{ config, lib, pkgs, ... }: let cfg = config.services.ergo; inherit (lib) mkEnableOption mkIf mkOption optionalString types; configFile = pkgs.writeText "ergo.conf" ('' ergo { directory = "${cfg.dataDir}" node { mining = false } wallet.secretStorage.secretDir = "${cfg.dataDir}/wallet/keystore" } scorex { network { bindAddress = "${cfg.listen.ip}:${toString cfg.listen.port}" } '' + optionalString (cfg.api.keyHash != null) '' restApi { apiKeyHash = "${cfg.api.keyHash}" bindAddress = "${cfg.api.listen.ip}:${toString cfg.api.listen.port}" } '' + '' } ''); in { options = { services.ergo = { enable = mkEnableOption "Ergo service"; dataDir = mkOption { type = types.path; default = "/var/lib/ergo"; description = "The data directory for the Ergo node."; }; listen = { ip = mkOption { type = types.str; default = "0.0.0.0"; description = "IP address on which the Ergo node should listen."; }; port = mkOption { type = types.port; default = 9006; description = "Listen port for the Ergo node."; }; }; api = { keyHash = mkOption { type = types.nullOr types.str; default = null; example = "324dcf027dd4a30a932c441f365a25e86b173defa4b8e58948253471b81b72cf"; description = "Hex-encoded Blake2b256 hash of an API key as a 64-chars long Base16 string."; }; listen = { ip = mkOption { type = types.str; default = "0.0.0.0"; description = "IP address that the Ergo node API should listen on if is defined."; }; port = mkOption { type = types.port; default = 9052; description = "Listen port for the API endpoint if is defined."; }; }; }; testnet = mkOption { type = types.bool; default = false; description = "Connect to testnet network instead of the default mainnet."; }; user = mkOption { type = types.str; default = "ergo"; description = "The user as which to run the Ergo node."; }; group = mkOption { type = types.str; default = cfg.user; description = "The group as which to run the Ergo node."; }; openFirewall = mkOption { type = types.bool; default = false; description = "Open ports in the firewall for the Ergo node as well as the API."; }; }; }; config = mkIf cfg.enable { systemd.tmpfiles.rules = [ "d '${cfg.dataDir}' 0770 '${cfg.user}' '${cfg.group}' - -" ]; systemd.services.ergo = { description = "ergo server"; wantedBy = [ "multi-user.target" ]; after = [ "network-online.target" ]; serviceConfig = { User = cfg.user; Group = cfg.group; ExecStart = ''${pkgs.ergo}/bin/ergo \ ${optionalString (!cfg.testnet) "--mainnet"} \ -c ${configFile}''; }; }; networking.firewall = mkIf cfg.openFirewall { allowedTCPPorts = [ cfg.listen.port ] ++ [ cfg.api.listen.port ]; }; users.users.${cfg.user} = { name = cfg.user; group = cfg.group; description = "Ergo daemon user"; home = cfg.dataDir; isSystemUser = true; }; users.groups.${cfg.group} = {}; }; }