Change the nix-bitcoin deployment from forking this repo to importing the module

Instead of forking this repo, it is now recommended that users simply import the nix-bitcoin module. This commit adds an example directory that contains the network/ examples and a shell.nix for deployment with nixops.
2020-02-19 16:37:46 +00:00
parent 2d51c722cc
commit 87d0286498
7 changed files with 33 additions and 8 deletions
--- a/examples/nixops/node-libvirtd.nix
+++ b/examples/nixops/node-libvirtd.nix
@@ -0,0 +1,30 @@
+{
+  bitcoin-node =
+    { config, pkgs, ... }:
+    {
+      deployment.targetEnv = "libvirtd";
+      deployment.libvirtd.memorySize = 8192; # megabytes
+      deployment.libvirtd.vcpu = 4; # number of cpus
+      deployment.libvirtd.headless = true;
+      deployment.libvirtd.baseImageSize = 400;
+      boot.kernelParams = [ "console=ttyS0,115200" ];
+      deployment.libvirtd.extraDevicesXML = ''
+        <serial type='pty'>
+          <target port='0'/>
+       </serial>
+        <console type='pty'>
+          <target type='serial' port='0'/>
+       </console>
+      '';
+      # Remove when fixed: https://github.com/NixOS/nixops/issues/931
+      system.activationScripts.nixops-vm-fix-931 = {
+        text = ''
+          if ls -l /nix/store | grep sudo | grep -q nogroup; then
+            mount -o remount,rw  /nix/store
+            chown -R root:nixbld /nix/store
+          fi
+        '';
+        deps = [];
+      };
+    };
+}
--- a/examples/nixops/node-vbox.nix
+++ b/examples/nixops/node-vbox.nix
@@ -0,0 +1,13 @@
+{
+  bitcoin-node =
+    { config, pkgs, ... }:
+    {
+      deployment.targetEnv = "virtualbox";
+      deployment.virtualbox = {
+        memorySize = 4096; # megabytes
+        vcpu = 4; # number of cpus
+        disks.disk1.size = 358400; # 350 GiB
+        headless = true;
+      };
+    };
+}
--- a/examples/nixops/node.nix
+++ b/examples/nixops/node.nix
@@ -0,0 +1,31 @@
+{
+  network.description = "Bitcoin Core node";
+
+  bitcoin-node =
+    { config, pkgs, lib, ... }: {
+      imports = [ ../configuration.nix <nix-bitcoin/modules/nix-bitcoin.nix> ];
+
+      deployment.keys = builtins.mapAttrs (n: v: {
+        keyFile = "${toString ../secrets}/${n}";
+        destDir = config.nix-bitcoin.secretsDir;
+        inherit (v) user group permissions;
+      }) config.nix-bitcoin.secrets;
+
+      # nixops makes the secrets directory accessible only for users with group 'key'.
+      # For compatibility with other deployment methods besides nixops, we forego the
+      # use of the 'key' group and make the secrets dir world-readable instead.
+      # This is safe because all containing files have their specific private
+      # permissions set.
+      systemd.services.allowSecretsDirAccess = {
+        requires = [ "keys.target" ];
+        after = [ "keys.target" ];
+        script = "chmod o+x ${config.nix-bitcoin.secretsDir}";
+        serviceConfig.Type = "oneshot";
+      };
+
+      systemd.targets.nix-bitcoin-secrets = {
+        requires = [ "allowSecretsDirAccess.service" ];
+        after = [ "allowSecretsDirAccess.service" ];
+      };
+    };
+}