metacraft-labs · MartinNikov · Apr 26, 2023 · May 2, 2023 · May 31, 2023 · May 31, 2023
diff --git a/modules/default.nix b/modules/default.nix
@@ -18,6 +18,8 @@
       ./prysm-beacon
       ./prysm-validator
       ./restore
+      ./nimbus-eth2
+      ./rocketpool-service
     ];
   };
 }
diff --git a/modules/erigon/default.nix b/modules/erigon/default.nix
@@ -5,7 +5,8 @@
   pkgs,
   ...
 }: let
-  inherit (lib.lists) optionals;
+  inherit (lib.lists) findFirst optionals;
+  inherit (lib.strings) hasPrefix;
   inherit
     (lib)
     concatStringsSep
@@ -68,6 +69,11 @@ in {
           serviceName = "erigon-${erigonName}";
         in
           cfg: let
+            jwtsecret =
+              if cfg.args.authrpc.jwtsecret != null
+              then ''--authrpc.jwtsecret=''${CREDENTIALS_DIRECTORY}/jwtsecret''
+              else "";
+
             scriptArgs = let
               # replace enable flags like --http.enable with just --http
               pathReducer = path: let
@@ -86,11 +92,21 @@ in {
                 if cfg.args.datadir != null
                 then "--datadir ${cfg.args.datadir}"
                 else "--datadir %S/${serviceName}";
+
+              specialArgs = ["--authrpc.jwtsecret"];
+              isNormalArg = name: (findFirst (arg: hasPrefix arg name) null specialArgs) == null;
+              filteredArgs = builtins.filter isNormalArg args;
             in ''
               ${datadir} \
-              ${concatStringsSep " \\\n" args} \
+              ${jwtsecret} \
+              ${concatStringsSep " \\\n" filteredArgs} \
               ${lib.escapeShellArgs cfg.extraArgs}
             '';
+
+            package =
+              if cfg.blst-portable
+              then pkgs.erigon-blst-portable
+              else cfg.package;
           in
             nameValuePair serviceName (mkIf cfg.enable {
               description = "Erigon Ethereum node (${erigonName})";
@@ -106,8 +122,11 @@ in {
                   ExecStartPre = mkIf cfg.subVolume (mkBefore [
                     "+${scripts.setupSubVolume} /var/lib/private/${serviceName}"
                   ]);
-                  ExecStart = "${cfg.package}/bin/erigon ${scriptArgs}";
+                  ExecStart = "${package}/bin/erigon ${scriptArgs}";
                 }
+                (mkIf (cfg.args.authrpc.jwtsecret != null) {
+                  LoadCredential = ["jwtsecret:${cfg.args.authrpc.jwtsecret}"];
+                })
               ];
             })
       )

diff --git a/modules/erigon/options.nix b/modules/erigon/options.nix
@@ -19,6 +19,12 @@
         default = [];
       };
 
+      blst-portable = mkOption {
+        type = types.bool;
+        default = false;
+        description = lib.mdDoc "Make blst library used by erigon build in portable mode. When this option is enabled, the package option is ignored.";
+      };
+
       package = mkOption {
         type = types.package;
         default = pkgs.erigon;

diff --git a/modules/geth/args.nix b/modules/geth/args.nix
@@ -116,6 +116,27 @@ with lib; {
       default = 6060;
       description = mdDoc "Port number of Go Ethereum metrics service.";
     };
+
+    influxdb = {
+      enable = mkEnableOption (mdDoc "Enable metrics export/push to an external InfluxDB database");
+      endpoint = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = mdDoc "InfluxDB API endpoint to report metrics to.";
+      };
+
+      username = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = mdDoc "Username to authorize access to the database.";
+      };
+
+      password = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = mdDoc "Password to authorize access to the database.";
+      };
+    };
   };
 
