From 92b715fe6fc2cad46566ad820bffdd0e559efde7 Mon Sep 17 00:00:00 2001
From: Kranium Gikos Mendoza <kraniumgikos.mendoza@iohk.io>
Date: Tue, 2 Aug 2022 20:56:22 +1000
Subject: [PATCH] reintroduce cardano-wallet from stable-wallet-impl branch

---
 nix/cardano/nomadCharts/cardano-wallet.nix | 145 +++++++++++++++++++++
 nix/cardano/nomadCharts/default.nix        |   1 +
 2 files changed, 146 insertions(+)
 create mode 100644 nix/cardano/nomadCharts/cardano-wallet.nix

diff --git a/nix/cardano/nomadCharts/cardano-wallet.nix b/nix/cardano/nomadCharts/cardano-wallet.nix
new file mode 100644
index 0000000000..01280c064d
--- /dev/null
+++ b/nix/cardano/nomadCharts/cardano-wallet.nix
@@ -0,0 +1,145 @@
+{
+  inputs,
+  cell,
+}: let
+  inherit (inputs) data-merge cells;
+  inherit (inputs.nixpkgs) lib;
+  inherit (inputs.nixpkgs) system;
+  inherit (inputs.bitte-cells) vector _utils;
+  inherit (cell) healthChecks constants oci-images;
+  # OCI-Image Namer
+  ociNamer = oci: l.unsafeDiscardStringContext "${oci.imageName}:${oci.imageTag}";
+  l = lib // builtins;
+in
+  {
+    jobname ? "wallet",
+    namespace,
+    datacenters ? ["eu-central-1" "eu-west-1" "us-east-2"],
+    domain,
+    nodeClass,
+    scaling,
+  } @ args: let
+    id = jobname;
+    type = "service";
+    priority = 50;
+    persistanceMount = "/persist";
+    vaultPkiPath = "pki/issue/wallet";
+    consulRolePath = "consul/creds/wallet";
+  in
+    with data-merge; {
+      job.${id} = {
+        inherit namespace datacenters id type priority;
+        # ----------
+        # Scheduling
+        # ----------
+        constraint = [
+          {
+            attribute = "\${node.class}";
+            operator = "=";
+            value = "${nodeClass}";
+          }
+          {
+            attribute = "\${meta.cardano}";
+            operator = "is_set";
+          }
+          {
+            operator = "distinct_hosts";
+            value = "true";
+          }
+        ];
+        spread = [{attribute = "\${node.datacenter}";}];
+        # ----------
+        # Update
+        # ----------
+        update.health_check = "task_states";
+        update.healthy_deadline = "5m0s";
+        update.max_parallel = 1;
+        update.min_healthy_time = "10s";
+        update.progress_deadline = "10m0s";
+        update.stagger = "30s";
+        # ----------
+        # Migrate
+        # ----------
+        migrate.health_check = "checks";
+        migrate.healthy_deadline = "8m20s";
+        migrate.max_parallel = 1;
+        migrate.min_healthy_time = "10s";
+        # ----------
+        # Reschedule
+        # ----------
+        reschedule.delay = "30s";
+        reschedule.delay_function = "exponential";
+        reschedule.max_delay = "1h0m0s";
+        reschedule.unlimited = true;
+        # ----------
+        # Task Groups
+        # ----------
+        group.wallet = let
+          # work-around: we need to get rid of vector first
+          node' = (cell.nomadCharts.cardano-node (args // {jobname = "node";})).job.node.group.cardano;
+          group = l.removeAttrs node' ["task"];
+          node = group // {task.node = node'.task.node;};
+        in
+          merge
+          # task.vector ...
+          (vector.nomadTask.default {
+            inherit namespace;
+            endpoints = [
+              # prometheus metrics for wallet
+              "http://127.0.0.1:8082/metrics"
+              # prometheus metrics for cardano-node
+              "http://127.0.0.1:12798/metrics"
+            ];
+          })
+          (
+            merge node
+            {
+              count = scaling;
+              service = append [
+                (import ./srv-wallet.nix {inherit namespace healthChecks;})
+              ];
+              volume = {
+                "persist-wallet-local" = {
+                  source = "${namespace}-persist-wallet-local";
+                  type = "host";
+                };
+              };
+              network.port.wallet = {to = 8090;};
+              task = {
+                # ----------
+                # Task: Wallet
+                # ----------
+                wallet = {
+                  env.DATA_DIR = persistanceMount;
+                  env.SOCKET_PATH = "/alloc/tmp/node.socket";
+                  template =
+                    _utils.nomadFragments.workload-identity-vault {inherit vaultPkiPath;}
+                    ++ _utils.nomadFragments.workload-identity-vault-consul {inherit consulRolePath;};
+                  env.WORKLOAD_CACERT = "/secrets/tls/ca.pem";
+                  env.WORKLOAD_CLIENT_KEY = "/secrets/tls/key.pem";
+                  env.WORKLOAD_CLIENT_CERT = "/secrets/tls/cert.pem";
+                  config.image = ociNamer oci-images.cardano-wallet;
+                  user = "0:0";
+                  driver = "docker";
+                  kill_signal = "SIGINT";
+                  kill_timeout = "30s";
+                  resources = {
+                    cpu = 2000;
+                    memory = 4096;
+                  };
+                  volume_mount = {
+                    destination = persistanceMount;
+                    propagation_mode = "private";
+                    volume = "persist-wallet-local";
+                  };
+                  vault = {
+                    change_mode = "noop";
+                    env = true;
+                    policies = ["wallet"];
+                  };
+                };
+              };
+            }
+          );
+      };
+    }
diff --git a/nix/cardano/nomadCharts/default.nix b/nix/cardano/nomadCharts/default.nix
index 4991f61ae5..e30482a7ad 100644
--- a/nix/cardano/nomadCharts/default.nix
+++ b/nix/cardano/nomadCharts/default.nix
@@ -6,4 +6,5 @@
   cardano-node = import ./cardano-node.nix {inherit inputs cell;};
   cardano-db-sync = import ./cardano-db-sync.nix {inherit inputs cell;};
   cardano-faucet = import ./cardano-faucet.nix {inherit inputs cell;};
+  cardano-wallet = import ./cardano-wallet.nix {inherit inputs cell;};
 }