prvng_extensions/taskservs/infrastructure/polkadot/validator/kcl/polkadot-validator.k

# Info: KCL Polkadot Validator task schemas for provisioning (Provisioning)
# Author: Provisioning System
# Release: 0.0.1
# Date: 2025-07-24

import regex

schema User:
    """
    User settings for Polkadot validator
    """
    name: str
    group: str = name
    home?: str = "/home/${name}"

schema ValidatorAccount:
    """
    Validator account configuration (Stash/Controller)
    """
    stash_address?: str
    controller_address?: str
    reward_destination: "Staked" | "Stash" | "Controller" | "Account" = "Staked"
    commission: int = 0  # Commission percentage (0-100)
    
    check:
        0 <= commission <= 100, "Commission must be between 0 and 100"

schema SessionKeys:
    """
    Session keys configuration
    """
    keys_file?: str = "/var/lib/polkadot/session-keys"
    auto_rotate: bool = False
    rotation_interval?: int = 86400  # seconds (24 hours)
    babe_key?: str
    grandpa_key?: str
    im_online_key?: str
    para_validator_key?: str
    para_assignment_key?: str
    authority_discovery_key?: str
    
    check:
        rotation_interval == Undefined or rotation_interval > 0, "Rotation interval must be positive"

schema Network:
    """
    Network configuration for validator
    """
    chain: "polkadot" | "kusama" | "westend" = "polkadot"
    listen_addr: str = "/ip4/0.0.0.0/tcp/30333"
    public_addr?: str
    node_key_file?: str = "/var/lib/polkadot/node-key"
    bootnodes: [str] = []
    reserved_nodes: [str] = []
    reserved_only: bool = False
    max_peers: int = 50
    max_peers_light: int = 100
    
    check:
        max_peers > 0, "max_peers must be positive"
        max_peers_light > 0, "max_peers_light must be positive"

schema RPC:
    """
    RPC configuration (restricted for validators)
    """
    enabled: bool = True
    bind_addr: str = "127.0.0.1"  # Localhost only for security
    port: int = 9944
    ws_port: int = 9944
    http_port: int = 9933
    max_connections: int = 10  # Limited for validators
    cors: [str] = []  # No CORS for validators
    methods: [str] = ["safe"]  # Only safe methods
    
    check:
        1 <= port <= 65535, "RPC port must be between 1 and 65535"
        1 <= ws_port <= 65535, "WebSocket port must be between 1 and 65535"
        1 <= http_port <= 65535, "HTTP port must be between 1 and 65535"
        max_connections <= 50, "Validator RPC connections should be limited"

schema Monitoring:
    """
    Monitoring configuration for validator
    """
    enabled: bool = True
    prometheus_port: int = 9615
    prometheus_bind_addr: str = "127.0.0.1"
    telemetry_enabled: bool = True
    telemetry_url: str = "wss://telemetry.polkadot.io/submit/"
    telemetry_verbosity: int = 0
    
    check:
        1 <= prometheus_port <= 65535, "Prometheus port must be between 1 and 65535"
        0 <= telemetry_verbosity <= 9, "Telemetry verbosity must be between 0 and 9"

schema Security:
    """
    Security configuration for validator
    """
    enable_firewall: bool = True
    allowed_ssh_ips: [str] = []
    fail2ban_enabled: bool = True
    auto_updates: bool = True
    secure_keystore: bool = True
    backup_keys: bool = True
    backup_path?: str = "/var/backups/polkadot"

schema PolkadotValidator:
    """
    Polkadot validator node configuration
    """
    name: str = "polkadot-validator"
    version: str = "latest"
    run_user: User = {
        name = "polkadot"
    }
    work_path: str = "/var/lib/polkadot"
    config_path: str = "/etc/polkadot"
    bin_path: str = "/usr/local/bin/polkadot"
    base_path: str = "/var/lib/polkadot/data"
    keystore_path: str = "/var/lib/polkadot/keystore"
    validator_accounts: ValidatorAccount = {}
    session_keys: SessionKeys = {}
    network: Network = {}
    rpc: RPC = {}
    monitoring: Monitoring = {}
    security: Security = {}
    log_level: "error" | "warn" | "info" | "debug" | "trace" = "info"
    log_targets: [str] = ["runtime::system"]
    execution: "native" | "wasm" | "both" = "wasm"
    wasm_execution: "compiled" | "interpreted" = "compiled"
    state_cache_size: int = 134217728  # 128MB for validators
    db_cache: int = 2048  # 2GB for validators
    pruning: "archive" | int = 1000  # Keep more blocks for validators
    unsafe_pruning: bool = False
    
    check:
        len(run_user.name) > 0, "Check run_user name"
        len(work_path) > 0, "Check work_path"
        len(config_path) > 0, "Check config_path"
        len(base_path) > 0, "Check base_path"
        state_cache_size > 0, "state_cache_size must be positive"
        db_cache > 0, "db_cache must be positive"
        not unsafe_pruning or pruning != "archive", "Cannot use unsafe pruning with archive mode"
chore include .k files 2025-10-07 11:20:26 +01:00			`# Info: KCL Polkadot Validator task schemas for provisioning (Provisioning)`
			`# Author: Provisioning System`
			`# Release: 0.0.1`
			`# Date: 2025-07-24`

