Skip to content

Commit

Permalink
Fix memorydenywrite issue and add keymanager API (#546)
Browse files Browse the repository at this point in the history
fix memorydenywrite issue and add keymanager API
  • Loading branch information
ekimber authored Sep 24, 2024
1 parent 0f87d1c commit 7f9a576
Show file tree
Hide file tree
Showing 2 changed files with 45 additions and 6 deletions.
23 changes: 23 additions & 0 deletions modules/nimbus-beacon/args.nix
Original file line number Diff line number Diff line change
Expand Up @@ -93,6 +93,29 @@ with lib; {
description = "The graffiti value that will appear in proposed blocks. You can use a 0x-prefixed hex encoded string to specify raw bytes.";
};

keymanager = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable keymanager API";
};
address = mkOption {
type = types.str;
default = "127.0.0.1";
description = "Host used for keymanager API.";
};
port = mkOption {
type = types.port;
default = 5053;
description = "Keymanager API PORT";
};
token-file = mkOption {
type = types.str;
default = "api-token.txt";
description = "Keymanager API token file";
};
};

metrics = {
enable = mkOption {
type = types.bool;
Expand Down
28 changes: 22 additions & 6 deletions modules/nimbus-beacon/default.nix
Original file line number Diff line number Diff line change
Expand Up @@ -98,8 +98,9 @@ in {
else "";
data-dir =
if cfg.args.data-dir != null
then "--data-dir=${cfg.args.data-dir}"
else "--data-dir=%S/${serviceName}";
then cfg.args.data-dir
else "%S/${serviceName}";
data-dir-arg = "--data-dir=${data-dir}";

scriptArgs = let
# filter out certain args which need to be treated differently
Expand All @@ -116,6 +117,10 @@ in {
"--metrics-port"
"--payload-builder-enable"
"--payload-builder-url"
"--keymanager-enable"
"--keymanager-token-file"
"--keymanager-address"
"--keymanager-port"
"--trusted-node-url" # only needed for checkpoint sync
];
isNormalArg = name: (findFirst (arg: hasPrefix arg name) null specialArgs) == null;
Expand All @@ -137,10 +142,16 @@ in {
++ (optionals cfg.args.payload-builder.enable [
"--payload-builder"
"--payload-builder-url=${cfg.args.payload-builder.url}"
])
++ (optionals cfg.args.keymanager.enable [
"--keymanager"
"--keymanager-address=${cfg.args.keymanager.address}"
"--keymanager-port=${toString cfg.args.keymanager.port}"
"--keymanager-token-file=${data-dir}/${cfg.args.keymanager.token-file}"
]);
in ''
${jwt-secret} \
${data-dir} \
${data-dir-arg} \
${concatStringsSep " \\\n" filteredArgs} \
${lib.escapeShellArgs cfg.extraArgs}
'';
Expand All @@ -154,7 +165,7 @@ in {
filteredArgs = builtins.filter isCheckpointArg args;
in ''
--backfill=false \
${data-dir} \
${data-dir-arg} \
${concatStringsSep " \\\n" filteredArgs}
'';
in
Expand All @@ -164,16 +175,21 @@ in {
description = "Nimbus Beacon Node (${beaconName})";

serviceConfig = mkMerge [
baseServiceConfig
{
MemoryDenyWriteExecute = false;
User =
if cfg.args.user != null
then cfg.args.user
else user;
StateDirectory = user;
ExecStartPre = "${cfg.package}/bin/nimbus_beacon_node trustedNodeSync ${checkpointSyncArgs}";
ExecStartPre = lib.mkBefore [
'' ${pkgs.coreutils-full}/bin/cp --no-preserve=all --update=none \
/proc/sys/kernel/random/uuid ${data-dir}/${cfg.args.keymanager.token-file}''
"${cfg.package}/bin/nimbus_beacon_node trustedNodeSync ${checkpointSyncArgs}"
];
ExecStart = "${cfg.package}/bin/nimbus_beacon_node ${scriptArgs}";
}
baseServiceConfig
(mkIf (cfg.args.jwt-secret != null) {
LoadCredential = ["jwt-secret:${cfg.args.jwt-secret}"];
})
Expand Down

0 comments on commit 7f9a576

Please sign in to comment.