   network = mkOption {
@@ -179,4 +200,24 @@ with lib; {
     default = null;
     description = mdDoc "Data directory for Geth. Defaults to '%S/geth-\<name\>', which generally resolves to /var/lib/geth-\<name\>.";
   };
+
+  ipcEnable = mkOption {
+    type = types.bool;
+    default = false;
+    description = mdDoc "Enable the IPC-RPC server";
+  };
+
+  snapshot = mkOption {
+    type = types.bool;
+    default = true;
+    description = mdDoc "Enables snapshot-database mode";
+  };
+
+  discovery = {
+    port = mkOption {
+      type = types.port;
+      default = 30303;
+      description = mdDoc "Use a custom UDP port for P2P discovery.";
+    };
+  };
 }
diff --git a/modules/geth/default.nix b/modules/geth/default.nix
@@ -81,7 +81,7 @@ in {
                 };
 
               # filter out certain args which need to be treated differently
-              specialArgs = ["--network" "--authrpc.jwtsecret"];
+              specialArgs = ["--network" "--authrpc.jwtsecret" "--ipcEnable"];
               isNormalArg = name: (findFirst (arg: hasPrefix arg name) null specialArgs) == null;
 
               filteredArgs = builtins.filter isNormalArg args;
@@ -100,9 +100,14 @@ in {
                 if cfg.args.datadir != null
                 then "--datadir ${cfg.args.datadir}"
                 else "--datadir %S/${serviceName}";
+
+              ipc =
+                if cfg.args.ipcEnable
+                then ""
+                else "--ipcdisable";
             in ''
+              ${ipc} ${network} ${jwtSecret} \
               ${datadir} \
-              --ipcdisable ${network} ${jwtSecret} \
               ${concatStringsSep " \\\n" filteredArgs} \
               ${lib.escapeShellArgs cfg.extraArgs}
             '';

diff --git a/modules/lib.nix b/modules/lib.nix
@@ -97,7 +97,7 @@ lib: let
   };
 in {
   inherit baseServiceConfig;
-  inherit mkArg mkArgs defaultPathReducer dotPathReducer;
+  inherit mkArg mkArgs defaultPathReducer defaultArgReducer defaultArgFormatter dotPathReducer;
 
   findEnabled = with lib;
     tree: let

diff --git a/modules/mev-boost/args.nix b/modules/mev-boost/args.nix
@@ -1,7 +1,7 @@
 lib:
 with lib; {
   network = mkOption {
-    type = types.nullOr (types.enum ["mainnet" "goerli" "sepolia" "zhejiang"]);
+    type = types.nullOr (types.enum ["mainnet" "goerli" "sepolia" "zhejiang" "holesky"]);
     default = null;
     description = mdDoc "The network to connect to. Mainnet (null) is the default ethereum network.";
   };

diff --git a/modules/nethermind/default.nix b/modules/nethermind/default.nix
@@ -136,7 +136,9 @@ in {
                 {
                   User = serviceName;
                   StateDirectory = serviceName;
-                  ExecStart = "${cfg.package}/bin/Nethermind.Runner ${scriptArgs}";
+                  ExecStart = "${cfg.package}/bin/nethermind ${scriptArgs}";
+
+                  MemoryDenyWriteExecute = false;
                 }
                 (mkIf (cfg.args.modules.JsonRpc.JwtSecretFile != null) {
                   LoadCredential = ["jwtsecret:${cfg.args.modules.JsonRpc.JwtSecretFile}"];

