From fc599096b44a725d77dfd3b971b784a48a18e8b2 Mon Sep 17 00:00:00 2001 From: Jake Hillion Date: Thu, 8 Feb 2024 21:30:20 +0000 Subject: [PATCH] chia: migrate to docker Chia was pulled from the nixpkgs tree (https://github.com/NixOS/nixpkgs/pull/270254) and the alternative provided, `chia.nix`, still hasn't landed v2 (https://github.com/0xbbjubjub/chia.nix). Switch to a more stable container release even if it's heavier than a nixpkg. Hopefully at some point in the future the Nix build will stabilise. Latest docker package selected from https://github.com/Chia-Network/chia-docker/pkgs/container/chia - electing to do update this manually for determinism. --- flake.lock | 17 ----- flake.nix | 3 +- .../default.nix | 1 - .../hardware-configuration.nix | 18 ++--- modules/chia.nix | 76 +++++-------------- modules/ids.nix | 2 + 6 files changed, 30 insertions(+), 87 deletions(-) diff --git a/flake.lock b/flake.lock index cd68914..a996ab4 100644 --- a/flake.lock +++ b/flake.lock @@ -137,22 +137,6 @@ "type": "github" } }, - "nixpkgs-chia": { - "locked": { - "lastModified": 1685960109, - "narHash": "sha256-uTuKV5ua048dIGdaC+lexSUK/9A/X4la4BEJXODZm9U=", - "owner": "lourkeur", - "repo": "nixpkgs", - "rev": "e2b683787475d344892bddea9ab413dc611b894e", - "type": "github" - }, - "original": { - "owner": "lourkeur", - "repo": "nixpkgs", - "rev": "e2b683787475d344892bddea9ab413dc611b894e", - "type": "github" - } - }, "nixpkgs-unstable": { "locked": { "lastModified": 1705316053, @@ -176,7 +160,6 @@ "home-manager": "home-manager_2", "impermanence": "impermanence", "nixpkgs": "nixpkgs", - "nixpkgs-chia": "nixpkgs-chia", "nixpkgs-unstable": "nixpkgs-unstable" } }, diff --git a/flake.nix b/flake.nix index b84e051..12fefeb 100644 --- a/flake.nix +++ b/flake.nix @@ -2,7 +2,6 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs-chia.url = "github:lourkeur/nixpkgs?rev=e2b683787475d344892bddea9ab413dc611b894e"; flake-utils.url = "github:numtide/flake-utils"; @@ -17,7 +16,7 @@ description = "Hillion Nix flake"; - outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-chia, flake-utils, agenix, home-manager, impermanence, ... }@inputs: { + outputs = { self, nixpkgs, nixpkgs-unstable, flake-utils, agenix, home-manager, impermanence, ... }@inputs: { nixosConfigurations = let fqdns = builtins.attrNames (builtins.readDir ./hosts); diff --git a/hosts/tywin.storage.ts.hillion.co.uk/default.nix b/hosts/tywin.storage.ts.hillion.co.uk/default.nix index d7651cb..969186b 100644 --- a/hosts/tywin.storage.ts.hillion.co.uk/default.nix +++ b/hosts/tywin.storage.ts.hillion.co.uk/default.nix @@ -183,7 +183,6 @@ enable = true; openFirewall = true; keyFile = config.age.secrets."chia/farmer.key".path; - targetAddress = "xch1tl87mjd9zpugs7qy2ysc3j4qlftqlyjn037jywq6v2y4kp22g74qahn6sw"; plotDirectories = builtins.genList (i: "/mnt/d${toString i}/plots/contract-k32") 7; }; diff --git a/hosts/tywin.storage.ts.hillion.co.uk/hardware-configuration.nix b/hosts/tywin.storage.ts.hillion.co.uk/hardware-configuration.nix index b7f8469..589d66e 100644 --- a/hosts/tywin.storage.ts.hillion.co.uk/hardware-configuration.nix +++ b/hosts/tywin.storage.ts.hillion.co.uk/hardware-configuration.nix @@ -26,43 +26,37 @@ fsType = "vfat"; }; - # fileSystems."/mnt/d0" = - # { - # device = "/dev/disk/by-uuid/b424c997-4be6-42f3-965a-f5b3573a9cb3"; - # fsType = "btrfs"; - # }; - - fileSystems."/mnt/d1" = + fileSystems."/mnt/d0" = { device = "/dev/disk/by-uuid/9136434d-d883-4118-bd01-903f720e5ce1"; fsType = "btrfs"; }; - fileSystems."/mnt/d2" = + fileSystems."/mnt/d1" = { device = "/dev/disk/by-uuid/a55d164e-b48e-4a4e-b073-d0768662d3d0"; fsType = "btrfs"; }; - fileSystems."/mnt/d3" = + fileSystems."/mnt/d2" = { device = "/dev/disk/by-uuid/82b82c66-e6e6-4b76-a5ef-8adea33dbe18"; fsType = "btrfs"; }; - fileSystems."/mnt/d4" = + fileSystems."