decred: 2.1.3 -> 2.1.5 for dcrd, dcrwallet, and dcrctl; updated source hashes and vendor hashes

Signed-off-by: stakeynet <git@stakey.net>

.gitignore

@@ -1 +1,2 @@
 .stfolder/
+result

README.md

@@ -19,6 +19,13 @@ If you want to use this today, the sane way would be to fork the project, review
 
 The git server for this project runs on a shared virtual server, so don't trust unsigned or unverified messages.
 
+Service Module Notes
+---
+- [bisonw](docs/bisonw.md)
+- [dcrd](docs/dcrd.md)
+- [dcrwallet](docs/dcrwallet.md)
+- [vspd](docs/vspd.md)
+
 Support
 ---
 No support is provided. If you have ideas for improvement, general feedback, or a PR, you can tag @stakeynet on the Decred matrix channels.

docs/dcrwallet.md

@@ -66,7 +66,7 @@ If you run dcrwallet as a service, here's how to intialize a wallet as `root`.
 
 ```bash
 cd /var/lib/dcrwallet
-export DCRWALLET_BIN=$(systemctl cat --runtime dcrwallet.service | grep ExecStart | awk '{print $1}' | cut -d= -f2)
+export DCRWALLET_BIN=$(systemctl cat --runtime dcrwallet.service | grep ExecStart= | awk '{print $1}' | cut -d= -f2)
 doas -u dcrwallet $DCRWALLET_BIN \
   --configfile=/run/secrets/rendered/dcrwallet.conf \
   --appdata=/var/lib/dcrwallet \

docs/vspd.md

@@ -0,0 +1,64 @@
+# vspd options
+
+`vspd` uses rpc credentials, so it's recommended to secure your secrets using a tool like [sops-nix](https://github.com/Mic92/sops-nix).
+
+## sops-nix
+
+Render `vspd.conf` with `sops-nix` and point the service at it. Example:
+
+```nix
+{ config, lib, pkgs, ... }:
+{
+  # Define credentials as secrets
+  sops.secrets."vspd/adminpass" = {};
+  sops.secrets."dcrwallet/rpcpass" = {};
+
+  # Render vspd.conf owned by the vspd service user/group
+  sops.templates."vspd.conf" = {
+    owner = config.services.vspd.user;
+    group = config.services.vspd.group;
+    mode = "0440";
+    restartUnits = [ "vspd.service" ];
+    content = ''
+      [Application Options]
+      network = mainnet
+      
+      # Web server
+      listen = 0.0.0.0:8800
+      adminpass = ${config.sops.placeholder."vspd/adminpass"}
+      supportemail = support@example.com
+      vspfee = 2.0
+      
+      # dcrd connection
+      dcrdhost = 127.0.0.1:9109
+      dcrduser = myusername
+      dcrdpass = ${config.sops.placeholder."dcrwallet/rpcpass"}
+      dcrdcert = /var/lib/dcrd/rpc.cert
+      
+      # dcrwallet connections
+      # Multiple wallets are comma-separated
+      wallethost = 10.0.0.1:9110,10.0.0.2:9110,10.0.0.3:9110
+      walletuser = wallet1user,wallet2user,wallet3user
+      walletpass = ${config.sops.placeholder."dcrwallet/rpcpass"},${config.sops.placeholder."dcrwallet/rpcpass"},${config.sops.placeholder."dcrwallet/rpcpass"}
+      walletcert = /var/lib/vspd/wallet1.cert,/var/lib/vspd/wallet2.cert,/var/lib/vspd/wallet3.cert
+    '';
+  };
+
+  # Ensure vspd only starts when the config exists
+  systemd.services.vspd.unitConfig.ConditionPathExists =
+    config.sops.templates."vspd.conf".path;
+
+  # Point the module to the rendered config
+  services.vspd = {
+    enable = true;
+    configFile = config.sops.templates."vspd.conf".path;
+  };
+}
+```
+
+## Notes
+
+- `vspd` expects its configuration file to be named `vspd.conf` and located in its home directory. The NixOS module handles this by symlinking the file provided in `configFile` to `/var/lib/vspd/vspd.conf` on startup.
+- `vspd` requires access to the `rpc.cert` files for both `dcrd` and all voting `dcrwallet` instances. Ensure permissions are set correctly so the `vspd` user can read them.
+- `vspd` periodically writes a backup of its database to `{homedir}/data/{network}/vspd.db-backup`.
+Ensure this file is backed up regularly.

