2019-04-29 13:39:25 -07:00
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
|
|
|
|
with lib;
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.services.hardware-wallets;
|
|
|
|
dataDir = "/var/lib/hardware-wallets/";
|
|
|
|
enabled = cfg.ledger || cfg.trezor;
|
|
|
|
in {
|
|
|
|
options.services.hardware-wallets = {
|
|
|
|
ledger = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
description = ''
|
|
|
|
If enabled, the ledger udev rules will be installed.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
trezor = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = false;
|
|
|
|
description = ''
|
|
|
|
If enabled, the trezor udev rules will be installed.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
group = mkOption {
|
2019-10-15 00:37:32 -07:00
|
|
|
type = types.str;
|
2019-04-29 13:39:25 -07:00
|
|
|
default = "hardware-wallets";
|
|
|
|
description = ''
|
|
|
|
Group the hardware wallet udev rules apply to.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
config = mkMerge [
|
2020-04-07 13:47:45 -07:00
|
|
|
(mkIf (cfg.ledger || cfg.trezor) {
|
2020-06-15 03:34:11 -07:00
|
|
|
assertions = [
|
|
|
|
{ assertion = (config.services.bitcoind.disablewallet == null || !config.services.bitcoind.disablewallet);
|
|
|
|
message = ''
|
|
|
|
Hardware-Wallets are not compatible with bitcoind.disablewallet.
|
|
|
|
Note that this option is active when enabling electrs.high-memory.
|
|
|
|
'';
|
|
|
|
}
|
|
|
|
];
|
|
|
|
|
2020-04-07 13:47:45 -07:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
nix-bitcoin.hwi
|
|
|
|
# Provides lsusb for debugging
|
|
|
|
usbutils
|
|
|
|
];
|
2019-04-29 13:39:25 -07:00
|
|
|
users.groups."${cfg.group}" = {};
|
2020-09-28 04:09:03 -07:00
|
|
|
nix-bitcoin.operator.groups = [ cfg.group ];
|
2020-04-07 13:47:45 -07:00
|
|
|
})
|
2019-04-29 13:39:25 -07:00
|
|
|
(mkIf cfg.ledger {
|
2020-04-07 13:47:45 -07:00
|
|
|
|
2019-04-29 13:39:25 -07:00
|
|
|
# Ledger Nano S according to https://github.com/LedgerHQ/udev-rules/blob/master/add_udev_rules.sh
|
|
|
|
# Don't use rules from nixpkgs because we want to use our own group.
|
|
|
|
services.udev.packages = lib.singleton (pkgs.writeTextFile {
|
|
|
|
name = "ledger-udev-rules";
|
|
|
|
destination = "/etc/udev/rules.d/20-ledger.rules";
|
|
|
|
text = ''
|
|
|
|
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2c97", ATTRS{idProduct}=="0001", MODE="0660", GROUP="${cfg.group}"
|
|
|
|
'';
|
|
|
|
});
|
|
|
|
})
|
|
|
|
(mkIf cfg.trezor {
|
2020-04-07 13:47:45 -07:00
|
|
|
environment.systemPackages = [ pkgs.python3.pkgs.trezor ];
|
2019-04-29 13:39:25 -07:00
|
|
|
# Don't use rules from nixpkgs because we want to use our own group.
|
|
|
|
services.udev.packages = lib.singleton (pkgs.writeTextFile {
|
|
|
|
name = "trezord-udev-rules";
|
|
|
|
destination = "/etc/udev/rules.d/52-trezor.rules";
|
|
|
|
text = ''
|
|
|
|
# TREZOR v1 (One)
|
|
|
|
SUBSYSTEM=="usb", ATTR{idVendor}=="534c", ATTR{idProduct}=="0001", MODE="0660", GROUP="${cfg.group}", TAG+="uaccess", SYMLINK+="trezor%n"
|
|
|
|
KERNEL=="hidraw*", ATTRS{idVendor}=="534c", ATTRS{idProduct}=="0001", MODE="0660", GROUP="${cfg.group}", TAG+="uaccess"
|
|
|
|
|
|
|
|
# TREZOR v2 (T)
|
|
|
|
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c0", MODE="0660", GROUP="${cfg.group}", TAG+="uaccess", SYMLINK+="trezor%n"
|
|
|
|
SUBSYSTEM=="usb", ATTR{idVendor}=="1209", ATTR{idProduct}=="53c1", MODE="0660", GROUP="${cfg.group}", TAG+="uaccess", SYMLINK+="trezor%n"
|
|
|
|
KERNEL=="hidraw*", ATTRS{idVendor}=="1209", ATTRS{idProduct}=="53c1", MODE="0660", GROUP="${cfg.group}", TAG+="uaccess"
|
|
|
|
'';
|
|
|
|
});
|
|
|
|
services.trezord.enable = true;
|
|
|
|
})
|
|
|
|
];
|
|
|
|
}
|