stakey/nix-decred
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nix-decred/docs/vspd.md
stakeynet cf23980135
init: vspd at 1.4.0
2025-11-30 22:43:07 -08:00

2.6 KiB
Raw Blame History

vspd options

vspd uses rpc credentials, so it's recommended to secure your secrets using a tool like sops-nix.

sops-nix

Render vspd.conf with sops-nix and point the service at it. Example:

{ config, lib, pkgs, ... }:
{
  # Define credentials as secrets
  sops.secrets."vspd/adminpass" = {};
  sops.secrets."dcrd/rpcuser" = {};
  sops.secrets."dcrd/rpcpass" = {};
  sops.secrets."dcrwallet/rpcuser" = {};
  sops.secrets."dcrwallet/rpcpass" = {};

  # Render vspd.conf owned by the vspd service user/group
  sops.templates."vspd.conf" = {
    owner = config.services.vspd.user;
    group = config.services.vspd.group;
    mode = "0440";
    restartUnits = [ "vspd.service" ];
    content = ''
      [Application Options]
      network = mainnet
      
      # Web server
      listen = 0.0.0.0:8800
      adminpass = ${config.sops.placeholder."vspd/adminpass"}
      supportemail = support@example.com
      vspfee = 2.0
      
      # dcrd connection
      dcrdhost = 127.0.0.1:9109
      dcrduser = ${config.sops.placeholder."dcrd/rpcuser"}
      dcrdpass = ${config.sops.placeholder."dcrd/rpcpass"}
      dcrdcert = /var/lib/dcrd/rpc.cert
      
      # dcrwallet connections
      # Multiple wallets are comma-separated
      wallethost = 10.0.0.1:9110,10.0.0.2:9110,10.0.0.3:9110
      walletuser = ${config.sops.placeholder."dcrwallet/rpcuser"},${config.sops.placeholder."dcrwallet/rpcuser"},${config.sops.placeholder."dcrwallet/rpcuser"}
      walletpass = ${config.sops.placeholder."dcrwallet/rpcpass"},${config.sops.placeholder."dcrwallet/rpcpass"},${config.sops.placeholder."dcrwallet/rpcpass"}
      walletcert = /var/lib/vspd/wallet1.cert,/var/lib/vspd/wallet2.cert,/var/lib/vspd/wallet3.cert
    '';
  };

  # Ensure vspd only starts when the config exists
  systemd.services.vspd.unitConfig.ConditionPathExists =
    config.sops.templates."vspd.conf".path;

  # Point the module to the rendered config
  services.vspd = {
    enable = true;
    configFile = config.sops.templates."vspd.conf".path;
  };
}

Notes

  • vspd expects its configuration file to be named vspd.conf and located in its home directory. The NixOS module handles this by symlinking the file provided in configFile to /var/lib/vspd/vspd.conf on startup.
  • vspd requires access to the rpc.cert files for both dcrd and all voting dcrwallet instances. Ensure permissions are set correctly so the vspd user can read them.
  • vspd periodically writes a backup of its database to {homedir}/data/{network}/vspd.db-backup. Ensure this file is backed up regularly.