A Declarative Operations Framework for Cardano SPOs

[Proposal setup] Proposal title

Please provide your proposal title

A Declarative Operations Framework for Cardano SPOs

[Proposal Summary] Budget Information

Enter the amount of funding you are requesting in ADA

97500

[Proposal Summary] Time

Please specify how many months you expect your project to last

9

[Proposal Summary] Translation Information

Please indicate if your proposal has been auto-translated

No

Original Language

en

[Proposal Summary] Problem Statement

What is the problem you want to solve?

Running a stake pool with the many different components is difficult. A lack of a unified DevOps framework making it easier to operate a stake-pool affects decentralisation and network security.

[Proposal Summary] Supporting Documentation

Supporting links

• https://github.com/mlabs-haskell/spo-anywhere
,
• https://std.divnix.com/
,
• https://terranix.org/

[Proposal Summary] Project Dependencies

Does your project have any dependencies on other organizations, technical or otherwise?

No

Describe any dependencies or write 'No dependencies'

No dependencies

[Proposal Summary] Project Open Source

Will your project's outputs be fully open source?

Yes

License and Additional Information

Apache 2.0 License

[Theme Selection] Theme

Please choose the most relevant theme and tag related to the outcomes of your proposal

Infrastructure

[Campaign Category] Category Questions

Mention your open source license and describe your open source license rationale.

The Apache 2.0 License was chosen because it is an OSI-approved license. It allows both community and commercial entities to freely use, build upon, and distribute the software without imposing restrictive "copyleft" terms on derivative works.

How do you make sure your source code is accessible to the public from project start, and people are informed?

Hosting it in a public repository on a platform like GitHub or GitLab from day one. Immediately include an OSI-approved open-source license, such as Apache 2.0, to provide legal clarity for users and contributors.

We will also proactively engage with community on forums and social media channels before and during development to share ideas and gather feedback. Maintain a public development log and prject management through githubs project engagement tools to provide transparency on progress and technical decisions, keeping the audience up to date on the development journey.

How will you provide high quality documentation?

Documentation will be provided using a combination of asciidoctor and markdown with a focus on clarity, accessibility, and practical application, ensuring users can understand, use, and contribute to the project.

[Your Project and Solution] Solution

Please describe your proposed solution and how it addresses the problem

Our solution is to engineer a comprehensive, Nix-based framework that will provide a single, version-controlled source of truth for an entire stake pool operation; from bare metal to relay to block production and monitoring. It will address the extensive manual effort currently required by integrating tooling into a cohesive, automated system.

The core components we will build are:

1. Declarative Deployments: We will use Nix to generate configurations for every part of the stack.
   • Infrastructure-as-Code (IaC): Users will be able to generate Terraform files dynamically from a central configuration file. This will allow operators to define their entire cloud presence declaratively for platforms such as AWS.
   • Atomic Configurations: Nix will generate service configuration files on the fly, ensuring every deployment is reproducible and changes are atomic.
   • Reproducible Environments: By leveraging Nix, we will ensure that the development, testing, and production environments are identical, eliminating configuration drift.
2. Accelerated & Efficient Operations:
   • Mithril Integration: The framework will include a dedicated module to download and restore the blockchain from Mithril snapshots, reducing sync times from hours to minutes for both local and cloud deployments.
   • Binary Caches: The setup will be configured to use local binary caches, ensuring pre-built, trusted versions of the Cardano node, Hydra and Mithril are used, dramatically speeding up deployments, both for local and remote builds and configurations.
3. Secrets Management: We will implement a two-tiered secrets strategy.
   • Operational Secrets: API keys and other "hot" credentials will be encrypted using sops, allowing them to be stored in the repository and decrypted on the remote host during deployment.
   • High-Security Keys: Critical "cold" assets like stake pool keys will be managed with tomb, which creates encrypted volumes protected by GPG and hardware keys. This will be integrated with best practices for using an air-gapped machine (e.g., a Raspberry Pi) for all signing operations, ensuring private keys are never exposed to an online environment.
4. Telemetry & Portability:
   • Declarative Monitoring Stack: We will deploy a custom telemetry stack (Prometheus, Grafana) that works identically across local and cloud environments for consistent operational insight.
   • Deployable Across Systems: Builds, configurations and deployment should be consistent across platforms (MacOS, Linux, Arm, x86 ) and not be tied specifically to using just Nix-OS locked on a specific architecture.

[Your Project and Solution] Impact

Please define the positive impact your project will have on the wider Cardano community

This project aims to improve the security, decentralisation, and operational efficiency of the Cardano network by helping self-hosting Stake Pool Operators with a robust DevOps framework currently not provided in Cardano’s stake-pool operations ecosystem.

1. Strengthens Network Security and Reliability: By automating best practices for infrastructure, configuration, and security, our framework will reduce the risk of human error, which is a leading cause of misconfigurations and downtime. This leads to a more stable and resilient network backbone.
2. Lowers the Barrier to Professional Operation: While not a "one-click" solution (close to it though), this framework will significantly lower the technical barrier for new SPOs to achieve a secure declarative setup. This encourages greater participation and decentralisation.
3. Increases Operational Efficiency: Automating repetitive tasks like updates, dependency management, and new node rollouts will free up SPOs to focus on value-added activities like community engagement and performance tuning.
4. Provides a Foundation for Future Tooling: As a fully open-source and modular framework, this project will serve as a foundational layer upon which the community can build further improvements in stake pool operations.
5. Assist DApp and Smart Contract development and testing: Automated building and testing for DApp by quickly setting up and tearing down full development networks easily to test DApp or Smart Contract execution in realistic network environments.

[Your Project and Solution] Capabilities & Feasibility

What is your capability to deliver your project with high levels of trust and accountability? How do you intend to validate if your approach is feasible?

