feat: add nix build

tgunnoe · Klapeyron · commit 86bac79a7382 · 2025-06-02T15:42:44.000+02:00
diff --git a/dev/nix/nixos/default.nix b/dev/nix/nixos/default.nix
@@ -0,0 +1,3 @@
+{
+  imports = import ./module-list.nix;
+}
diff --git a/dev/nix/nixos/module-list.nix b/dev/nix/nixos/module-list.nix
@@ -0,0 +1,4 @@
+
+[
+  ./partner-chains-service.nix
+]
diff --git a/dev/nix/nixos/partner-chains-service.nix b/dev/nix/nixos/partner-chains-service.nix
@@ -0,0 +1,257 @@
+# Partner Chains Node NixOS module
+{self, ...}:
+{
+  flake.nixosModules.partner-chains =
+    { config, lib, pkgs, ... }:
+
+    with lib;
+
+    let
+      cfg = config.services.partner-chains;
+    in {
+      options.services.partner-chains = {
+        enable = mkEnableOption "Partner Chains Node";
+        
+        # Common environment variables
+        environment = mkOption {
+          type = types.attrsOf types.str;
+          default = {
+            CARDANO_SECURITY_PARAMETER = "432";
+            CARDANO_ACTIVE_SLOTS_COEFF = "0.05";
+            DB_SYNC_POSTGRES_CONNECTION_STRING = "postgresql://cexplorer:password@localhost:5432/cexplorer";
+            MC__FIRST_EPOCH_TIMESTAMP_MILLIS = "1666656000000";
+            MC__EPOCH_DURATION_MILLIS = "86400000";
+            MC__SLOT_DURATION_MILLIS = "1000";
+            MC__FIRST_EPOCH_NUMBER = "0";
+            MC__FIRST_SLOT_NUMBER = "0";
+            BLOCK_STABILITY_MARGIN = "0";
+          };
+          description = "Environment variables for the partner chains node";
+        };
+        
+        # Node-specific options
+        nodeName = mkOption {
+          type = types.nullOr types.str;
+          default = null;
+          example = "alice";
+          description = "Node name flag (--alice, --bob, --charlie, etc.)";
+        };
+        
+        nodeKey = mkOption {
+          type = types.str;
+          example = "0a04cb23cff606facb13ddd43655840e9f6f32bd7b432809620d461596e188e9";
+          description = "Node key for identification";
+        };
+        
+        chainSpecPath = mkOption {
+          type = types.path;
+          default = "/var/lib/partner-chains/chain-spec.json";
+          description = "Path to the chain specification file";
+        };
+        
+        keystorePath = mkOption {
+          type = types.path;
+          default = "/var/lib/partner-chains/keystore";
+          description = "Path to the keystore directory";
+        };
+        
+        listenAddr = mkOption {
+          type = types.str;
+          default = "/ip4/0.0.0.0/tcp/30333";
+          description = "Address to listen on";
+        };
+        
+        prometheusPort = mkOption {
+          type = types.int;
+          default = 9615;
+          description = "Prometheus metrics port";
+        };
+        
+        rpcPort = mkOption {
+          type = types.int;
+          default = 9944;
+          description = "RPC server port";
+        };
+        
+        logLevel = mkOption {
+          type = types.str;
+          default = "runtime=debug";
+          description = "Log level configuration";
+        };
+        
+        reservedNodes = mkOption {
+          type = types.listOf types.str;
+          default = [];
+          example = ["/dns/dave.node.sc.iog.io/tcp/30333/p2p/12D3KooWH4LhgJDUbYbXsksQef4jTpDjA64ecUBjBVJprNzF64hE"];
+          description = "List of reserved nodes";
+        };
+        
+        bootNodes = mkOption {
