diff --git a/common/ethereum.nix b/common/ethereum.nix new file mode 100644 index 0000000..96204d7 --- /dev/null +++ b/common/ethereum.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: +{ + sops.secrets.lighthouse_jwt = { + sopsFile = ./../secrets/${config.networking.hostName}.yaml; + }; + services.ethereum.lighthouse-beacon.mainnet = { + enable = true; + #package = pkgs.unstable.lighthouse; + args = { + execution-endpoint = "http://eth1:8551"; + execution-jwt = config.sops.secrets.lighthouse_jwt.path; + checkpoint-sync-url = "https://beaconstate.info"; + }; + }; + environment.persistence."/persist".directories = [ + "/var/lib/private/lighthouse-mainnet" + ]; +} diff --git a/flake.lock b/flake.lock index 74b2b68..8ce5351 100644 --- a/flake.lock +++ b/flake.lock @@ -22,6 +22,27 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "ethereum-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735644329, + "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", + "owner": "numtide", + "repo": "devshell", + "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -42,6 +63,35 @@ "type": "github" } }, + "ethereum-nix": { + "inputs": { + "devshell": "devshell", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts", + "flake-utils": "flake-utils", + "foundry-nix": "foundry-nix", + "nixpkgs": [ + "nixpkgs-unstable" + ], + "nixpkgs-2311": "nixpkgs-2311", + "nixpkgs-unstable": "nixpkgs-unstable", + "systems": "systems_2", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1742913606, + "narHash": "sha256-eDmExAcwv6RS2b9CgrkEa7/9KMzqbQqhDg1Ajc8cvt4=", + "owner": "nix-community", + "repo": "ethereum.nix", + "rev": "0f54517c691546927df458319f92b97464dea7a4", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "ethereum.nix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -58,7 +108,43 @@ "type": "github" } }, + "flake-compat_2": { + "locked": { + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "ethereum-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { "inputs": { "nixpkgs-lib": [ "nixvim", @@ -81,7 +167,10 @@ }, "flake-utils": { "inputs": { - "systems": "systems_2" + "systems": [ + "ethereum-nix", + "systems" + ] }, "locked": { "lastModified": 1731533236, @@ -97,6 +186,50 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "foundry-nix": { + "inputs": { + "flake-utils": [ + "ethereum-nix", + "flake-utils" + ], + "nixpkgs": [ + "ethereum-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1735981876, + "narHash": "sha256-PAyEy36HBOOwzChB7D6xKzzkHwiK9ynsRX4/0ZFspgI=", + "owner": "shazow", + "repo": "foundry.nix", + "rev": "14f071541283aa90e15efc980121a8296f70a2d3", + "type": "github" + }, + "original": { + "owner": "shazow", + "ref": "monthly", + "repo": "foundry.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -197,7 +330,39 @@ "type": "github" } }, + "nixpkgs-2311": { + "locked": { + "lastModified": 1701282334, + "narHash": "sha256-MxCVrXY6v4QmfTwIysjjaX0XUhqBbxTWWB4HXtDYsdk=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "057f9aecfb71c4437d2b27d3323df7f93c010b7e", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "23.11", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable": { + "locked": { + "lastModified": 1740019556, + "narHash": "sha256-vn285HxnnlHLWnv59Og7muqECNMS33mWLM14soFIv2g=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "dad564433178067be1fbdfcce23b546254b6d641", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable_2": { "locked": { "lastModified": 1743583204, "narHash": "sha256-F7n4+KOIfWrwoQjXrL2wD9RhFYLs2/GGe/MQY1sSdlE=", @@ -215,7 +380,7 @@ }, "nixvim": { "inputs": { - "flake-parts": "flake-parts", + "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs-unstable" ], @@ -237,7 +402,7 @@ }, "nuschtosSearch": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "ixx": "ixx", "nixpkgs": [ "nixvim", @@ -262,11 +427,12 @@ "inputs": { "deploy-rs": "deploy-rs", "disko": "disko", + "ethereum-nix": "ethereum-nix", "home-manager": "home-manager", "impermanence": "impermanence", "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs", - "nixpkgs-unstable": "nixpkgs-unstable", + "nixpkgs-unstable": "nixpkgs-unstable_2", "nixvim": "nixvim", "sops-nix": "sops-nix" } @@ -321,6 +487,42 @@ "type": "github" } }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "ethereum-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1736154270, + "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems" diff --git a/flake.nix b/flake.nix index b8eed84..dcbaf9f 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,10 @@ nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; disko.url = "github:nix-community/disko"; disko.inputs.nixpkgs.follows = "nixpkgs"; + ethereum-nix = { + url = "github:nix-community/ethereum.nix"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; + }; home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; @@ -34,9 +38,10 @@ nixpkgs-unstable, deploy-rs, disko, + ethereum-nix, home-manager, - sops-nix, impermanence, + sops-nix, ... }@inputs: let @@ -113,7 +118,10 @@ c2 = mkHMNixos "x86_64-linux" [ ./hosts/c2 ]; c3 = mkHMNixos "x86_64-linux" [ ./hosts/c3 ]; alo-cloud-1 = mkHMNixos "aarch64-linux" [ ./hosts/alo-cloud-1 ]; - zippy = mkHMNixos "x86_64-linux" [ ./hosts/zippy ]; + zippy = mkHMNixos "x86_64-linux" [ + ethereum-nix.nixosModules.default + ./hosts/zippy + ]; chilly = mkHMNixos "x86_64-linux" [ ./hosts/chilly ]; }; diff --git a/hosts/zippy/default.nix b/hosts/zippy/default.nix index 20916cd..aa045e2 100644 --- a/hosts/zippy/default.nix +++ b/hosts/zippy/default.nix @@ -5,6 +5,7 @@ ../../common/global ../../common/compute-node.nix ../../common/dev-node.nix + ../../common/ethereum.nix ./hardware.nix ]; diff --git a/secrets/common.yaml b/secrets/common.yaml index 4f39327..fffdcae 100644 --- a/secrets/common.yaml +++ b/secrets/common.yaml @@ -68,8 +68,8 @@ sops: UHZwRmc2NjNDUlJCdWN1V1dhS1RkelEKF1KiZLQvruEAfjwbW8lIyzvcCqeAMReI svl1uSaSaxPtCbnc9RA2nfo0vvCoz0a02dhr7CAy3syfQPLLZqRAIA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-11T15:54:47Z" - mac: ENC[AES256_GCM,data:GIHJcwKrRLBhTb3lj9pUza5Fyr9XcKbOMQAe+WETsyr5uHf7lNtlJOXjk1rjBIyJNUJDDnaGSUxCZ213xXIeNBJ92zN54kPheakOiLPOZN7N0YEsU6iENxsuVbQLvvDGvTY5t86DkV6vgClATKj/nqVpkPFAluh2zxLVbBeQrm0=,iv:rF8pesuNU3moerP0+wFuW02A6FYOTMyWWWWr90OB4Zc=,tag:ZXr/FAW37OynDBrGiksLLw==,type:str] + lastmodified: "2025-04-04T09:34:06Z" + mac: ENC[AES256_GCM,data:YIcRrsPparPfPaI2+MLlKsxu7M19H8nndOsrDLuh/5BXzIZNiuTIWyvxODyhI745rDwlibO+7Q0QctanhTl4+IzGaYtuY4i+rb+3dzBMpcdT2VAbtCHHxcltWeanRGFq2K3WM2tbnQCERst5kejfn0Razjq3UU5vNwfBsdJMwGc=,iv:izDxy0ufVnH8ImkZIngcYhGuj0PGpLqBD/ZDvQyE+5I=,tag:oYBUEQS52pr09h5OvOadNg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4 diff --git a/secrets/zippy.yaml b/secrets/zippy.yaml index 74438f4..c4acdef 100644 --- a/secrets/zippy.yaml +++ b/secrets/zippy.yaml @@ -1,4 +1,5 @@ kopia: ENC[AES256_GCM,data:MtzeNkkIwMnImZBx0mrpFVwkNXk=,iv:1iRQTyJgF1vEchOwFxv7qLte8lhrM+16cldUlMwyprQ=,tag:Bz/jLj9iGOgALPmvWe48pw==,type:str] +lighthouse_jwt: ENC[AES256_GCM,data:gosbFx1lpJUA4OAIVzi1lV3NhEVJNBF8Bvt6QW3+QobeNx4jrHbWKycYG9e7ig6IcePbFpirmqwhbs81FWjlSA==,iv:j2IKvWNp6+bkWta7q0PcQHNca0TMk1+5qtGJA5fULnU=,tag:Pk6IobanGpl2Fz13EsxAXg==,type:str] sops: kms: [] gcp_kms: [] @@ -23,8 +24,8 @@ sops: MzlQcFpSMTVTRXplSTN5WllsOTM4S00KRgnKz0cA/fMueZzFJ7VCs2jrQ29rn9sO kE/8FyD1YBR/+I3qUYfRvlKAKlSrI2Mb3tlRSaSw5te3Dbqh5+tN7Q== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-12T22:11:51Z" - mac: ENC[AES256_GCM,data:hlZcDq5MHF+LvWPx170QWadDFndBQ1VMNZtt6ySaLXqoetQQGDQsRCpFMd2aktwkUYVg5Opoyv+2VyvFQNjogh+j7u0mQCpTksqdJ02rgKa2zdaigpyl3wvHFbTXIx0t3aTN8ZZJBQJpo9e2b4LDJWwLi065uhspMrIjURlTwjg=,iv:NjFE6PnMjaSc/tvgqES8kbDtDI8LwPEIQU9K3wdnI8Q=,tag:BLJQAbnwwIm6CNs6BIK/tQ==,type:str] + lastmodified: "2025-04-04T09:34:11Z" + mac: ENC[AES256_GCM,data:iE8FwepvNR//w/9X1nklaoOmO5ICG5Sym/1IcKsZPJiMcdxN+T6Vrgp9+I1Fmn+y7KD06iwG8cQ2IJf7wO5KplzRyCyol8fGNsh4KiiGU52MJLOzVDC4XxcRDNpxi1abrfm7xuxt1v8iL6+FIAyxtpd5QCXIihn2XnPpZymSf0Q=,iv:qZ9jFy9mIbT3GLBtKrrgz8HhjpYz7rMviyJ1PP38y6c=,tag:y+AymYMmQRIqsziqlEoR7w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4