# dcrwallet options

`dcrwallet` uses rpc credentials, so it's recommended to secure your secrets using a tool like [sops-nix](https://github.com/Mic92/sops-nix).

## sops-nix

Render `dcrwallet.conf` with `sops-nix` and point the service at it. For example, here's a sample configuration for a voting wallet:

```nix
{ config, lib, pkgs, ... }:
{
  # Define credentials as secrets
  sops.secrets."dcrwallet/rpcuser" = {};
  sops.secrets."dcrwallet/rpcpass" = {};

  sops.templates."dcrctl.conf" = {
    path = "/home/operator/.dcrctl/dcrctl.conf";
    owner = "operator";
    group = "users";
    mode = "0400";
    content = ''
      [Application Options]
      rpcuser=${config.sops.placeholder."dcrwallet/rpcuser"}
      rpcpass=${config.sops.placeholder."dcrwallet/rpcpass"}
      rpccert=/var/lib/dcrwallet/rpc.cert
      wallet=1
    '';
  };
  sops.templates."dcrwallet.conf" = {
    owner = config.services.dcrwallet.user;
    group = config.services.dcrwallet.group;
    mode = "0440";
    restartUnits = [ "dcrwallet.service" ];
    content = ''
      [Application Options]
      CAFile=/var/lib/dcrd/rpc.cert
      rpclisten=0.0.0.0:9110
      username=${config.sops.placeholder."dcrwallet/rpcpass"}
      password=${config.sops.placeholder."dcrwallet/rpcpass"}
      enablevoting=1
      manualtickets=1
    '';
    };

  # Ensure dcrwallet only starts when the config exists
  systemd.services.dcrwallet.unitConfig.ConditionPathExists = config.sops.templates."dcrwallet.conf".path;

  services.dcrwallet = {
    enable = true;
    configFile = config.sops.templates."dcrwallet.conf".path;
    extraPackages = [ 
      pkgs.dcrctl
      pkgs.dcrd # promptsecret
      ];
    operator = {
      enable = true;
      name = "stakey";
    };
  };
}
```

## Initialization

If you run dcrwallet as a service, here's how to intialize a wallet as `root`.

```bash
cd /var/lib/dcrwallet
export DCRWALLET_BIN=$(systemctl cat --runtime dcrwallet.service | grep ExecStart= | awk '{print $1}' | cut -d= -f2)
doas -u dcrwallet $DCRWALLET_BIN \
  --configfile=/run/secrets/rendered/dcrwallet.conf \
  --appdata=/var/lib/dcrwallet \
  --create
```

Then you need to start dcrwallet manually the first time to sync.

```sh
tmux new "doas -u dcrwallet $DCRWALLET_BIN --configfile=/run/secrets/rendered/dcrwallet.conf --appdata=/var/lib/dcrwallet"
```

## Using the operator

```sh
su - operator
dcrctl help
```

## Enable Voting

Use the operator account.

```sh
 promptsecret | dcrwallet walletpassphrase - 0
```