add SOPS, etc.

2024-04-07 17:54:27 -05:00 · 2024-04-07 17:54:27 -05:00 · 10c6af76f2
commit 10c6af76f2
parent e1f0194350
25 changed files with 435 additions and 413 deletions
--- a/nixos/htz/eth.nix
+++ b/nixos/htz/eth.nix
@ -9,8 +9,37 @@
      allowedUDPPorts = [9000 30303];
      logRefusedConnections = true;
      trustedInterfaces = ["microvm"];
+      interfaces."tailscale0".allowedTCPPorts = [5052 8545];
    };
  };
+  # virtualisation.oci-containers.containers = {
+  # besu = {
+  #   image = "hyperledger/besu:24.3-graalvm";
+  #   ports = [
+  #     "0.0.0.0:30303:30303"
+  #     "0.0.0.0:30303:30303/udp"
+  #     "100.79.221.28:8551:8551"
+  #   ];
+  #   volumes = [
+  #     "/eth1/besu:/var/lib/besu"
+  #     "/etc/nixos/eth_jwt:/var/lib/jwtsecret/jwt.hex"
+  #   ];
+  #   environment = {
+  #     JAVA_OPTS = "\"-Xmx16192m\"";
+  #   };
+  #   cmd = [
+  #     "--Xsnapsync-synchronizer-flat-db-healing-enabled=true"
+  #     "--data-path=/var/lib/besu"
+  #     "--data-storage-format=bonsai"
+  #     "--engine-jwt-secret=/var/lib/jwtsecret/jwt.hex"
+  #     "--engine-rpc-enabled"
+  #     "--engine-rpc-port=8551"
+  #     "--fast-sync-min-peers=3"
+  #     "--nat-method=docker"
+  #     "--network=mainnet"
+  #     "--sync-mode=X_SNAP"
+  #   ];
+  # };
  services.ethereum.geth.mainnet = {
    enable = true;
    package = inputs.ethereum-nix.packages.${system}.geth;
@ -18,7 +47,8 @@
    args = {
      http = {
        enable = true;
-        addr = "10.0.0.1";
+        addr = "0.0.0.0";
+        vhosts = ["htz.tailc353f.ts.net"];
      };
      authrpc.jwtsecret = "/etc/nixos/eth_jwt";
    };
@ -34,7 +64,7 @@
      enr-auto-update = true;
      rest = {
        enable = true;
-        address = "10.0.0.1";
+        address = "0.0.0.0";
      };
      light-client-data.max-periods = "3";
    };