stakey/nix-decred
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nix-decred/docs/dcrwallet.md

2.5 KiB
Raw Blame History

dcrwallet options

dcrwallet uses rpc credentials, so it's recommended to secure your secrets using a tool like sops-nix.

sops-nix

Render dcrwallet.conf with sops-nix and point the service at it. For example, here's a sample configuration for a voting wallet:

{ config, lib, pkgs, ... }:
{
  # Define credentials as secrets
  sops.secrets."dcrwallet/rpcuser" = {};
  sops.secrets."dcrwallet/rpcpass" = {};

  sops.templates."dcrctl.conf" = {
    path = "/home/operator/.dcrctl/dcrctl.conf";
    owner = "operator";
    group = "users";
    mode = "0400";
    content = ''
      [Application Options]
      rpcuser=${config.sops.placeholder."dcrwallet/rpcuser"}
      rpcpass=${config.sops.placeholder."dcrwallet/rpcpass"}
      rpccert=/var/lib/dcrwallet/rpc.cert
      wallet=1
    '';
  };
  sops.templates."dcrwallet.conf" = {
    owner = config.services.dcrwallet.user;
    group = config.services.dcrwallet.group;
    mode = "0440";
    restartUnits = [ "dcrwallet.service" ];
    content = ''
      [Application Options]
      CAFile=/var/lib/dcrd/rpc.cert
      rpclisten=0.0.0.0:9110
      username=${config.sops.placeholder."dcrwallet/rpcpass"}
      password=${config.sops.placeholder."dcrwallet/rpcpass"}
      enablevoting=1
      manualtickets=1
    '';
    };

  # Ensure dcrwallet only starts when the config exists
  systemd.services.dcrwallet.unitConfig.ConditionPathExists = config.sops.templates."dcrwallet.conf".path;

  services.dcrwallet = {
    enable = true;
    configFile = config.sops.templates."dcrwallet.conf".path;
    extraPackages = [ 
      pkgs.dcrctl
      pkgs.dcrd # promptsecret
      ];
    operator = {
      enable = true;
      name = "stakey";
    };
  };
}

Initialization

If you run dcrwallet as a service, here's how to intialize a wallet as root.

cd /var/lib/dcrwallet
export DCRWALLET_BIN=$(systemctl cat --runtime dcrwallet.service | grep ExecStart | awk '{print $1}' | cut -d= -f2)
doas -u dcrwallet $DCRWALLET_BIN \
  --configfile=/run/secrets/rendered/dcrwallet.conf \
  --appdata=/var/lib/dcrwallet \
  --create

Then you need to start dcrwallet manually the first time to sync.

tmux new "doas -u dcrwallet $DCRWALLET_BIN --configfile=/run/secrets/rendered/dcrwallet.conf --appdata=/var/lib/dcrwallet"

Using the operator

su - operator
dcrctl help

Enable Voting

Use the operator account.

 promptsecret | dcrwallet walletpassphrase - 0