stakey/nix-decred
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

init: vspd at 1.4.0

Browse Source
This commit is contained in:
stakeynet 2025-11-30 22:43:07 -08:00
parent f811e25422
commit cf23980135
Signed by: stakey
GPG Key ID: 0E5D9B54F07D920D
5 changed files with 180 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -19,6 +19,13 @@ If you want to use this today, the sane way would be to fork the project, review
The git server for this project runs on a shared virtual server, so don't trust unsigned or unverified messages. The git server for this project runs on a shared virtual server, so don't trust unsigned or unverified messages.
Service Module Notes
---
- [bisonw](docs/bisonw.md)
- [dcrd](docs/dcrd.md)
- [dcrwallet](docs/dcrwallet.md)
- [vspd](docs/vspd.md)
Support Support
--- ---
No support is provided. If you have ideas for improvement, general feedback, or a PR, you can tag @stakeynet on the Decred matrix channels. No support is provided. If you have ideas for improvement, general feedback, or a PR, you can tag @stakeynet on the Decred matrix channels.

67
docs/vspd.md Normal file
View File

@ -0,0 +1,67 @@
# vspd options
`vspd` uses rpc credentials, so it's recommended to secure your secrets using a tool like [sops-nix](https://github.com/Mic92/sops-nix).
## sops-nix
Render `vspd.conf` with `sops-nix` and point the service at it. Example:
```nix
{ config, lib, pkgs, ... }:
{
# Define credentials as secrets
sops.secrets."vspd/adminpass" = {};
sops.secrets."dcrd/rpcuser" = {};
sops.secrets."dcrd/rpcpass" = {};
sops.secrets."dcrwallet/rpcuser" = {};
sops.secrets."dcrwallet/rpcpass" = {};
# Render vspd.conf owned by the vspd service user/group
sops.templates."vspd.conf" = {
owner = config.services.vspd.user;
group = config.services.vspd.group;
mode = "0440";
restartUnits = [ "vspd.service" ];
content = ''
[Application Options]
network = mainnet
# Web server
listen = 0.0.0.0:8800
adminpass = ${config.sops.placeholder."vspd/adminpass"}
supportemail = support@example.com
vspfee = 2.0
# dcrd connection
dcrdhost = 127.0.0.1:9109
dcrduser = ${config.sops.placeholder."dcrd/rpcuser"}
dcrdpass = ${config.sops.placeholder."dcrd/rpcpass"}
dcrdcert = /var/lib/dcrd/rpc.cert
# dcrwallet connections
# Multiple wallets are comma-separated
wallethost = 10.0.0.1:9110,10.0.0.2:9110,10.0.0.3:9110
walletuser = ${config.sops.placeholder."dcrwallet/rpcuser"},${config.sops.placeholder."dcrwallet/rpcuser"},${config.sops.placeholder."dcrwallet/rpcuser"}
walletpass = ${config.sops.placeholder."dcrwallet/rpcpass"},${config.sops.placeholder."dcrwallet/rpcpass"},${config.sops.placeholder."dcrwallet/rpcpass"}
walletcert = /var/lib/vspd/wallet1.cert,/var/lib/vspd/wallet2.cert,/var/lib/vspd/wallet3.cert
'';
};
# Ensure vspd only starts when the config exists
systemd.services.vspd.unitConfig.ConditionPathExists =
config.sops.templates."vspd.conf".path;
# Point the module to the rendered config
services.vspd = {
enable = true;
configFile = config.sops.templates."vspd.conf".path;
};
}
```
## Notes
- `vspd` expects its configuration file to be named `vspd.conf` and located in its home directory. The NixOS module handles this by symlinking the file provided in `configFile` to `/var/lib/vspd/vspd.conf` on startup.
- `vspd` requires access to the `rpc.cert` files for both `dcrd` and all voting `dcrwallet` instances. Ensure permissions are set correctly so the `vspd` user can read them.
- `vspd` periodically writes a backup of its database to `{homedir}/data/{network}/vspd.db-backup`.
Ensure this file is backed up regularly.

