stakey/nix-decred
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init: vspd at 1.4.0

Browse Source
This commit is contained in:
stakeynet
2025-11-30 22:43:07 -08:00
parent f811e25422
commit cf23980135
5 changed files with 180 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/vspd.md
+67
View File
@@ -0,0 +1,67 @@
# vspd options
`vspd` uses rpc credentials, so it's recommended to secure your secrets using a tool like [sops-nix](https://github.com/Mic92/sops-nix).
## sops-nix
Render `vspd.conf` with `sops-nix` and point the service at it. Example:
```nix
{ config, lib, pkgs, ... }:
{
# Define credentials as secrets
sops.secrets."vspd/adminpass" = {};
sops.secrets."dcrd/rpcuser" = {};
sops.secrets."dcrd/rpcpass" = {};
sops.secrets."dcrwallet/rpcuser" = {};
sops.secrets."dcrwallet/rpcpass" = {};
# Render vspd.conf owned by the vspd service user/group
sops.templates."vspd.conf" = {
owner = config.services.vspd.user;
group = config.services.vspd.group;
mode = "0440";
restartUnits = [ "vspd.service" ];
content = ''
[Application Options]
network = mainnet
# Web server
listen = 0.0.0.0:8800
adminpass = ${config.sops.placeholder."vspd/adminpass"}
supportemail = support@example.com
vspfee = 2.0
# dcrd connection
dcrdhost = 127.0.0.1:9109
dcrduser = ${config.sops.placeholder."dcrd/rpcuser"}
dcrdpass = ${config.sops.placeholder."dcrd/rpcpass"}
dcrdcert = /var/lib/dcrd/rpc.cert
# dcrwallet connections
# Multiple wallets are comma-separated
wallethost = 10.0.0.1:9110,10.0.0.2:9110,10.0.0.3:9110
walletuser = ${config.sops.placeholder."dcrwallet/rpcuser"},${config.sops.placeholder."dcrwallet/rpcuser"},${config.sops.placeholder."dcrwallet/rpcuser"}
walletpass = ${config.sops.placeholder."dcrwallet/rpcpass"},${config.sops.placeholder."dcrwallet/rpcpass"},${config.sops.placeholder."dcrwallet/rpcpass"}
walletcert = /var/lib/vspd/wallet1.cert,/var/lib/vspd/wallet2.cert,/var/lib/vspd/wallet3.cert
'';
};
# Ensure vspd only starts when the config exists
systemd.services.vspd.unitConfig.ConditionPathExists =
config.sops.templates."vspd.conf".path;
# Point the module to the rendered config
services.vspd = {
enable = true;
configFile = config.sops.templates."vspd.conf".path;
};
}
```
## Notes
- `vspd` expects its configuration file to be named `vspd.conf` and located in its home directory. The NixOS module handles this by symlinking the file provided in `configFile` to `/var/lib/vspd/vspd.conf` on startup.
- `vspd` requires access to the `rpc.cert` files for both `dcrd` and all voting `dcrwallet` instances. Ensure permissions are set correctly so the `vspd` user can read them.
- `vspd` periodically writes a backup of its database to `{homedir}/data/{network}/vspd.db-backup`.
Ensure this file is backed up regularly.