Cardano Ada Stake operator infra
- Nix
- QEMU
- SOPS (sops-nix)
- Impermanence (nix-community/impermanence)
- Setup shared folder
sudo mkdir -p /usr/share/ada-valley
sudo chmod -R 777 /usr/share/ada-valley
- Setup your password
# Generate your age key!
nix-shell -p age --run "age-keygen -o /usr/share/ada-valley/age-password.key"
> Public key: age1fxrjjr86wcvypgkhgq63rz0uv04c6ss0glqyxh4w88a4gdfv5sys2s6vmk
# ^ Append your public in .sops.yaml like this:
# - &admin_$your_name age1fxrjjr86wcvypgkhgq63rz0uv04c6ss0glqyxh4w88a4gdfv5sys2s6vmk1.a Encrypting the keys file
If you add a new host to your .sops.yaml file, you will need to update the keys for all secrets that are used by the new host. This can be done like so:
nix-shell -p sops --run "export SOPS_AGE_KEY_FILE=/usr/share/ada-valley/age-password.key; sops updatekeys ./secrets/keys.enc.yaml"1.b Only the first time, Open the file and add the required keys:
# ex. alice-password: $(mkpasswd -m sha-512 $YOUR_SECRET_PASSWORD > ./secrets/alice-password.hash)
nix-shell -p sops --run "export SOPS_AGE_KEY_FILE=/usr/share/ada-valley/age-password.key; sops ./secrets/keys.enc.yaml"1.c In case you need to decrypt the file:
nix-shell -p sops --run "export SOPS_AGE_KEY_FILE=/usr/share/ada-valley/age-password.key; sops -d ./secrets/keys.enc.yaml"- A) Create your network bridge (linux)
Look at your network interfaces and create a bridge for the VM
ip -br a # Look for something like "enpXs0"sudo ip link add br0 type bridge
sudo ip link set dev br0 up
sudo ip link set $YOUR_NETWORK_INTERFACE master br0
modprobe tun tap
sudo ip tuntap add dev tap0 mode tap
sudo ip link set tap0 master br0
sudo ip link set tap0 up- B) Create you network bridge on nix
At your /etc/nixos/configuration.nix
networking.networkmanager.unmanaged = [ "$YOUR_ETHERNET_NETWORK_INTERFACE"];
systemd.network.enable = true;
systemd.network.netdevs = {
"42-br0" = {
netdevConfig.Kind = "bridge";
netdevConfig.Name = "br0";
};
"43-tap0" = {
netdevConfig.Kind = "tap";
netdevConfig.Name = "tap0";
};
};
systemd.network.networks = {
"44-br0" = {
matchConfig.Name = "br0";
networkConfig.DHCP = "yes";
};
"45-tap0" = {
matchConfig.Name = "tap0";
networkConfig.Bridge = "br0";
};
"46-$YOUR_ETHERNET_NETWORK_INTERFACE" = {
matchConfig.Name = "$YOUR_ETHERNET_NETWORK_INTERFACE";
networkConfig.Bridge = "br0";
};
};
^ Ref. https://nixos.wiki/wiki/Systemd-networkd
# Useful for monitoring the network
networkctl
ip -br a- Creating a QEMU based virtual machine from a NixOS configuration
# The old way:
# nix-build '<nixpkgs/nixos>' -A vm -I nixpkgs=channel:nixos-24.11 -I nixos-config=./configuration.nix
# with flakes:
nix build .#nixosConfigurations.nixos-vm.config.system.build.vm- Running the virtual machine
QEMU_KERNEL_PARAMS=console=ttyS0 ./result/bin/run-nixos-vm -nographic -fsdev local,id=fsdev0,path=/usr/share/ada-valley,security_model=none -device virtio-9p-pci,fsdev=fsdev0,mount_tag=hostshared -netdev tap,id=net0,ifname=tap0,script=no,downscript=no -device virtio-net-pci,netdev=net0 -m 8192;TODO: Make this a systemd service? Experiments:
# Run the node
cardano-node run \
--topology /etc/cardano-configs-testnet-preview/topology.json \
--database-path /persistent/usr/share/ada-valley/cardano-db \
--socket-path /persistent/usr/share/ada-valley/cardano-db/node.socket \
--host-addr 192.168.100.78 \
--port 3001 \
--config /etc/cardano-configs-testnet-preview/config.json
# Check sync progress
cardano-cli query tip --testnet-magic 2 --socket-path /usr/share/ada-valley/cardano-db/node.socket
{
"block": 11137,
"epoch": 2,
"era": "Alonzo",
"hash": "924756fb4b3e974525966982b8cbbdd71c6b2bebd4c1e7e2c783647bcb7071de",
"slot": 221974,
"slotInEpoch": 49174,
"slotsToEpochEnd": 37226,
"syncProgress": "0.28"
}
- A) Run inside/outside the VM
# Log-in by using alice credentials
[alice@nixos:~]$ sudo poweroff- B) Use ssh to enter the VM
# Make sure you are not connected to your wifi network. You need to be connected to the ethernet network.
ssh alice@VM_IP
- Delete this file when you change the configuration
rm nixos.qcow2
# In case you enter the VM using ssh, you will need to remove the ssh keys
ssh-keygen -R VM_IP -f /home/$YOUR_USER/.ssh/known_hosts- Run step 2 from Development section again!
nixos-generate-config --dir ./Ref. https://nix.dev/tutorials/nixos/nixos-configuration-on-vm.html