Use cardano-node systemd service independently of cardano-wallet.

cardano-foundation / cardano-wallet

HTTP server & command-line for managing UTxOs and HD wallets in Cardano.

Apache License 2.0

760 stars 211 forks source link

Use cardano-node systemd service independently of cardano-wallet. #3179

Open locallycompact opened 2 years ago

locallycompact commented 2 years ago

The problem that you wish to solve

Hi, I'd like a version of the cardano-wallet systemd service that does not override the cardano node package. I can currently override it by doing something like this:

 cardano-wallet-module = { pkgs, ... }: {
            imports = ["${cardano-wallet}/nix/nixos/cardano-wallet-service.nix"];
       };

But then I get this error

Mar 17 17:12:18 aiur cardano-wallet[496055]: cardano-wallet: ExceptionInLinkedThread (ThreadId 16) Network.Socket.connect: <socket: 20>: permission denied (Permission denied)

Description

As above

Implementation suggestions

No response

rvl commented 2 years ago

Hello @locallycompact, that error message probably means that the cardano-wallet service user doesn't have write permission on the cardano-node socket file.

I don't think that the cardano-node package is overridden in cardano-wallet.nixosModule - is it?

locallycompact commented 2 years ago

I don't really know what it's doing https://github.com/input-output-hk/cardano-wallet/blob/master/flake.nix#L76

In any case, I made a new set of systemd services that force everything to be owned by the same user. https://github.com/cardano-system/cardano-system

rvl commented 2 years ago

Yeah that line of flake.nix looks like a bug to me.

It looks like DynamicUser in our systemd service causes difficulties with permissions. We should just have a services.cardano-wallet.user option as you have done.

mgajda commented 2 years ago

@locallycompact Would such service support multiple cardano-wallets for different users on a single machine?

marijanp commented 2 years ago

I can't make cardano-ogmios work with cardano-node because cardano-node opens up a socket which has read-only permissions while cardano-ogmios needs write permissions additionally. And since none of both services offer a way to change the group I have to manually change permissions for the socket

marijanp commented 2 years ago

Thanks to Nix I was able to figure out the following workaround This is what I have to do:

services.cardano-node = {
  enable = true;
  nodeConfigFile = "${self.inputs.cardano-node}/configuration/cardano/${config.services.cardano-node.environment}-config.json";
  topology = "${self.inputs.cardano-node}/configuration/cardano/${config.services.cardano-node.environment}-topology.json";
  extraServiceConfig = i: {
    serviceConfig.ExecStartPost = pkgs.writeShellScript "change-cardano-node-socket-permissions" ''
      timeout=10

      while [ ! -S ${config.services.cardano-node.socketPath} ]; do
        if [ "$timeout" == 0 ]; then
          echo "ERROR: Timeout while waiting for the cardano-node socket to appear ${config.services.cardano-node.socketPath}"
          exit 1
        fi

        sleep 1

        ((timeout--))
      done

      chmod 0666 ${config.services.cardano-node.socketPath}
    '';
  };
};