nimbus: Init module.

Author: catwith1hat

modules/default.nix

@@ -19,6 +19,7 @@
       ./prysm-validator
       ./restore
       ./reth
+      ./nimbus
     ];
   };
 }

modules/nimbus/args.nix

@@ -0,0 +1,16 @@
+lib:
+with lib; {
+  port = mkOption {
+    type = types.int;
+    description = "Port to open";
+  };
+  network = mkOption {
+    type = types.str;
+    description = "Network";
+  };
+  jwtsecret = mkOption {
+    type = types.nullOr types.str;
+    default = null;
+    description = "Path to the token that ensures safe connection between CL and EL.";
+  };
+}

modules/nimbus/default.nix

@@ -0,0 +1,79 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit
+    (builtins)
+    toString
+    ;
+  inherit
+    (lib)
+    filterAttrs
+    flatten
+    mapAttrs'
+    mapAttrsToList
+    mkIf
+    mkMerge
+    nameValuePair
+    zipAttrsWith
+    ;
+
+  modulesLib = import ../lib.nix lib;
+  inherit (modulesLib) baseServiceConfig;
+
+  eachNimbus = config.services.ethereum.nimbus;
+in {
+  ###### interface
+  inherit (import ./options.nix {inherit lib pkgs;}) options;
+
+  ###### implementation
+
+  config = mkIf (eachNimbus != {}) {
+    # configure the firewall for each service
+    networking.firewall = let
+      openFirewall = filterAttrs (_: cfg: cfg.openFirewall) eachNimbus;
+      perService =
+        mapAttrsToList
+        (
+          _: cfg:
+            with cfg.args; {
+              allowedUDPPorts = [port];
+              allowedTCPPorts = [port];
+            }
+        )
+        openFirewall;
+    in
+      zipAttrsWith (_name: flatten) perService;
+
+    # create a service for each instance
+    systemd.services =
+      mapAttrs' (
+        nimbusName: let
+          serviceName = "nimbus-${nimbusName}";
+        in
+          cfg:
+            nameValuePair serviceName (mkIf cfg.enable {
+              after = ["network.target"];
+              wantedBy = ["multi-user.target"];
+              description = "Nimbus Node (${nimbusName})";
+
+              # create service config by merging with the base config
+              serviceConfig = mkMerge [
+                baseServiceConfig
+                {
+                  User =
+                    if cfg.user != null
+                    then cfg.user
+                    else serviceName;
+                  StateDirectory = serviceName;
+                  ExecStart = "${cfg.package}/bin/nimbus_beacon_node --tcp-port=${builtins.toString cfg.args.port} --network=${cfg.args.network} --jwt-secret=${cfg.args.jwtsecret} --udp-port=${builtins.toString cfg.args.port} ${lib.escapeShellArgs cfg.extraArgs}";
+                  MemoryDenyWriteExecute = "false";
+                }
+              ];
+            })
+      )
+      eachNimbus;
+  };
+}

modules/nimbus/options.nix

@@ -0,0 +1,46 @@
+{
+  lib,
+  pkgs,
+  ...
+}: let
+  args = import ./args.nix lib;
+
+  nimbusOpts = with lib; {
+    options = {
+      enable = mkEnableOption "Nimbus Ethereum Node.";
+
+      package = mkOption {
+        type = types.package;
+        default = pkgs.nimbus;
+        defaultText = literalExpression "pkgs.nimbus";
+        description = "Package to use as Nimbus.";
+      };
+
+      inherit args;
+
+      extraArgs = mkOption {
+        type = types.listOf types.str;
+        description = "Additional arguments to pass to Nimbus.";
+        default = [];
+      };
+
+      user = mkOption {
+        type = types.nullOr types.str;
+        description = "Service user";
+      };
+
+      openFirewall = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Open ports in the firewall for any enabled networking services";
+      };
+    };
+  };
+in {
+  options.services.ethereum.nimbus = with lib;
+    mkOption {
+      type = types.attrsOf (types.submodule nimbusOpts);
+      default = {};
+      description = "Specification of one or more Nimbus instances.";
+    };
+}