+          type = types.listOf types.str;
+          default = [];
+          example = ["/dns/eve.node.sc.iog.io/tcp/30333/p2p/12D3KooWN3YiYbk9nMZJ2VG7uk9iKfFWb1Kwrj7PoMdadfnAsRJm"];
+          description = "List of boot nodes";
+        };
+        
+        extraArgs = mkOption {
+          type = types.listOf types.str;
+          default = [];
+          example = ["--rpc-methods=unsafe" "--rpc-max-connections" "1000"];
+          description = "Additional command line arguments";
+        };
+        
+        enableRpc = mkOption {
+          type = types.bool;
+          default = false;
+          description = "Enable RPC server";
+        };
+        
+        rpcCors = mkOption {
+          type = types.str;
+          default = "all";
+          description = "RPC CORS setting";
+        };
+        
+        blockBeneficiary = mkOption {
+          type = types.str;
+          example = "0a04cb23cff606facb13ddd43655840e9f6f32bd7b432809620d461596e188e9";
+          description = "Sidechain block beneficiary address";
+        };
+        
+        package = mkOption {
+          type = types.package;
+          default = pkgs.partner-chains.packages.x86_64-linux.partner-chains;
+          description = "The partner-chains package to use";
+        };
+        
+        # New options
+        enableValidator = mkOption {
+          type = types.bool;
+          default = false;
+          description = "Enable validator mode";
+        };
+        
+        pruning = mkOption {
+          type = types.enum [ "default" "archive" ];
+          default = "default";
+          description = "Pruning mode for the blockchain data";
+        };
+      };
+
+      config = mkIf cfg.enable {
+        systemd.services.partner-chains = {
+          description = "Partner Chains Node";
+          wantedBy = [ "multi-user.target" ];
+          after = [ "network.target" ];
+          
+          # Combine the default environment with any overrides
+          environment = cfg.environment // {
+            SIDECHAIN_BLOCK_BENEFICIARY = cfg.blockBeneficiary;
+          };
+          
+          preStart = ''
+            # Ensure directories exist
+            mkdir -p ${dirOf cfg.chainSpecPath}
+            mkdir -p ${cfg.keystorePath}
+            
+            # Create a default chain spec if it doesn't exist
+            if [ ! -f "${cfg.chainSpecPath}" ]; then
+              echo "Chain spec file does not exist at ${cfg.chainSpecPath}"
+              echo "Creating a minimal placeholder. Please ensure a proper chain spec is configured."
+              echo '{"name": "partner-chains", "id": "partner-chains"}' > ${cfg.chainSpecPath}
+            fi
+            
+            # Set proper permissions
+            chown -R partner-chains:partner-chains ${dirOf cfg.chainSpecPath}
+            chown -R partner-chains:partner-chains ${cfg.keystorePath}
+            chmod 750 ${dirOf cfg.chainSpecPath}
+            chmod 750 ${cfg.keystorePath}
+            chmod 640 ${cfg.chainSpecPath}
+            
+            # Create data directories with proper permissions
+            DATA_DIR=$(dirname ${cfg.keystorePath})
+            if [ ! -d "$DATA_DIR" ]; then
+              mkdir -p $DATA_DIR
+              chown -R partner-chains:partner-chains $DATA_DIR
+              chmod -R 750 $DATA_DIR
+            fi
+          '';
+          
+          serviceConfig = let
+            # Node name flag (--alice, --bob, etc.)
