config/modules/ipfs/default.nix

93 lines
3 KiB
Nix
Raw Normal View History

2022-02-05 21:42:36 +02:00
{ config, lib, pkgs, ... }:
let
cfg = config.services.kubo;
2022-02-05 21:42:36 +02:00
ipfsApi = pkgs.writeTextDir "api" "/ip4/127.0.0.1/tcp/5001";
2022-11-14 01:42:32 +02:00
peeringPeers = [
{
ID = "Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo";
Addrs = [
"/ip4/95.216.8.12/udp/110/quic"
"/ip4/95.216.8.12/tcp/110"
];
}
{
ID = "12D3KooWQWsHPUUeFhe4b6pyCaD1hBoj8j6Z7S7kTznRTh1p1eVt";
Addrs = [
"/ip4/152.67.79.222/udp/110/quic"
"/ip4/152.67.79.222/tcp/110"
];
}
];
2022-02-05 21:42:36 +02:00
in {
services.kubo = {
2022-02-05 21:42:36 +02:00
enable = true;
localDiscovery = true;
autoMount = true;
startWhenNeeded = false;
enableGC = true;
extraFlags = [ "--enable-pubsub-experiment" "--enable-namesys-pubsub" ];
2022-10-30 15:10:57 +02:00
settings = {
Addresses.Swarm = [
"/ip4/0.0.0.0/tcp/4001"
"/ip4/0.0.0.0/tcp/110"
2022-11-13 15:51:42 +02:00
"/ip4/0.0.0.0/udp/4001/quic"
"/ip4/0.0.0.0/udp/110/quic"
2022-10-30 15:10:57 +02:00
];
2022-11-14 01:42:32 +02:00
Peering.Peers = peeringPeers;
Bootstrap = (lib.flatten (map (p: map (a: "${a}/p2p/${p.ID}") p.Addrs) peeringPeers)) ++ [
"/dnsaddr/bootstrap.libp2p.io/p2p/12D3KooWEZXjE41uU4EL2gpkAQeDXYok6wghN7wwNVPF5bwkaNfS"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmcZf59bWwK5XFi76CZX8cbJ4BhTzzA3gU1ZjYZcYW3dwt"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmZa1sAxajnQjVM8WjWXoMbmPd7NsWhfKsPkErzpm9wGkp"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa"
2022-02-05 21:42:36 +02:00
];
};
};
2022-03-30 02:48:29 +03:00
systemd.services.ipfs = {
serviceConfig = {
2022-09-25 21:35:52 +03:00
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
2022-03-30 02:48:29 +03:00
ReadWritePaths = lib.mkForce [ ];
};
};
2022-02-05 21:42:36 +02:00
systemd.sockets = {
ipfs-api.enable = false;
ipfs-gateway.enable = false;
};
environment = {
variables.IPFS_PATH = lib.mkForce "${ipfsApi}";
shellAliases = {
ipfs-admin = "doas -u ${cfg.user} env IPFS_PATH=${cfg.dataDir} ipfs";
f = "ipfs files";
};
};
2022-09-25 21:35:52 +03:00
networking.firewall.allowedTCPPorts = [ 110 4001 ];
2022-02-05 21:42:36 +02:00
environment.systemPackages = lib.singleton (pkgs.writeShellScriptBin "share" ''
PATH=${cfg.package}/bin:$PATH
set -e
cid=$(ipfs add -Qrp --pin=false "$@")
test -n $cid || exit 0
echo -e "\n\n IPFS path: /ipfs/$cid"
echo -e " Web link: https://$(ipfs cid base32 $cid).ipfs.privatevoid.net\n"
'');
networking.networkmanager.dispatcherScripts = [{
source = pkgs.writeShellScript "nm-ipfs-reconnect.sh" ''
[[ "$2" != "up" ]] && exit 0
PATH=${pkgs.systemd}/bin:${pkgs.findutils}/bin:${cfg.package}/bin:$PATH
export IPFS_PATH=${ipfsApi}
systemctl is-active ipfs.service || exit 0
case $1 in
wl*|en*)
ipfs swarm peers | xargs -P4 -n1 timeout 3 ipfs swarm disconnect
ipfs bootstrap | xargs -P4 -n1 timeout 10 ipfs swarm connect
esac
exit 0
'';
type = "basic";
}];
}