nix/nixos/htz/eth.nix

{ system, ethereum-nix, ...}: {
  services.ethereum.geth.mainnet = {
    enable = true;
    package = ethereum-nix.packages.${system}.geth;
    openFirewall = true;
    args = {
      http = {
        enable = false;
        api = ["net" "web3" "eth"];
      };
      authrpc.jwtsecret = "/etc/nixos/eth_jwt";
    };
  };
  services.nginx.enable = true;
    services.nginx.virtualHosts."contabo.10110110.xyz" = {
      addSSL = true;
      enableACME = true;
      root = "/var/www/fam";
    };
    security.acme = {
      acceptTerms = true;
      defaults.email = "cjriddz@protonmail.com";
    };
  networking.firewall = {
    enable = true;
    allowedTCPPorts = [80 443];
    allowedUDPPorts = [];
    logRefusedConnections = true;
  };
  services.ethereum.nimbus-beacon.mainnet = {
    enable = true;
    package = ethereum-nix.packages.${system}.nimbus;
    openFirewall = true;
    args = {
      nat = "any";
      network = "mainnet";
      jwt-secret = "/etc/nixos/eth_jwt";
      trusted-node-url = "https://sync.invis.tools";
      el = ["http://127.0.0.1:8551"];
      listen-address = "0.0.0.0";
      tcp-port = 9000;
      udp-port = 9000;
      enr-auto-update = true;
      max-peers = "160";
      doppelganger-detection = true;
      history = "prune";
      graffiti = "yo";
      metrics = {
          enable = true;
          port = 5054;
          address = "127.0.0.1";
      };
      rest = {
          enable = true;
          port = 5052;
          address = "0.0.0.0";
          allow-origin = "*";
      };
      payload-builder = {
        enable = true;
        url = "http://localhost";
      };
      light-client-data = {
          serve = true;
          import-mode = "only-new";
          max-periods = "3";
      };
    };
  };

}