4
flake.nix
View File

@ -20,6 +20,7 @@
dcrctl = pkgs.callPackage ./pkgs/dcrctl.nix {}; dcrctl = pkgs.callPackage ./pkgs/dcrctl.nix {};
dcrwallet = pkgs.callPackage ./pkgs/dcrwallet.nix {}; dcrwallet = pkgs.callPackage ./pkgs/dcrwallet.nix {};
bisonw = pkgs.callPackage ./pkgs/bisonw.nix {}; bisonw = pkgs.callPackage ./pkgs/bisonw.nix {};
vspd = pkgs.callPackage ./pkgs/vspd.nix {};
}); });
overlays.default = final: prev: { overlays.default = final: prev: {
@ -27,17 +28,20 @@
dcrctl = final.callPackage ./pkgs/dcrctl.nix {}; dcrctl = final.callPackage ./pkgs/dcrctl.nix {};
dcrwallet = final.callPackage ./pkgs/dcrwallet.nix {}; dcrwallet = final.callPackage ./pkgs/dcrwallet.nix {};
bisonw = final.callPackage ./pkgs/bisonw.nix {}; bisonw = final.callPackage ./pkgs/bisonw.nix {};
vspd = final.callPackage ./pkgs/vspd.nix {};
}; };
nixosModules = { nixosModules = {
dcrd = ./modules/dcrd.nix; dcrd = ./modules/dcrd.nix;
dcrwallet = ./modules/dcrwallet.nix; dcrwallet = ./modules/dcrwallet.nix;
bisonw = ./modules/bisonw.nix; bisonw = ./modules/bisonw.nix;
vspd = ./modules/vspd.nix;
default = { config, lib, pkgs, ... }: { default = { config, lib, pkgs, ... }: {
imports = [ imports = [
self.nixosModules.dcrd self.nixosModules.dcrd
self.nixosModules.dcrwallet self.nixosModules.dcrwallet
self.nixosModules.bisonw self.nixosModules.bisonw
self.nixosModules.vspd
]; ];
nixpkgs.overlays = [ self.overlays.default ]; nixpkgs.overlays = [ self.overlays.default ];
}; };

70
modules/vspd.nix Normal file
View File

@ -0,0 +1,70 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.vspd;
in {
options.services.vspd = with lib; {
enable = mkEnableOption "Voting Service Provider Daemon";
package = mkOption {
type = types.package;
default = pkgs.vspd;
description = "vspd package to use";
};
user = mkOption {
type = types.str;
default = "vspd";
description = "User to run vspd as";
};
group = mkOption {
type = types.str;
default = cfg.user;
description = "Group to run vspd as";
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/vspd";
description = "State directory for vspd";
};
configFile = mkOption {
type = types.path;
description = "Path to vspd.conf";
};
};
config = lib.mkIf cfg.enable {
users.users.${cfg.user} = {
group = cfg.group;
home = cfg.dataDir;
isSystemUser = true;
description = "vspd user";
};
users.groups.${cfg.group} = {};
systemd.services.vspd = {
description = "Voting Service Provider Daemon";
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
User = cfg.user;
Group = cfg.group;
StateDirectory = "vspd";
StateDirectoryMode = "0750";
WorkingDirectory = cfg.dataDir;
# Link the provided config file to the expected location in homedir
ExecStartPre = "${pkgs.bash}/bin/bash -c 'ln -sf ${cfg.configFile} ${cfg.dataDir}/vspd.conf'";
ExecStart = "${lib.getExe cfg.package} --homedir=${cfg.dataDir}";
Restart = "on-failure";
RestartSec = "10s";
};
};
};
}

32
pkgs/vspd.nix Normal file
View File

@ -0,0 +1,32 @@
{
lib,
buildGoModule,
fetchFromGitHub,
}:
buildGoModule (finalAttrs: {
pname = "vspd";
version = "1.4.0";
src = fetchFromGitHub {
owner = "decred";
repo = "vspd";
rev = "release-v${finalAttrs.version}";
hash = "sha256-V5vLJs82mv7uKjx9V7jx8WqqgC+YSf5XrFMKtBEbke4=";
};
vendorHash = "sha256-c9BUiCOTTRpsJoJ1BteFt9sOOx98eJDOsBV2jRWqx0Y=";
subPackages = [
"cmd/vspd"
"cmd/vspadmin"
];
meta = {
homepage = "https://github.com/decred/vspd";
description = "Voting Service Provider Daemon";
license = with lib.licenses; [ isc ];
mainProgram = "vspd";
};
})