Our capability to deliver this project stems from a deep understanding of the problem and our approach. Feasibility is ensured through a combination of technical expertise and a realistic, phased project plan.

• Demonstrated Expertise: Our team has expertise in the core technologies required for this project, including Nix/NixOS, Infrastructure-as-Code principles with Terraform, cloud automation on platforms like AWS, and secure management of Cardano node environments.
• Feasibility by Design: By building on the nix-std framework, we avoid common pitfalls of complex software projects, ensuring a modular, maintainable, and scalable architecture. The milestones break down this ambitious project into manageable, verifiable stages, each with clear outputs.
• A Realistic and Auditable Plan: We are not proposing an open-ended research project, but a targeted engineering effort with a clear beginning and end. The feasibility of our approach can be validated by the community at each milestone, as we deliver tangible, open-source components of the framework according to a realistic timeline.

[Milestones] Project Milestones

Milestone Title

Base Scaffolding (Local Deployment) & IaC Integration (Cloud Deployment)

Milestone Outputs

• Initial Framework Release: The core repository, structured with the nix-std framework, will be established and made public on GitHub.

  • End-to-End IaC Provisioning: A functional terranix module will be developed to automatically provision all necessary AWS cloud resources from a single, declarative configuration file.

  • Declarative Node Deployment: NixOS configurations will be created to reliably deploy a cardano-node (as either a relay or block producer) and a cardano-db-sync instance.

  • Basic Secrets Management: A foundational security layer will be implemented using sops-nix to manage essential operational secrets, such as cloud provider API keys.

Acceptance Criteria

The framework's core Nix structure and terranix module must successfully generate valid Terraform code from the user-defined configuration file. The generated plan must apply without errors, resulting in the provisioning of a basic, accessible EC2 instance on AWS

Evidence of Completion

A link to the public GitHub repository containing the initial framework code, and a video demonstration showing the generation of Terraform files and a successful

Delivery Month

4

Cost

32500

Progress

40 %

Milestone Title

Core Services, Secrets & Monitoring

Milestone Outputs

1. High-Security Key Management: The framework will be enhanced with a full integration of tomb for managing encrypted volumes for cold keys, complete with documentation for GPG and hardware key usage.

   1. Hydra & Mithril Integration: Declarative NixOS modules will be developed for the deployment and configuration of Hydra nodes and Mithril validator nodes, enabling easy participation in the broader ecosystem.

   2. Telemetry Stack Deployment: A fully-functional, containerised monitoring stack (Prometheus & Grafana) will be deployed via Nix, including pre-built dashboards for node health and network metrics.

Acceptance Criteria

The framework must be capable of deploying a fully functional Cardano node with advanced security features. Hydra and Mithril nodes must be configurable and deployable via the central Nix configuration. The monitoring stack must deploy automatically and display relevant metrics.

Evidence of Completion

A video demonstrating the tomb security workflow, a video showing the successful deployment of Hydra and Mithril nodes, and a link to the pre-configured Grafana dashboards in the repository.

Delivery Month

7

Cost

33000

Progress

60 %

Milestone Title

Public Release, Documentation

Milestone Outputs

1. Official release: The stable, feature-complete version of the framework will be tagged and released on GitHub, ready for public use by the SPO community.

2. Public Documentation Site Launch: A publicly accessible documentation site with comprehensive user guides.

Acceptance Criteria

All features from prior milestones will be integrated into a stable 1.0.0 release. The public documentation site will be live, from covering basic setup, but also extra usage, security best practices, and clear contribution guidelines. The final framework must be fully reproducible, allowing a new user to follow the documentation and successfully deploy a fully-configured, monitored stake pool environment.

Evidence of Completion

A direct link to the official 1.0.0 release tag on the public GitHub repository, and a direct link to the live, publicly accessible documentation website.features.

Delivery Month

9

Cost

25000

Progress

100 %

[Final Pitch] Budget & Costs

Please provide a cost breakdown of the proposed work and resources

• Project Lead & Lead Development: 9 months * 6,000 ADA/month = 54,000 ADA
  • Covers core architecture design, Nix/NixOS development, IaC implementation with Terranix, and integration of all Cardano components.
• Developer Experience (DX): 9 months * 2,500 ADA/month = 22,500 ADA
  • Responsible for testing the onboarding workflow, validating documentation against the codebase, and providing feedback on usability.
• Cloud Infrastructure & Testing: 9 months * 1,000 ADA/month = 9,000 ADA
  • Covers AWS costs for a persistent testing environment, including multiple EC2 instances (for multi-node testing), EBS volumes for blockchain storage, and networking costs for continuous integration and deployment validation.
• Technical Writing & Documentation Production: 5,000 ADA
  • A one-time allocation for the final structuring, editing, and graphic design of the public-facing documentation site.
• Contingency: 7,000 ADAA
  • ~7% contingency fund to address unforeseen technical challenges, fluctuations in cloud service pricing, or other unexpected project costs. (Not included in milestone costs stated previously)

[Final Pitch] Value for Money

How does the cost of the project represent value for the Cardano ecosystem?

This project addresses need within the ecosystem to enable more people and organisations to directly deploy and operate their own stake-pools cost effectively thereby improving the network resilience and security. Too many stake pool operations are outsourced to specialised service providers, thereby concentrating operations. The funds are for engineering effort to build a tangible public good. By creating a unified, operational framework, this investment will produce a robust alternative for stake-pool operations. Our work will create a standard for network infrastructure for a fraction of the cost it would take for individual SPOs to develop similar solutions or extensions of their own. Thereby also helping development teams to more throughly test in realistic network environments, speeding up development and testing of high quality DApps and Smart Contracts.

[Required Acknowledgements] Consent & Confirmation

Terms and Conditions:

Yes