			`import regex`

			`schema User:`
			`"""`
			`User settings for Polkadot validator`
			`"""`
			`name: str`
			`group: str = name`
			`home?: str = "/home/${name}"`

			`schema ValidatorAccount:`
			`"""`
			`Validator account configuration (Stash/Controller)`
			`"""`
			`stash_address?: str`
			`controller_address?: str`
			`reward_destination: "Staked" \| "Stash" \| "Controller" \| "Account" = "Staked"`
			`commission: int = 0 # Commission percentage (0-100)`

			`check:`
			`0 <= commission <= 100, "Commission must be between 0 and 100"`

			`schema SessionKeys:`
			`"""`
			`Session keys configuration`
			`"""`
			`keys_file?: str = "/var/lib/polkadot/session-keys"`
			`auto_rotate: bool = False`
			`rotation_interval?: int = 86400 # seconds (24 hours)`
			`babe_key?: str`
			`grandpa_key?: str`
			`im_online_key?: str`
			`para_validator_key?: str`
			`para_assignment_key?: str`
			`authority_discovery_key?: str`

			`check:`
			`rotation_interval == Undefined or rotation_interval > 0, "Rotation interval must be positive"`

			`schema Network:`
			`"""`
			`Network configuration for validator`
			`"""`
			`chain: "polkadot" \| "kusama" \| "westend" = "polkadot"`
			`listen_addr: str = "/ip4/0.0.0.0/tcp/30333"`
			`public_addr?: str`
			`node_key_file?: str = "/var/lib/polkadot/node-key"`
			`bootnodes: [str] = []`
			`reserved_nodes: [str] = []`
			`reserved_only: bool = False`
			`max_peers: int = 50`
			`max_peers_light: int = 100`

			`check:`
			`max_peers > 0, "max_peers must be positive"`
			`max_peers_light > 0, "max_peers_light must be positive"`

			`schema RPC:`
			`"""`
			`RPC configuration (restricted for validators)`
			`"""`
			`enabled: bool = True`
			`bind_addr: str = "127.0.0.1" # Localhost only for security`
			`port: int = 9944`
			`ws_port: int = 9944`
			`http_port: int = 9933`
			`max_connections: int = 10 # Limited for validators`
			`cors: [str] = [] # No CORS for validators`
			`methods: [str] = ["safe"] # Only safe methods`

			`check:`
			`1 <= port <= 65535, "RPC port must be between 1 and 65535"`
			`1 <= ws_port <= 65535, "WebSocket port must be between 1 and 65535"`
			`1 <= http_port <= 65535, "HTTP port must be between 1 and 65535"`
			`max_connections <= 50, "Validator RPC connections should be limited"`

			`schema Monitoring:`
			`"""`
			`Monitoring configuration for validator`
			`"""`
			`enabled: bool = True`
			`prometheus_port: int = 9615`
			`prometheus_bind_addr: str = "127.0.0.1"`
			`telemetry_enabled: bool = True`
			`telemetry_url: str = "wss://telemetry.polkadot.io/submit/"`
			`telemetry_verbosity: int = 0`

			`check:`
			`1 <= prometheus_port <= 65535, "Prometheus port must be between 1 and 65535"`
			`0 <= telemetry_verbosity <= 9, "Telemetry verbosity must be between 0 and 9"`

			`schema Security:`
			`"""`
			`Security configuration for validator`
			`"""`
			`enable_firewall: bool = True`
			`allowed_ssh_ips: [str] = []`
			`fail2ban_enabled: bool = True`
			`auto_updates: bool = True`
			`secure_keystore: bool = True`
			`backup_keys: bool = True`
			`backup_path?: str = "/var/backups/polkadot"`

			`schema PolkadotValidator:`
			`"""`
			`Polkadot validator node configuration`
			`"""`
			`name: str = "polkadot-validator"`
			`version: str = "latest"`
			`run_user: User = {`
			`name = "polkadot"`
			`}`
			`work_path: str = "/var/lib/polkadot"`
			`config_path: str = "/etc/polkadot"`
			`bin_path: str = "/usr/local/bin/polkadot"`
			`base_path: str = "/var/lib/polkadot/data"`
			`keystore_path: str = "/var/lib/polkadot/keystore"`
			`validator_accounts: ValidatorAccount = {}`
			`session_keys: SessionKeys = {}`
			`network: Network = {}`
			`rpc: RPC = {}`
			`monitoring: Monitoring = {}`
			`security: Security = {}`
			`log_level: "error" \| "warn" \| "info" \| "debug" \| "trace" = "info"`
			`log_targets: [str] = ["runtime::system"]`
			`execution: "native" \| "wasm" \| "both" = "wasm"`
			`wasm_execution: "compiled" \| "interpreted" = "compiled"`
			`state_cache_size: int = 134217728 # 128MB for validators`
			`db_cache: int = 2048 # 2GB for validators`
			`pruning: "archive" \| int = 1000 # Keep more blocks for validators`
			`unsafe_pruning: bool = False`

			`check:`
			`len(run_user.name) > 0, "Check run_user name"`
			`len(work_path) > 0, "Check work_path"`
			`len(config_path) > 0, "Check config_path"`
			`len(base_path) > 0, "Check base_path"`
			`state_cache_size > 0, "state_cache_size must be positive"`
			`db_cache > 0, "db_cache must be positive"`
			`not unsafe_pruning or pruning != "archive", "Cannot use unsafe pruning with archive mode"`