flake.lock

@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1764242076,
+        "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -20,6 +20,7 @@
       dcrctl = pkgs.callPackage ./pkgs/dcrctl.nix {};
       dcrwallet = pkgs.callPackage ./pkgs/dcrwallet.nix {};
       bisonw = pkgs.callPackage ./pkgs/bisonw.nix {};
+      vspd = pkgs.callPackage ./pkgs/vspd.nix {};
     });
 
     overlays.default = final: prev: {
@@ -27,17 +28,20 @@
       dcrctl = final.callPackage ./pkgs/dcrctl.nix {};
       dcrwallet = final.callPackage ./pkgs/dcrwallet.nix {};
       bisonw = final.callPackage ./pkgs/bisonw.nix {};
+      vspd = final.callPackage ./pkgs/vspd.nix {};
     };
 
     nixosModules = {
       dcrd = ./modules/dcrd.nix;
       dcrwallet = ./modules/dcrwallet.nix;
       bisonw = ./modules/bisonw.nix;
+      vspd = ./modules/vspd.nix;
       default = { config, lib, pkgs, ... }: {
         imports = [
           self.nixosModules.dcrd
           self.nixosModules.dcrwallet
           self.nixosModules.bisonw
+          self.nixosModules.vspd
         ];
         nixpkgs.overlays = [ self.overlays.default ];
       };

modules/vspd.nix

@@ -0,0 +1,83 @@
+{ config, lib, pkgs, ... }:
+
+let
+  dcrdEnabled = config.services.dcrd.enable or false;
+  cfg = config.services.vspd;
+in {
+  options.services.vspd = with lib; {
+    enable = mkEnableOption "Voting Service Provider Daemon";
+
+    package = mkOption {
+      type = types.package;
+      default = pkgs.vspd;
+      description = "vspd package to use";
+    };
+
+    user = mkOption {
+      type = types.str;
+      default = "vspd";
+      description = "User to run vspd as";
+    };
+
+    group = mkOption {
+      type = types.str;
+      default = cfg.user;
+      description = "Group to run vspd as";
+    };
+
+    dataDir = mkOption {
+      type = types.path;
+      default = "/var/lib/vspd";
+      description = "State directory for vspd";
+    };
+
+    configFile = mkOption {
+      type = types.path;
+      description = "Path to vspd.conf";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    users.users.${cfg.user} = {
+      group = cfg.group;
+      home = cfg.dataDir;
+      isSystemUser = true;
+      description = "vspd user";
+      # vspd needs read access to the dcrd RPC certificate
+      extraGroups = lib.optional (dcrdEnabled && config.services.dcrd.group != cfg.group) config.services.dcrd.group;
+    };
+
+    users.groups.${cfg.group} = {};
+
+    systemd.services.vspd = {
+      description = "Voting Service Provider Daemon";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network-online.target" ];
+      wants = [ "network-online.target" ];
+
+      serviceConfig = {
+        User = cfg.user;
+        Group = cfg.group;
+        StateDirectory = "vspd";
+        StateDirectoryMode = "0750";
+        WorkingDirectory = cfg.dataDir;
+        # Link the provided config file to the expected location in homedir
+        ExecStartPre = "${pkgs.writeShellScript "vspd-pre-start" ''
+          set -e
+          ln -sf ${cfg.configFile} ${cfg.dataDir}/vspd.conf
+          mkdir -p ${cfg.dataDir}/internal/webapi
+          if [ ! -e "${cfg.dataDir}/internal/webapi/public" ]; then
+            ln -sfn "${cfg.package}/share/vspd/internal/webapi/public" "${cfg.dataDir}/internal/webapi/public"
+          fi
+          if [ ! -e "${cfg.dataDir}/internal/webapi/templates" ]; then
+            ln -sfn "${cfg.package}/share/vspd/internal/webapi/templates" "${cfg.dataDir}/internal/webapi/templates"
+          fi
+        ''}";
+        ExecStart = "${lib.getExe cfg.package} --homedir=${cfg.dataDir}";
+        Restart = "on-failure";
