Indirection layer for node

docs/render.nix

@@ -209,7 +209,11 @@ in
                     evaluated = lib.evalModules {
                       modules = modules ++ [
                         {
-                          imports = builtins.import "${inputs.nixpkgs}/nixos/modules/module-list.nix";
+                          # We need standard NixOS modules _plus_ `cardano.providers` inside context of evaluation, because lof of modules
+                          # refers to them in `default` statement.
+                          # Also we couldn't use `builtins.import`, because it raise a conflict in option definitions,
+                          # so use nested module with `imports = []` statement.
+                          imports = builtins.import "${inputs.nixpkgs}/nixos/modules/module-list.nix" ++ [ { imports = [ ../modules/providers.nix ]; } ];
                           nixpkgs.system = system;
                         }
                       ];

flake.nix

@@ -24,6 +24,10 @@
       url = "github:txpipe/oura/v1.9.4";
       inputs.crane.follows = "crane";
     };
+    demeter-run-cli = {
+      url = "github:demeter-run/cli";
+      flake = false;
+    };
     crane = {
       url = "github:ipetkov/crane";
     };

modules/db-sync.nix

@@ -46,7 +46,7 @@ in
       services.cardano-db-sync = {
         enable = true;
         environment = config.services.cardano-node.environments.${config.cardano.network};
-        inherit (config.cardano.node) socketPath;
+        inherit (config.cardano.providers.node) socketPath;
         postgres = {
           user = "cardano-db-sync";
           # use first socket from postgresql settings or default to /run/postgresql
@@ -59,6 +59,8 @@ in
       systemd.services.cardano-db-sync = {
         serviceConfig = {
           User = "cardano-db-sync";
+          # Default db-sync service hardcode "cardano-node"
+          SupplementaryGroups = config.cardano.providers.node.accessGroup;
           # Security
           UMask = "0077";
           CapabilityBoundingSet = "";
@@ -90,10 +92,10 @@ in
         };
       };
     })
-    (mkIf (cfg.enable && config.cardano.node.enable or false) {
+    (mkIf (cfg.enable && config.cardano.providers.node.active) {
       systemd.services.cardano-db-sync = {
-        after = [ "cardano-node-socket.service" ];
-        requires = [ "cardano-node-socket.service" ];
+        after = [ config.cardano.providers.node.after ];
+        requires = [ config.cardano.providers.node.requires ];
       };
     })
     (mkIf (cfg.enable && cfg.postgres.enable) {

modules/default.nix

@@ -10,6 +10,7 @@
     cardano = {
       imports = [
         ./cardano.nix
+        ./providers.nix
       ];
     };
     cli = {
@@ -72,6 +73,12 @@
         ./monitoring.nix
       ];
     };
+    demeter-run = {
+      imports = [
+        ./demeter-run.nix
+        ./services/demeter-run.nix
+      ];
+    };
     # the default module imports all modules
     default = {
       imports = [

modules/demeter-run.nix

@@ -0,0 +1,54 @@
+{ config, lib, ... }:
+
+let
+  cfg = config.cardano.demeter-run;
+  dmtr_cfg = config.services.demeter-run;
+  inherit (lib)
+    mkEnableOption
+    mkIf
+    mkOption
+    types
+    ;
+in
+{
+  options.cardano.demeter-run = {
+    node = {
+      enable = mkEnableOption "Demeter run tunnel";
+      instance = mkOption {
+        type = types.str;
+      };
+
+      configFile = mkOption {
+        type = types.str;
+        description = ''
+          Config file for demeter setup (contain secrets, use agenix or sops)
+
+          This is config file generated by dmtrctl init ... command invocation,
+          contains random generated id, and token is obviously a secret obtained from demeter service during init.
+        '';
+      };
+    };
+
+    # FIXME: not implemented yet
+    kupo = { };
+
+    # FIXME: not implemented yet
+    ogmios = { };
+  };
+
+  config = mkIf cfg.node.enable {
+    services.demeter-run = {
+      enable = true;
+      inherit (cfg.node) instance;
+      inherit (cfg.node) configFile;
+    };
+
+    # Register as cardano-node socket provider
+    cardano.providers.node = {
+      socketPath = dmtr_cfg.socket;
+      accessGroup = dmtr_cfg.group;
+      requires = "demeter-run.service";
+      after = "demeter-run.service";
+    };
+  };
+}

