| blob | 6f3f7af607fbf3661724a6a077564a3dc79c0e43 |
1 { config, lib, pkgs, ... }:
2 let
3 cfg = config.services.bee;
4 format = pkgs.formats.yaml {};
5 configFile = format.generate "bee.yaml" cfg.settings;
6 in {
7 meta = {
8 # doc = ./bee.xml;
9 maintainers = [ ];
10 };
12 ### interface
14 options = {
15 services.bee = {
16 enable = lib.mkEnableOption "Ethereum Swarm Bee";
18 package = lib.mkPackageOption pkgs "bee" {
19 example = "bee-unstable";
20 };
22 settings = lib.mkOption {
23 type = format.type;
24 description = ''
25 Ethereum Swarm Bee configuration. Refer to
26 <https://gateway.ethswarm.org/bzz/docs.swarm.eth/docs/installation/configuration/>
27 for details on supported values.
28 '';
29 };
31 daemonNiceLevel = lib.mkOption {
32 type = lib.types.int;
33 default = 0;
34 description = ''
35 Daemon process priority for bee.
36 0 is the default Unix process priority, 19 is the lowest.
37 '';
38 };
40 user = lib.mkOption {
41 type = lib.types.str;
42 default = "bee";
43 description = ''
44 User the bee binary should execute under.
45 '';
46 };
48 group = lib.mkOption {
49 type = lib.types.str;
50 default = "bee";
51 description = ''
52 Group the bee binary should execute under.
53 '';
54 };
55 };
56 };
58 ### implementation
60 config = lib.mkIf cfg.enable {
61 assertions = [
62 { assertion = (lib.hasAttr "password" cfg.settings) != true;
63 message = ''
64 `services.bee.settings.password` is insecure. Use `services.bee.settings.password-file` or `systemd.services.bee.serviceConfig.EnvironmentFile` instead.
65 '';
66 }
67 { assertion = (lib.hasAttr "swap-endpoint" cfg.settings) || (cfg.settings.swap-enable or true == false);
68 message = ''
69 In a swap-enabled network a working Ethereum blockchain node is required. You must specify one using `services.bee.settings.swap-endpoint`, or disable `services.bee.settings.swap-enable` = false.
70 '';
71 }
72 ];
74 services.bee.settings = {
75 data-dir = lib.mkDefault "/var/lib/bee";
76 password-file = lib.mkDefault "/var/lib/bee/password";
77 clef-signer-enable = lib.mkDefault true;
78 swap-endpoint = lib.mkDefault "https://rpc.slock.it/goerli";
79 };
81 systemd.packages = [ cfg.package ]; # include the upstream bee.service file
83 systemd.tmpfiles.rules = [
84 "d '${cfg.settings.data-dir}' 0750 ${cfg.user} ${cfg.group}"
85 ];
87 systemd.services.bee = {
88 wantedBy = [ "multi-user.target" ];
90 serviceConfig = {
91 Nice = cfg.daemonNiceLevel;
92 User = cfg.user;
93 Group = cfg.group;
94 ExecStart = [
95 "" # this hides/overrides what's in the original entry
96 "${cfg.package}/bin/bee --config=${configFile} start"
97 ];
98 };
100 preStart = with cfg.settings; ''
101 if ! test -f ${password-file}; then
102 < /dev/urandom tr -dc _A-Z-a-z-0-9 2> /dev/null | head -c32 | install -m 600 /dev/stdin ${password-file}
103 echo "Initialized ${password-file} from /dev/urandom"
104 fi
105 if [ ! -f ${data-dir}/keys/libp2p.key ]; then
106 ${cfg.package}/bin/bee init --config=${configFile} >/dev/null
107 echo "
108 Logs: journalctl -f -u bee.service
110 Bee has SWAP enabled by default and it needs ethereum endpoint to operate.
111 It is recommended to use external signer with bee.
112 Check documentation for more info:
113 - SWAP https://docs.ethswarm.org/docs/installation/manual#swap-bandwidth-incentives
115 After you finish configuration run 'sudo bee-get-addr'."
116 fi
117 '';
118 };
120 users.users = lib.optionalAttrs (cfg.user == "bee") {
121 bee = {
122 group = cfg.group;
123 home = cfg.settings.data-dir;
124 isSystemUser = true;
125 description = "Daemon user for Ethereum Swarm Bee";
126 };
127 };
129 users.groups = lib.optionalAttrs (cfg.group == "bee") {
130 bee = {};
131 };
132 };
133 }