96 lines
2.5 KiB
Markdown
96 lines
2.5 KiB
Markdown
# dcrwallet options
|
|
|
|
`dcrwallet` uses rpc credentials, so it's recommended to secure your secrets using a tool like [sops-nix](https://github.com/Mic92/sops-nix).
|
|
|
|
## sops-nix
|
|
|
|
Render `dcrwallet.conf` with `sops-nix` and point the service at it. For example, here's a sample configuration for a voting wallet:
|
|
|
|
```nix
|
|
{ config, lib, pkgs, ... }:
|
|
{
|
|
# Define credentials as secrets
|
|
sops.secrets."dcrwallet/rpcuser" = {};
|
|
sops.secrets."dcrwallet/rpcpass" = {};
|
|
|
|
sops.templates."dcrctl.conf" = {
|
|
path = "/home/operator/.dcrctl/dcrctl.conf";
|
|
owner = "operator";
|
|
group = "users";
|
|
mode = "0400";
|
|
content = ''
|
|
[Application Options]
|
|
rpcuser=${config.sops.placeholder."dcrwallet/rpcuser"}
|
|
rpcpass=${config.sops.placeholder."dcrwallet/rpcpass"}
|
|
rpccert=/var/lib/dcrwallet/rpc.cert
|
|
wallet=1
|
|
'';
|
|
};
|
|
sops.templates."dcrwallet.conf" = {
|
|
owner = config.services.dcrwallet.user;
|
|
group = config.services.dcrwallet.group;
|
|
mode = "0440";
|
|
restartUnits = [ "dcrwallet.service" ];
|
|
content = ''
|
|
[Application Options]
|
|
CAFile=/var/lib/dcrd/rpc.cert
|
|
rpclisten=0.0.0.0:9110
|
|
username=${config.sops.placeholder."dcrwallet/rpcpass"}
|
|
password=${config.sops.placeholder."dcrwallet/rpcpass"}
|
|
enablevoting=1
|
|
manualtickets=1
|
|
'';
|
|
};
|
|
|
|
# Ensure dcrwallet only starts when the config exists
|
|
systemd.services.dcrwallet.unitConfig.ConditionPathExists = config.sops.templates."dcrwallet.conf".path;
|
|
|
|
services.dcrwallet = {
|
|
enable = true;
|
|
configFile = config.sops.templates."dcrwallet.conf".path;
|
|
extraPackages = [
|
|
pkgs.dcrctl
|
|
pkgs.dcrd # promptsecret
|
|
];
|
|
operator = {
|
|
enable = true;
|
|
name = "stakey";
|
|
};
|
|
};
|
|
}
|
|
```
|
|
|
|
## Initialization
|
|
|
|
If you run dcrwallet as a service, here's how to intialize a wallet as `root`.
|
|
|
|
```bash
|
|
cd /var/lib/dcrwallet
|
|
export DCRWALLET_BIN=$(systemctl cat --runtime dcrwallet.service | grep ExecStart | awk '{print $1}' | cut -d= -f2)
|
|
doas -u dcrwallet $DCRWALLET_BIN \
|
|
--configfile=/run/secrets/rendered/dcrwallet.conf \
|
|
--appdata=/var/lib/dcrwallet \
|
|
--create
|
|
```
|
|
|
|
Then you need to start dcrwallet manually the first time to sync.
|
|
|
|
```sh
|
|
tmux new "doas -u dcrwallet $DCRWALLET_BIN --configfile=/run/secrets/rendered/dcrwallet.conf --appdata=/var/lib/dcrwallet"
|
|
```
|
|
|
|
## Using the operator
|
|
|
|
```sh
|
|
su - operator
|
|
dcrctl help
|
|
```
|
|
|
|
## Enable Voting
|
|
|
|
Use the operator account.
|
|
|
|
```sh
|
|
promptsecret | dcrwallet walletpassphrase - 0
|
|
```
|