modules/kupo.nix

@@ -24,5 +24,13 @@ in
       after = lib.optional (config.cardano.node.enable or false) "cardano-node-socket.service" ++ lib.optional (config.cardano.ogmios.enable or false) "ogmios.service";
       requires = lib.optional (config.cardano.node.enable or false) "cardano-node-socket.service" ++ lib.optional (config.cardano.ogmios.enable or false) "ogmios.service";
     };
+
+    # Register as default Kupo provider for others `cardano.nix` consumers
+    cardano.providers.kupo = {
+      active = true;
+      inherit (config.service.kupo) host port;
+      after = "kupo.service";
+      requires = "kupo.service";
+    };
   };
 }

modules/node.nix

@@ -111,5 +111,14 @@ in
         chmod g+rw ${cfg.socketPath}
       '';
     };
+
+    # Register as default node socket for others `cardano.nix` consumers
+    cardano.providers.node = {
+      active = true;
+      inherit (cfg) socketPath;
+      accessGroup = "cardano-node";
+      requires = "cardano-node-socket.service";
+      after = "cardano-node-socket.service";
+    };
   };
 }

modules/ogmios.nix

@@ -22,5 +22,13 @@ in
       after = [ "cardano-node-socket.service" ];
       requires = [ "cardano-node-socket.service" ];
     };
+
+    # Register as default Ogmios provider for others `cardano.nix` consumers
+    cardano.providers.ogmios = {
+      active = true;
+      inherit (config.service.ogmios) host port;
+      after = "ogmios.service";
+      requires = "ogmios.service";
+    };
   };
 }

modules/oura.nix

@@ -31,17 +31,17 @@ in
           type = "N2C";
           address = [
             "Unix"
-            config.cardano.node.socketPath
+            config.cardano.providers.node.socketPath
           ];
           magic = config.cardano.network;
         };
         metrics.address = lib.mkIf cfg.prometheusExporter.enable "0.0.0.0:${builtins.toString cfg.prometheusExporter.port}";
       };
     };
 
-    systemd.services.oura = lib.mkIf (config.cardano.node.enable or false) {
-      after = [ "cardano-node-socket.service" ];
-      requires = [ "cardano-node-socket.service" ];
+    systemd.services.oura = lib.mkIf config.cardano.providers.node.active {
+      after = [ config.cardano.providers.node.after ];
+      requires = [ config.cardano.providers.node.requires ];
     };
   };
 }

modules/providers.nix

@@ -0,0 +1,84 @@
+# Design defence:
+# The goal of this module is to introduce an indirection layer for service
+# dependencies: consumers reference a provider instead of binding to a specific
+# systemd unit. This makes it possible to transparently switch between a local
+# cardano-node and a remote tunnel (e.g. from Demeter run). Common options are
+# factored into `sharedOptions` to unify the contract and reduce duplication.
+# Options are currently marked as `internal = true` until proper documentation
+# is written.
+{
+  lib,
+  ...
+}:
+let
+  inherit (lib) mkOption types;
+  sharedOptions = {
+    active = mkOption {
+      type = types.bool;
+      internal = true;
+      default = false;
+      description = ''
+        Mark service provider as active
+      '';
+    };
+    requires = mkOption {
+      type = types.str;
+      internal = true;
+      description = ''
+        Systemd's service name to add to `requires` by all consumers
+      '';
+    };
+    after = mkOption {
+      type = types.str;
+      internal = true;
+      description = ''
+        Systemd's service name to add to `after` by all consumers
+      '';
+    };
+  };
+  socketOptions = name: {
+    accessGroup = mkOption {
+      type = types.str;
+      internal = true;
+      description = ''
+        Group to access ${name} service provider
+      '';
+    };
+    socketPath = mkOption {
+      type = types.path;
+      internal = true;
+      description = ''
+        Path to ${name} socket path, to refer by consumers
+      '';
+    };
+  };
+  tcpOptions = name: {
+    host = mkOption {
+      type = types.str;
+      internal = true;
+      description = ''
+        Host address for TCP connection to ${name}, to refer by consumers.
+      '';
+    };
+    port = mkOption {
+      type = types.port;
+      internal = true;
+      description = ''
+        Port address for TCP connection to ${name}, to refer by consumers.
+      '';
+    };
+  };
+in
+{
+  options.cardano.providers = mkOption {
+    description = "Abstraction layer to plug in different providers of cardano-node/ogmios/kupo/etc";
+    internal = true;
+    type = types.submodule {
+      options = {
+        node = sharedOptions // socketOptions "cardano node";
+        ogmios = sharedOptions // tcpOptions "Ogmios";
+        kupo = sharedOptions // tcpOptions "Kupo";
+      };
+    };
+  };
+}