+            nodeNameFlag = if cfg.nodeName != null then "--${cfg.nodeName}" else "";
+            
+            # Reserved nodes flags
+            reservedNodesFlags = if cfg.reservedNodes != [] 
+              then ["--reserved-only"] ++ (flatten (map (node: ["--reserved-nodes" node]) cfg.reservedNodes))
+              else [];
+              
+            # Boot nodes flags
+            bootNodesFlags = flatten (map (node: ["--bootnodes" node]) cfg.bootNodes);
+            
+            # RPC flags
+            rpcFlags = if cfg.enableRpc 
+              then ["--rpc-external" "--rpc-cors=${cfg.rpcCors}" "--rpc-port" (toString cfg.rpcPort)]
+              else [];
+              
+            # Pruning flags
+            pruningFlags = if cfg.pruning == "archive" 
+              then ["--state-pruning" "archive" "--blocks-pruning" "archive"]
+              else [];
+              
+            # Combine all arguments
+            allArgs = 
+              [nodeNameFlag]
+              ++ (optional cfg.enableValidator "--validator")
+              ++ ["--node-key" cfg.nodeKey]
+              ++ ["--chain" cfg.chainSpecPath]
+              ++ reservedNodesFlags
+              ++ bootNodesFlags
+              ++ ["-llibp2p=debug"]
+              ++ ["--listen-addr" cfg.listenAddr]
+              ++ ["--keystore-path" cfg.keystorePath]
+              ++ ["--log" cfg.logLevel]
+              ++ ["--prometheus-port" (toString cfg.prometheusPort)]
+              ++ ["--prometheus-external"]
+              ++ rpcFlags
+              ++ pruningFlags
+              ++ cfg.extraArgs;
+              
+            # Filter out empty strings (from nodeNameFlag if it's empty)
+            cleanArgs = filter (arg: arg != "") allArgs;
+          in {
+            ExecStart = "${cfg.package}/bin/partner-chains-node ${concatStringsSep " " cleanArgs}";
+            
+            # Important! Create a StateDirectory for persistent storage
+            StateDirectory = "partner-chains";
+            
+            # This ensures systemd captures all stdout/stderr
+            StandardOutput = "journal";
+            StandardError = "journal";
+            
+            # Security hardening
+            User = "partner-chains";
+            Group = "partner-chains";
+            Restart = "always";
+            RestartSec = "10s";
+            LimitNOFILE = 65535;
+          };
+        };
+
+        # Create the user/group
+        users.users.partner-chains = {
+          isSystemUser = true;
+          group = "partner-chains";
+          home = "/var/lib/partner-chains";
+          createHome = true;
+        };
+        users.groups.partner-chains = {};
+        
+        # Open firewall ports
+        networking.firewall.allowedTCPPorts = [ 
+          30333 # P2P port
+          cfg.prometheusPort
+        ] ++ (optionals cfg.enableRpc [ cfg.rpcPort ]);
+      };
+    };
+} 
diff --git a/dev/nix/packages/default.nix b/dev/nix/packages/default.nix
@@ -0,0 +1,113 @@
+{
+  self,
+  inputs,
+  system,
+  ...
+}: {
+  perSystem = {
+    inputs',
+    self',
+    lib,
+    pkgs,
+    system,
+    ...
+  }: let
+    flake-compat = import inputs.flake-compat;
+    cardanoPackages = (flake-compat { src = inputs.cardano-node; }).defaultNix.packages.${system};
+    dbSyncPackages = (flake-compat { src = inputs.cardano-dbsync; }).defaultNix.packages.${system};
+    fenixPkgs = inputs'.fenix.packages;
+    rustToolchain = with fenixPkgs;
+      fromToolchainFile {
+          file = ../../../rust-toolchain.toml;
+          sha256 = "X/4ZBHO3iW0fOenQ3foEvscgAPJYl2abspaBThDOukI=";
+        };