diff --git a/modules/nimbus-eth2/args.nix b/modules/nimbus-eth2/args.nix
@@ -0,0 +1,172 @@
+lib:
+with lib; {
+  network = mkOption {
+    type = types.nullOr (types.enum ["goerli" "prater" "ropsten" "sepolia" "holesky"]);
+    default = null;
+    description = mdDoc "The network to connect to. Mainnet (null) is the default ethereum network.";
+  };
+
+  jwt-secret = mkOption {
+    type = types.path;
+    default = null;
+    example = "/var/run/nimbus/jwtsecret";
+    description = mdDoc ''
+      Path of file with 32 bytes long JWT secret for Auth RPC endpoint.
+      Can be generated using 'openssl rand -hex 32'.
+    '';
+  };
+
+  udp-port = mkOption {
+    type = types.port;
+    default = 12000;
+    description = mdDoc "The port used by discv5.";
+  };
+
+  tcp-port = mkOption {
+    type = types.port;
+    default = 13000;
+    description = mdDoc "The port used by libp2p.";
+  };
+
+  subscribe-all-subnets = mkOption {
+    type = types.bool;
+    default = false;
+    description = mdDoc "Subscribe to all attestation subnet topics.";
+  };
+
+  doppelganger-detection = mkOption {
+    type = types.bool;
+    default = true;
+    description = mdDoc ''
+      Protection against slashing due to double-voting.
+      Means you will miss two attestations when restarting.
+    '';
+  };
+
+  suggested-fee-recipient = mkOption {
+    type = types.nullOr types.str;
+    default = null;
+    description = mdDoc ''
+      Wallet address where transaction fee tips - priority fees,
+      unburnt portion of gas fees - will be sent.
+    '';
+  };
+
+  nat = mkOption {
+    type = types.str;
+    default = "any";
+    example = "extip:12.34.56.78";
+    description = mdDoc ''
+      Method for determining public address. (any, none, upnp, pmp, extip:IP)
+    '';
+  };
+
+  metrics = {
+    enable = lib.mkEnableOption (mdDoc "Nimbus beacon node metrics endpoint");
+    address = mkOption {
+      type = types.str;
+      default = "127.0.0.1";
+      description = mdDoc "Metrics address for beacon node.";
+    };
+    port = mkOption {
+      type = types.port;
+      default = 8008;
+      description = mdDoc "Metrics port for beacon node.";
+    };
+  };
+
+  rest = {
+    enable = lib.mkEnableOption (mdDoc "Nimbus beacon node REST API");
+    address = mkOption {
+      type = types.str;
+      default = "127.0.0.1";
+      description = mdDoc "Listening address of the REST API server.";
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 5052;
+      description = mdDoc "Port for the REST API server.";
+    };
+  };
+
+  log = {
+    level = mkOption {
+      type = types.enum ["trace" "debug" "info" "notice" "warn" "error" "fatal" "none"];
+      default = "info";
+      example = "debug";
+      description = mdDoc "Logging level.";
+    };
+
+    format = mkOption {
+      type = types.enum ["auto" "colors" "nocolors" "json"];
+      default = "auto";
+      example = "json";
+      description = mdDoc "Logging formatting.";
+    };
+  };
+
+  web3-signer-url = mkOption {
+    type = types.nullOr types.str;
+    default = null;
+    example = "http://localhost:9000/";
+    description = mdDoc "Remote Web3Signer URL that will be used as a source of validators.";
+  };
+
+  web3-urls = mkOption {
+    type = types.listOf types.str;
+    default = [];
+    example = ["http://localhost:8551/"];
+    description = mdDoc "Mandatory URL(s) for the Web3 RPC endpoints.";
+  };
+
+  trusted-node-url = mkOption {
+    type = types.nullOr types.str;
+    default = null;
+    example = "http://localhost:5052/";
+    description = mdDoc "URL for Trusted Node Sync.";
+  };
+
+  backfill = mkOption {
+    type = types.nullOr types.bool;
+    default = true;
+    description = mdDoc "History backfill.";
+  };
+
+  payload-builder = {
+    enable = lib.mkEnableOption (mdDoc "Enable external payload builder.");
+    url = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      example = "http://localhost:18550/";
+      description = mdDoc "Payload builder URL.";
+    };
+  };
+
+  keymanager = {
+    enable = lib.mkEnableOption (mdDoc "Enable the REST keymanager API");
+    address = mkOption {
+      type = types.str;
+      default = "127.0.0.1";
+      description = mdDoc "Listening port for the REST keymanager API.";
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 5052;
+      description = mdDoc "Listening port for the REST keymanager API.";
+    };
+
+    allow-origin = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = mdDoc "Limit the access to the Keymanager API to a particular hostname (for CORS-enabled clients such as browsers).";
+    };
+
+    token-file = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = mdDoc "A file specifying the authorization token required for accessing the keymanager API.";
+    };
+  };
+}