/mnt/d3" = { device = "/dev/disk/by-uuid/6566588a-9399-4b35-a18c-060de0ee8431"; fsType = "btrfs"; }; - fileSystems."/mnt/d5" = + fileSystems."/mnt/d4" = { device = "/dev/disk/by-uuid/850ce5db-4245-428a-a66d-2647abf62a4c"; fsType = "btrfs"; }; - fileSystems."/mnt/d6" = + fileSystems."/mnt/d5" = { device = "/dev/disk/by-uuid/78bc5c57-d554-43c5-9a84-14e3dc52b1b3"; fsType = "btrfs"; diff --git a/modules/chia.nix b/modules/chia.nix index 6d660e8..d5e739c 100644 --- a/modules/chia.nix +++ b/modules/chia.nix @@ -1,17 +1,12 @@ -{ config, pkgs, lib, nixpkgs-chia, ... }: +{ config, pkgs, lib, ... }: let cfg = config.custom.chia; - chia = nixpkgs-chia.legacyPackages.x86_64-linux.chia; ctl = pkgs.writeScriptBin "chiactl" '' #! ${pkgs.runtimeShell} - sudo=exec - if [[ "$USER" != chia ]]; then - sudo='exec /run/wrappers/bin/sudo -u chia' - fi - - $sudo ${chia}/bin/chia "$@" + set -e + sudo ${pkgs.podman}/bin/podman exec chia chia "$@" ''; in { @@ -26,14 +21,6 @@ in type = with lib.types; nullOr str; default = null; }; - keyLabel = lib.mkOption { - type = lib.types.str; - default = "default"; - }; - targetAddress = lib.mkOption { - type = with lib.types; nullOr str; - default = null; - }; plotDirectories = lib.mkOption { type = with lib.types; nullOr (listOf str); default = null; @@ -47,52 +34,31 @@ in config = lib.mkIf cfg.enable { environment.systemPackages = [ ctl ]; - users.groups.chia = { }; + users.groups.chia = { + gid = config.ids.gids.chia; + }; users.users.chia = { home = cfg.path; createHome = true; isSystemUser = true; group = "chia"; + uid = config.ids.uids.chia; }; - systemd.services.chia = { - description = "Chia daemon."; - wantedBy = [ "multi-user.target" ]; - - preStart = lib.strings.concatStringsSep "\n" ([ "${chia}/bin/chia init" ] - ++ (if cfg.keyFile == null then [ ] else [ "${chia}/bin/chia keys add -f ${cfg.keyFile} -l '${cfg.keyLabel}'" ]) - ++ (if cfg.targetAddress == null then [ ] else [ - '' - ${pkgs.yq-go}/bin/yq e \ - '.farmer.xch_target_address = "${cfg.targetAddress}" | .pool.xch_target_address = "${cfg.targetAddress}"' \ - -i ${cfg.path}/.chia/mainnet/config/config.yaml - '' - ]) ++ (if cfg.plotDirectories == null then [ ] else [ - '' - ${pkgs.yq-go}/bin/yq e \ - '.harvester.plot_directories = [${lib.strings.concatMapStringsSep "," (x: "\"" + x + "\"") cfg.plotDirectories}]' \ - -i ${cfg.path}/.chia/mainnet/config/config.yaml - '' - ])); - script = "${chia}/bin/chia start farmer"; - preStop = "${chia}/bin/chia stop -d farmer"; - - serviceConfig = { - Type = "forking"; - - User = "chia"; - Group = "chia"; - - WorkingDirectory = cfg.path; - - Restart = "always"; - RestartSec = 10; - TimeoutStopSec = 120; - OOMScoreAdjust = 1000; - - Nice = 2; - IOSchedulingClass = "best-effort"; - IOSchedulingPriority = 7; + virtualisation.oci-containers.containers.chia = { + image = "ghcr.io/chia-network/chia:2.1.4"; + ports = [ "8444" ]; + extraOptions = [ + "--uidmap=0:${toString config.users.users.chia.uid}:1" + "--gidmap=0:${toString config.users.groups.chia.gid}:1" + ]; + volumes = [ + "${cfg.keyFile}:/run/keyfile" + "${cfg.path}/.chia:/root/.chia" + ] ++ lib.lists.imap0 (i: v: "${v}:/plots${toString i}") cfg.plotDirectories; + environment = { + keys = "/run/keyfile"; + plots_dir = lib.strings.concatImapStringsSep ":" (i: v: "/plots${toString i}") cfg.plotDirectories; }; }; diff --git a/modules/ids.nix b/modules/ids.nix index cbf39ff..92d1d4a 100644 --- a/modules/ids.nix +++ b/modules/ids.nix @@ -5,6 +5,7 @@ ids.uids = { ## Defined System Users (see https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix) unifi = 183; + chia = 185; ## Consistent People jake = 1000; @@ -13,6 +14,7 @@ ids.gids = { ## Defined System Groups (see https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/misc/ids.nix) unifi = 183; + chia = 185; ## Consistent Groups mediaaccess = 1200;