New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add spruned application and nixos module #50382
Changes from all commits
8fdb7db
e664d19
03ee97f
7715ba1
e34041c
8311ab2
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
{ config, lib, pkgs, ... }: | ||
|
||
with lib; | ||
|
||
let | ||
cfg = config.services.spruned; | ||
|
||
cliArgs = "--datadir ${cfg.dataDir} --network bitcoin.${cfg.network} ${cfg.extraArguments}"; | ||
in | ||
{ | ||
options = { | ||
services.spruned = { | ||
enable = mkEnableOption "The spruned lightweight Bitcoin pseudonode daemon service"; | ||
dataDir = mkOption { | ||
jb55 marked this conversation as resolved.
Show resolved
Hide resolved
|
||
type = types.str; | ||
default = "/var/lib/spruned"; | ||
description = '' | ||
Directory to store cached block data and spruned logs. | ||
''; | ||
}; | ||
network = mkOption { | ||
type = types.enum [ "mainnet" "testnet" ]; | ||
default = "mainnet"; | ||
description = '' | ||
Whether to use Bitcoin mainnet or testnet. | ||
''; | ||
}; | ||
extraArguments = mkOption { | ||
type = types.separatedString " "; | ||
example = "--mempoolsize 20 --debug"; | ||
default = ""; | ||
description = '' | ||
Additional arguments to be passed to spruned. | ||
''; | ||
}; | ||
}; | ||
}; | ||
|
||
config = mkIf cfg.enable { | ||
systemd.user.services.spruned = { | ||
description = "spruned service"; | ||
after = [ "local-fs.target" "network.target" ]; | ||
wantedBy = [ "multi-user.target" ]; | ||
|
||
serviceConfig = { | ||
Restart = "on-abort"; | ||
ExecStart = "${pkgs.spruned}/bin/spruned ${cliArgs}"; | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Like this, the service runs as root. Try using the There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. so I tried running it as non-root by first using user services and then assigned users, but spruned calls out to ping and doesn't work without it. I couldn't figure out how to make a systemd service that uses ping and isn't root. I looked into the CapabilityBoundingSet CAP_NET_RAW thing but it didn't seem to work. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Use There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. ok I'll try to take another pass at this and patch spruned to use /run/wrappers/bin/ping and switch to DynamicUser. Why DynamicUser instead of a user service? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. DynamicUser lets you can run an un-elevated service without assigning it a system user id. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I'm getting this when I try to run with DynamicUser:
|
||
}; | ||
}; | ||
}; | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
{ stdenv, python3 }: | ||
|
||
let | ||
pythonPackages = python3.pkgs; | ||
in | ||
with stdenv.lib; | ||
pythonPackages.buildPythonApplication rec { | ||
pname = "spruned"; | ||
version = "0.0.4b4"; | ||
|
||
src = pythonPackages.fetchPypi { | ||
inherit pname version; | ||
sha256 = "b156ad410ae71651aafb4ffc639ad491614622a53b3cb8211fd49e2579642f18"; | ||
}; | ||
|
||
disabled = ! pythonPackages.pythonAtLeast "3.5"; | ||
|
||
propagatedBuildInputs = | ||
with pythonPackages; [ | ||
async-timeout | ||
jsonrpcserver | ||
sqlalchemy | ||
plyvel | ||
daemonize | ||
aiohttp | ||
pycoin | ||
]; | ||
|
||
patchPhase = '' | ||
sed -i 's,import spruned,,;s,spruned.__version__,"${version}",' setup.py | ||
|
||
substituteInPlace spruned/application/tools.py \ | ||
--replace "subprocess.call(['ping" "subprocess.call(['/run/wrappers/bin/ping" | ||
|
||
substituteInPlace requirements.txt \ | ||
--replace 'sqlalchemy==1.2.6' 'sqlalchemy==1.2.*' \ | ||
--replace 'aiohttp==3.0.0b0' aiohttp \ | ||
--replace 'daemonize==2.4.7' daemonize \ | ||
--replace 'async-timeout==2.0.1' async-timeout \ | ||
--replace 'jsonrpcserver==3.5.3' jsonrpcserver \ | ||
--replace 'plyvel==0.9.0' plyvel | ||
''; | ||
|
||
doCheck = false; | ||
|
||
meta = { | ||
description = "A Bitcoin lightweight pseudonode with RPC that can fetch any block or transaction"; | ||
homepage = https://github.com/gdassori/spruned; | ||
maintainers = with maintainers; [ jb55 ]; | ||
license = licenses.mit; | ||
platforms = platforms.linux; | ||
}; | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
{ stdenv, buildPythonPackage, fetchPypi, pytest | ||
}: | ||
|
||
buildPythonPackage rec { | ||
pname = "apply_defaults"; | ||
version = "0.1.1"; | ||
|
||
src = fetchPypi { | ||
inherit pname version; | ||
sha256 = "b8c1bc511a0368dabe1af4d80b97186296e25182d7e371d920a9633cf6a2a385"; | ||
}; | ||
|
||
meta = with stdenv.lib; { | ||
homepage = https://github.com/bcb/apply_defaults; | ||
description = "Apply default values to functions"; | ||
license = licenses.free; | ||
maintainers = with maintainers; [ jb55 ]; | ||
}; | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
{ stdenv, buildPythonPackage, fetchPypi, pytest, jsonschema, funcsigs, apply-defaults, mypy, six | ||
}: | ||
|
||
buildPythonPackage rec { | ||
pname = "jsonrpcserver"; | ||
version = "3.5.6"; | ||
|
||
src = fetchPypi { | ||
inherit pname version; | ||
sha256 = "8442af3632ebf012c773aea78639e1ad3f605cda2ffcc58d6e4e34ecf8b4a167"; | ||
}; | ||
|
||
propagatedBuildInputs = [ apply-defaults jsonschema funcsigs six ]; | ||
|
||
doCheck = false; | ||
|
||
meta = with stdenv.lib; { | ||
homepage = https://github.com/bcb/jsonrpcserver; | ||
description = "Process JSON-RPC requests in Python"; | ||
license = licenses.mit; | ||
maintainers = with maintainers; [ jb55 ]; | ||
}; | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
{ stdenv, fetchPypi, buildPythonPackage, tox, pytest }: | ||
|
||
buildPythonPackage rec { | ||
pname = "pycoin"; | ||
version = "0.80"; | ||
|
||
src = fetchPypi{ | ||
inherit pname version; | ||
sha256 = "a79a7771c3f6ca2e35667e80983987f0c799c5db01e58016c22a12e8484b2034"; | ||
}; | ||
|
||
checkInputs = [ tox pytest ]; | ||
|
||
checkPhase = "tox"; | ||
|
||
meta = with stdenv.lib; { | ||
description = "Utilities for Bitcoin and altcoin addresses and transaction manipulation"; | ||
homepage = https://github.com/richardkiss/pycoin; | ||
license = licenses.mit; | ||
maintainers = with maintainers; [ jb55 ]; | ||
}; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You might be sad that you used a capital "T" here.
description = "Whether to enable ${name}.";
https://github.com/NixOS/nixpkgs/blob/master/lib/options.nix#L68There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😅