{% set tpl = ix_lib.base.render.Render(values) %} {% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %} {% set perm_config = {"uid": values.consts.run_as_user, "gid": values.consts.run_as_group, "mode": "check"} %} {% set monerod = tpl.add_container(values.consts.monerod_container_name, "image") %} {% do monerod.set_user(values.consts.run_as_user, values.consts.run_as_group) %} {% do monerod.healthcheck.set_test("netcat", {"port": values.network.monerod_restricted_rpc_port.port_number}) %} {% for flag in values.monero.additional_flags %} {% for reserved_flag in values.consts.reserved_flags %} {% if flag.startswith(reserved_flag) %} {% do tpl.funcs.fail("Flag [%s] is reserved and cannot be set." | format(flag)) %} {% endif %} {% endfor %} {% endfor %} {# This way we get rid of fixuid #} {% do monerod.set_entrypoint(["monerod", "--non-interactive"]) %} {% set commands = namespace(x=[ "--rpc-bind-ip=%s" | format("0.0.0.0" if values.network.monerod_rpc_port.bind_mode else "127.0.0.1"), "--rpc-bind-port=%d" | format(values.network.monerod_rpc_port.port_number), "--rpc-restricted-bind-ip=0.0.0.0", "--rpc-restricted-bind-port=%d" | format(values.network.monerod_restricted_rpc_port.port_number), "--p2p-bind-port=%d" | format(values.network.monerod_p2p_port.port_number), "--no-igd", ]) %} {% if values.monero.pruned %} {% do commands.x.append("--prune-blockchain") %} {% endif %} {% if values.monero.publicly_available %} {% do commands.x.append("--public-node") %} {% else %} {% do commands.x.append("--hide-my-port") %} {% endif %} {% if values.monero.publicly_available or values.network.monerod_rpc_port.bind_mode %} {% do commands.x.append("--confirm-external-bind") %} {% endif %} {% if values.monero.dns_blocklist %} {% do commands.x.append("--enable-dns-blocklist") %} {% endif %} {% for flag in values.monero.additional_flags %} {% do commands.x.append(flag) %} {% endfor %} {% if values.monero.ipv6_enabled %} {% do commands.x.append("--p2p-use-ipv6") %} {% do commands.x.append("--rpc-use-ipv6") %} {% do commands.x.append("--rpc-restricted-bind-ipv6-address=::") %} {% endif %} {% if values.monero.tor_connections_enabled %} {% do commands.x.append("--tx-proxy=tor,%s:%d,16" | format(values.monero.tor_ip, values.monero.tor_port)) %} {% if values.monero.routing == "tor" %} {% do commands.x.append("--proxy=%s:%d" | format(values.monero.tor_ip, values.monero.tor_port)) %} {% do commands.x.append("--p2p-bind-ip=%s" | format(values.monero.tor_ip)) %} {% endif %} {% endif %} {% if values.monero.tor_inbound_connections_enabled and values.network.tor_inbound_port.bind_mode %} {% do commands.x.append("--anonymous-inbound=%s,0.0.0.0:%d" | format( values.monero.tor_inbound_address, values.network.tor_inbound_port.port_number )) %} {% endif %} {% if values.monero.i2p_connections_enabled %} {% do commands.x.append("--tx-proxy=i2p,%s:%d,16" | format(values.monero.i2p_ip, values.monero.i2p_port)) %} {% endif %} {% if values.monero.i2p_inbound_connections_enabled and values.network.i2p_inbound_port.bind_mode %} {% do commands.x.append("--anonymous-inbound=%s,0.0.0.0:%d" | format( values.monero.i2p_inbound_address, values.network.i2p_inbound_port.port_number )) %} {% endif %} {% if values.monero.tor_connections_enabled or values.monero.i2p_connections_enabled %} {% do commands.x.append("--pad-transactions") %} {% endif %} {% if values.network.monerod_zmq_rpc_port.bind_mode %} {% do commands.x.append("--zmq-rpc-bind-ip=0.0.0.0") %} {% do commands.x.append("--zmq-rpc-bind-port=%d" | format(values.network.monerod_zmq_rpc_port.port_number)) %} {% endif %} {% if values.network.monerod_zmq_pub_port.bind_mode %} {% do commands.x.append("--zmq-pub=tcp://0.0.0.0:%d" | format(values.network.monerod_zmq_pub_port.port_number)) %} {% endif %} {% if not values.network.monerod_zmq_rpc_port.bind_mode and not values.network.monerod_zmq_pub_port.bind_mode %} {% do commands.x.append("--no-zmq") %} {% endif %} {% do monerod.set_command(commands.x) %} {% for store in values.storage.additional_storage %} {% do monerod.add_storage(store.mount_path, store) %} {% do perm_container.add_or_skip_action(store.mount_path, store, perm_config) %} {% endfor %} {% do monerod.add_storage("/home/monero/.bitmonero", values.storage.bitmonero) %} {% do perm_container.add_or_skip_action("bitmonero", values.storage.bitmonero, perm_config) %} {% if not values.network.host_network %} {% do monerod.add_port(values.network.monerod_p2p_port) %} {% do monerod.add_port(values.network.monerod_rpc_port) %} {% do monerod.add_port(values.network.monerod_restricted_rpc_port) %} {% do monerod.add_port(values.network.monerod_zmq_rpc_port) %} {% do monerod.add_port(values.network.tor_inbound_port) %} {% do monerod.add_port(values.network.i2p_inbound_port) %} {% endif %} {% if perm_container.has_actions() %} {% do perm_container.activate() %} {% do monerod.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %} {% endif %} {{ tpl.render() | tojson }}