+    customRustPlatform = pkgs.makeRustPlatform {
+      cargo = rustToolchain;
+      rustc = rustToolchain;
+    };
+
+  in {
+    packages = {
+      inherit (cardanoPackages) cardano-node cardano-cli cardano-testnet;
+      inherit (dbSyncPackages) "cardano-db-sync:exe:cardano-db-sync";
+      ogmios = pkgs.callPackage ./ogmios.nix { };
+      process-compose = pkgs.process-compose.overrideAttrs (oldAttrs: {
+        patches = [ ./pc.patch ];
+      });
+      partnerchains-stack = pkgs.callPackage ./partnerchains-stack { inherit (self'.packages) partnerchains-stack-unwrapped; };
+      partnerchains-stack-unwrapped = pkgs.callPackage ./partnerchains-stack-unwrapped { };
+      partner-chains = customRustPlatform.buildRustPackage rec {
+        pname = "partner-chains";
+        version = "1.6";
+        src = ../../../.;
+        preBuild = ''
+          export SUBSTRATE_CLI_GIT_COMMIT_HASH=${self.dirtyShortRev or self.shortRev}
+        '';
+
+        useFetchCargoVendor = true;
+        cargoHash = "sha256-y0sHdHicouV3rRw2i17kfFXKQJlFcu0rtsKXs2SNVX0=";
+        buildType = "production";
+        #buildAndTestSubdir = dir;
+        doCheck = false;
+        patches = [];
+
+        nativeBuildInputs = [
+          pkgs.pkg-config
+          pkgs.protobuf
+
+          pkgs.llvmPackages.lld
+          customRustPlatform.bindgenHook
+        ];
+        buildInputs = [
+          pkgs.rocksdb
+          pkgs.openssl
+          pkgs.libclang.lib
+        ] ++ pkgs.lib.optionals pkgs.stdenv.hostPlatform.isLinux [
+          pkgs.rust-jemalloc-sys-unprefixed
+        ] ++ pkgs.lib.optionals pkgs.stdenv.hostPlatform.isDarwin [
+          pkgs.darwin.apple_sdk.frameworks.SystemConfiguration
+          pkgs.darwin.apple_sdk.frameworks.Security
+        ];
+
+        postFixup = pkgs.lib.optionalString pkgs.stdenv.hostPlatform.isLinux ''
+          patchelf --set-rpath "${pkgs.rocksdb}/lib:${pkgs.stdenv.cc.cc.lib}/lib" $out/bin/partner-chains-demo-node
+        '';
+
+        # Force skip support check in CC crate
+        #CRATE_CC_NO_DEFAULTS = "1";
+
+        # Platform-specific features
+        RUSTFLAGS = pkgs.lib.optionalString pkgs.stdenv.hostPlatform.isDarwin
+          "--cfg unwinding_backport --cfg unwinding_apple";
+
+        # Existing environment variables
+        CC_ENABLE_DEBUG_OUTPUT = "1";
+        #CARGO_TARGET_WASM32_UNKNOWN_UNKNOWN_LINKER = "${pkgs.llvmPackages.lld}/bin/lld";
+        #RUST_SRC_PATH = "${customRustPlatform.rustLibSrc}";
+        LIBCLANG_PATH = "${pkgs.libclang.lib}/lib";
+        LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath [
+          rustToolchain
+          pkgs.stdenv.cc.cc
+          pkgs.libz
+          pkgs.clang
+        ];
+
+        # Platform-specific flags
+        CFLAGS =
+          if pkgs.lib.hasSuffix "linux" system then
+            "-DJEMALLOC_STRERROR_R_RETURNS_CHAR_WITH_GNU_SOURCE"
+          else
+            "";
+
+        PROTOC = "${pkgs.protobuf}/bin/protoc";
+        ROCKSDB_LIB_DIR = "${pkgs.rocksdb}/lib/";
+        OPENSSL_NO_VENDOR = 1;
+        OPENSSL_DIR = "${pkgs.openssl.dev}";
+        OPENSSL_INCLUDE_DIR = "${pkgs.openssl.dev}/include";
+        OPENSSL_LIB_DIR = "${pkgs.openssl.out}/lib";
+        BINDGEN_EXTRA_CLANG_ARGS = "-I${pkgs.stdenv.cc.cc}/include -std=c++17";
+
+      };
+    };
+  };
+}
diff --git a/dev/nix/shell.nix b/dev/nix/shell.nix
diff --git a/rust-toolchain.toml b/rust-toolchain.toml

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+{`
	`2`	`+ imports = import ./module-list.nix;`
	`3`	`+}`
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
++
 +[
 +  ./partner-chains-service.nix
 +]