-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathconductor-0_3.nix
139 lines (127 loc) · 3.97 KB
/
conductor-0_3.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
{
lib,
config,
pkgs,
...
}:
with lib; let
# The input config for this service
cfg = config.services.conductor-0_3;
keystore_type = (cfg.config.keystore or {}).type or "lair_server";
in {
options.services.conductor-0_3 = {
enable = mkEnableOption "Holochain conductor";
id = mkOption {
description = "The ID of the conductor, keeping it separate from other conductors";
type = types.str;
};
lairId = mkOption {
description = "The ID of the lair-keystore service to use";
type = types.str;
};
package = lib.mkOption {
description = "Conductor package to use";
type = lib.types.package;
};
keystorePassphrase = mkOption {
description = "The passphrase for Lair";
type = types.str;
};
config = mkOption {
type = types.anything;
default = {};
};
};
config = mkIf cfg.enable {
systemd.services.conductor-0_3 = {
wantedBy = ["multi-user.target"]; # Start on boot
after =
[
# Wait for the network to be ready before starting this service
"network.target"
]
++ (
if keystore_type == "lair_server"
then [
# When Lair is running as a separate service, wait for it to start
"lair-keystore-for-0_3.service"
]
else []
);
bindsTo =
if keystore_type == "lair_server"
then [
# When Lair us running as a separate service, require Lair to be running, stop if Lair stops
"lair-keystore-for-0_3.service"
]
else [];
description = "Holochain conductor: ${cfg.id}";
path = [cfg.package pkgs.yq];
restartIfChanged = true;
environment = {
RUST_LOG = "info,wasmer_compiler_cranelift=warn";
RUST_BACKTRACE = "1";
# HOLOCHAIN_MIGRATE_UNENCRYPTED="true";
};
# TODO should be able to pass this to Holochain as an arg rather than needing to modify the file
preStart =
if keystore_type == "lair_server"
then ''
lair_connection_url=$(yq -r .connectionUrl /var/lib/lair-${cfg.lairId}/lair-keystore-config.yaml)
yq -y "(.keystore.connection_url) = \"$lair_connection_url\"" /etc/holochain-${cfg.id}/conductor.yaml > /var/lib/conductor-${cfg.id}/conductor.yaml
''
else ''
cp /etc/holochain-${cfg.id}/conductor.yaml /var/lib/conductor-${cfg.id}/conductor.yaml
'';
script = ''
echo -n "${cfg.keystorePassphrase}" | holochain -c /var/lib/conductor-${cfg.id}/conductor.yaml --piped
'';
serviceConfig = {
User = "conductor";
Group = "holochain";
StateDirectory = "conductor-${cfg.id}";
StateDirectoryMode = "0755";
Restart = "always";
RestartSec = 1;
Type = "notify"; # The conductor sends a notify signal to systemd when it is ready
NotifyAccess = "all";
};
};
environment.etc."holochain-${cfg.id}/conductor.yaml".source = (pkgs.formats.yaml {}).generate "conductor.yaml" ({
data_root_path = "/var/lib/conductor-${cfg.id}";
db_sync_strategy = "Resilient";
admin_interfaces = [
{
driver = {
type = "websocket";
port = 8000;
allowed_origins = "*";
};
}
];
network = {
network_type = "quic_bootstrap";
bootstrap_service = "https://bootstrap.holo.host";
transport_pool = [
{
type = "webrtc";
signal_url = "wss://signal.holo.host";
}
];
tuning_params = {gossip_strategy = "sharded-gossip";};
};
keystore =
{
type = keystore_type;
}
// (
if keystore_type == "lair_server_in_proc"
then {
lair_root = "/var/lib/conductor-${cfg.id}/keystore/";
}
else {}
);
}
// cfg.config);
};
}