+        RestartSec = "10s";
+      };
+    };
+  };
+}
+

pkgs/bisonw.nix

@@ -6,13 +6,13 @@
 
 buildGoModule (finalAttrs: {
   pname = "bisonw";
-  version = "1.0.4";
+  version = "1.0.5";
 
   src = fetchFromGitHub {
     owner = "decred";
     repo = "dcrdex";
     rev = "v${finalAttrs.version}";
-    hash = "sha256-P3aIoCpQoCpc1OPMssbBezgSgMuS1lMuQxHDfPT1pGY=";
+    hash = "sha256-NDG1wucELH+2St63yZxEDTGTpYt3NT6EPYcKKWsvU5g=";
   };
 
   subPackages = [
@@ -24,7 +24,7 @@ buildGoModule (finalAttrs: {
   # ERROR: The package-lock.json file does not exist!
   # Luckily, upstream includes pre-built frontend files.
 
-  vendorHash = "sha256-PsEe2UEhbeKCEmZA1SPj8QYawvtw0+vflKStFr6k5eE=";
+  vendorHash = "sha256-1B2bvJrsHXPPpgem0W2VhQDQiCxaheoq16RCzm+NO0E=";
 
   meta = with lib; {
     description = "Bison Wallet - Multi-coin wallet with built-in DEX trading";

pkgs/dcrctl.nix

@@ -6,16 +6,16 @@
 
 buildGoModule (finalAttrs: {
   pname = "dcrctl";
-  version = "2.0.6";
+  version = "2.1.5";
 
   src = fetchFromGitHub {
     owner = "decred";
     repo = "dcrctl";
     rev = "release-v${finalAttrs.version}";
-    hash = "sha256-TxXPPe4AUEck3dFS0+TJgEPenAP43UOwqKWK/3unzjA=";
+    hash = "sha256-Cw+lLPjq+kcQ0aH//wBvAK2cNIWodEJXku8jUVBys5o=";
   };
 
-  vendorHash = "sha256-YctyhZV6qf8xPnjrkkOwerazKHVOUAkpKe7kV3t6Tis=";
+  vendorHash = "sha256-THlkOwgggTEz3ajRNgSxK6n5dKhCS4UGw/61Rc9q1nc=";
 
   ldflags = [
     "-s"

pkgs/dcrd.nix

@@ -4,18 +4,18 @@
   fetchFromGitHub,
 }:
 
-buildGoModule rec {
+buildGoModule (finalAttrs: {
   pname = "dcrd";
-  version = "2.0.6";
+  version = "2.1.5";
 
   src = fetchFromGitHub {
     owner = "decred";
     repo = "dcrd";
-    rev = "dabb3760c7ae45e42ee55f0d86dd8def61b41a69";
+    rev = "release-v${finalAttrs.version}";
-    hash = "sha256-mSq4SRSnZOoCuRKVwmb8Y6+KbaTtg+DLf4YX5oApx0k=";
+    hash = "sha256-EzNohMu0jLhQJwI16xKupH/riLKvtC1edMw5l6Bxj/I=";
   };
 
-  vendorHash = "sha256-kzb8qh1j2+TlX+et0RSq5qU1LHSEs3Kaf0nHOnGjdd0=";
+  vendorHash = "sha256-iUfTHzwjG+TyaHyhs4MGBCvfxah+Wv1+syFkiiaMLeU=";
 
   subPackages = [
     "."
@@ -33,5 +33,5 @@ buildGoModule rec {
     license = with lib.licenses; [ isc ];
     mainProgram = "dcrd";
   };
-}
+})
 

pkgs/dcrwallet.nix

@@ -6,16 +6,16 @@
 
 buildGoModule (finalAttrs: {
   pname = "dcrwallet";
-  version = "2.0.6";
+  version = "2.1.5";
 
   src = fetchFromGitHub {
     owner = "decred";
     repo = "dcrwallet";
     rev = "release-v${finalAttrs.version}";
-    hash = "sha256-MrQrDip8vE0l5XHkx/zIegSZd/AkWq1aFZLUVPdMy50=";
+    hash = "sha256-1PCxS67hXmwUD08OGyt6szVSgQ5M9e0j8ivNxmitfR8=";
   };
 
-  vendorHash = "sha256-Ulh6RxK+PvS70mJ7TYiGMzKFsR79+asWuQ5W1FAI23I=";
+  vendorHash = "sha256-5rI6z7fC7jKPxovWp7nlZrR25NuUEz5obCn2HA6Crpk=";
 
   subPackages = [ "." ];
 

pkgs/vspd.nix

@@ -0,0 +1,38 @@
+{
+  lib,
+  buildGoModule,
+  fetchFromGitHub,
+}:
+
+buildGoModule (finalAttrs: {
+  pname = "vspd";
+  version = "1.4.0";
+
+  src = fetchFromGitHub {
+    owner = "decred";
+    repo = "vspd";
+    rev = "release-v${finalAttrs.version}";
+    hash = "sha256-V5vLJs82mv7uKjx9V7jx8WqqgC+YSf5XrFMKtBEbke4=";
+  };
+
+  vendorHash = "sha256-c9BUiCOTTRpsJoJ1BteFt9sOOx98eJDOsBV2jRWqx0Y=";
+
+  subPackages = [
+    "cmd/vspd"
+    "cmd/vspadmin"
+  ];
+
+  postInstall = ''
+    mkdir -p $out/share/vspd/internal/webapi
+    cp -r internal/webapi/public $out/share/vspd/internal/webapi/
+    cp -r internal/webapi/templates $out/share/vspd/internal/webapi/
+  '';
+
+  meta = {
+    homepage = "https://github.com/decred/vspd";
+    description = "Voting Service Provider Daemon";
+    license = with lib.licenses; [ isc ];
+    mainProgram = "vspd";
+  };
+})
+