An rpcpassword option would be nice because it's more common than rpcauth.

An rpcpassword option would be nice because it's more common than rpcauth.

@jonasnick I deliberately omitted that because that would have the plaintext password in the config file, whereas rpcauth is the HMAC-SHA-256.

once this is merged I'll open up a PR that implements multiple networks here: jb55@871b456 I'm currently using this to run both mainnet and testnet.

What was the status of this? I have not looked into it for a while.

What was the status of this? I have not looked into it for a while.

I'll update this in the next few weeks, feel free to submit patches to make my life easier 😁

fwiw I've been using this in production since this PR was opened + a few patches I've added to add multi-network which I plan to PR once this is merged.

Addressed all comments except: #50618 (comment). Please advise.

@infinisil Thanks for your review!

This shouldn't be needed if the service doesn't fork?

Done!

#50618 (comment) , In particular you shouldn't need a static uid/gid at all, see #60732 (comment).

Ended up not setting a uid/gid, which makes them null and NixOS will pick one for me (neat!).

Using literalExample, NixOS/nixpkgs/pull/50618/files#r284444067

Done!

Adding a configFile option, #50618 (comment)

Done!

StateDirectory should only do something for dataDir = "/var/lib/bitcoind", so you should either turn this off completely and handle permissions yourself for arbitrary dataDir (via systemd.tmpfiles preferably instead of this preStart script), or alternatively, don't provide a dataDir option at all, and make it not configurable, then it makes sense to use StateDirectory (without setting permissions in preStart either).

Ended up removing StateDirectory completely. Bitcoin's datadir is 200GB+, so I want to make it configurable in case people want to mount their larger disk somewhere else. systemd.tmpfiles wouldn't work as we need it to persist across node restarts.

systemd.tmpfiles wouldn't work as we need it to persist across node restarts.

It's a bit of a misnomer, but that option can in fact be used for non-temporary files/directories as well, and that is in fact the most common usage for it in NixOS.

@infinisil

systemd.tmpfiles wouldn't work as we need it to persist across node restarts.

It's a bit of a misnomer, but that option can in fact be used for non-temporary files/directories as well, and that is in fact the most common usage for it in NixOS.

Ah okay, I think we'll stick with this for simplicity for now, perhaps someone else can PR the systemd.tmpfiles support later 😄

Let me know if I'm missing anything else!

There is already an effort for removing such permission scripts in favor of systemd.tmpfiles by @aanderse in #56265, so I'd rather have that in this PR as well. systemd.tmpfiles is very much in the spirit of NixOS in that it's declarative and not stateful. Look at the changes in that PR to see how permission scripts translate to systemd.tmpfiles (or read man tmpfiles.d).

Updated to use systemd.tmpfiles.

@infinisil Done! Thank you for your patience!

:)