellArgs cfg.extraArgs} \
|
||||
--datadir /var/lib/goethereum/${gethName}/${if (cfg.network == null) then "mainnet" else cfg.network}
|
||||
--datadir ${dataDir}
|
||||
'';
|
||||
}))) eachGeth;
|
||||
|
||||
|
|
Loading…
Reference in a new issue