ipfs: no more pnet

This commit is contained in:
Max Headroom 2022-11-13 02:12:44 +01:00
parent e01d7ac3b0
commit b7497ff38b
5 changed files with 4 additions and 26 deletions

View file

@ -10,7 +10,7 @@ let
./games ./games
./hardened ./hardened
./hyprspace ./hyprspace
./ipfs-lain ./ipfs
./jackett ./jackett
./laptop-config ./laptop-config
./lidarr ./lidarr
@ -38,7 +38,7 @@ in rec {
networking = [ firewall ssh ]; networking = [ firewall ssh ];
client-networking = networking ++ [ networking-client nm-vdns-auto ipfs-lain hyprspace ]; client-networking = networking ++ [ networking-client nm-vdns-auto ipfs hyprspace ];
desktop = [ desktop = [
modules.desktop modules.desktop

View file

@ -33,10 +33,6 @@ in {
file = ../../secrets/hyprspace-key- + "${hostName}.age"; file = ../../secrets/hyprspace-key- + "${hostName}.age";
mode = "0400"; mode = "0400";
}; };
age.secrets.ipfs-swarm-key = {
file = ../../secrets/ipfs-swarm-key.age;
mode = "0400";
};
systemd.services.hyprspace = { systemd.services.hyprspace = {
enable = true; enable = true;
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
@ -49,11 +45,9 @@ in {
${pkgs.replace-secret}/bin/replace-secret '@HYPRSPACEPRIVATEKEY@' "${privateKeyFile}" ${runConfig} ${pkgs.replace-secret}/bin/replace-secret '@HYPRSPACEPRIVATEKEY@' "${privateKeyFile}" ${runConfig}
chmod 0400 ${runConfig} chmod 0400 ${runConfig}
''; '';
environment = { environment = lib.optionalAttrs config.services.kubo.enable {
HYPRSPACE_SWARM_KEY = config.age.secrets.ipfs-swarm-key.path;
} // (lib.optionalAttrs config.services.kubo.enable {
HYPRSPACE_IPFS_API = config.services.kubo.settings.Addresses.API; HYPRSPACE_IPFS_API = config.services.kubo.settings.Addresses.API;
}); };
serviceConfig = { serviceConfig = {
Restart = "on-failure"; Restart = "on-failure";
RestartSec = "5s"; RestartSec = "5s";

View file

@ -23,7 +23,6 @@ in {
}; };
systemd.services.ipfs = { systemd.services.ipfs = {
environment.LIBP2P_FORCE_PNET = "1";
serviceConfig = { serviceConfig = {
AmbientCapabilities = "CAP_NET_BIND_SERVICE"; AmbientCapabilities = "CAP_NET_BIND_SERVICE";
ReadWritePaths = lib.mkForce [ ]; ReadWritePaths = lib.mkForce [ ];

View file

@ -1,14 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 NO562A OAH7JcYyaB+KVOtZFXX7r1F8wDW+Y5BMBdhAou0kSBk
NmvNTDtaTORPSNp3pUEBtUTuOR2H4ayZPu4Z9tzPDoU
-> ssh-ed25519 5/zT0w BccoidtcwnqgbNyFylxlSe7G45whhOK+HTvLbz0nkBc
72VYuHZ/d5BQRJfJSX2nBvzK8p4wjvQqwMbLiPpDa/k
-> ssh-ed25519 OxDh5w sI9ecpbZ0U/kC8AR17X/KmzCXwXa9Bf6Hk6AqXw5pHM
83zeCBsHQPtjq4IJ2jaTqZlqL3r0ACF1eqOmFxuELEk
-> ssh-ed25519 RLSb/g t1vpmXGHm4DggmYwqov1ZrgtiwceaNfk9fZLwbkE0GM
t/yfwCIH71BAXUc05dLjc3rYfvSvjZBi0a/JB+p/Now
-> fL?\;;2-grease (s kw+w DNwK 0<gqZ
fLVDBrnwjU+6+mVwweQ6zZYOVLYHLd1QGxckJaS2wL9kIWEyXCkIy+U6DfEFz+kc
TtuvyGolurlZ+IYfMo7vorHpBw4r9CxP3IcnqTlBwQ
--- GQMKSU2Zm8Ac1pxu89zi/Mh+wzdU0dUPMrQp6GONJ+4
ñ‹=°ËVmP>§‰탪“ƒš¢©¶áæ{„4 õW<”ÀïE4?^Ï<> ý@N/ýƒô.ÛäCñóºNÈv¶«Ï¸åš;XSh¤šâGi¢í<C2A2>ëßþJI¶ù@v<>_y ø<>éÖžs²œuع·€L˜{{[d: ¬ÿ2ÿ

View file

@ -9,7 +9,6 @@ in with hosts;
"hyprspace-key-TITAN.age".publicKeys = max ++ map systemKeys [ TITAN ]; "hyprspace-key-TITAN.age".publicKeys = max ++ map systemKeys [ TITAN ];
"hyprspace-key-jericho.age".publicKeys = max ++ map systemKeys [ jericho ]; "hyprspace-key-jericho.age".publicKeys = max ++ map systemKeys [ jericho ];
"ipfs-cluster-secret.age".publicKeys = max ++ map systemKeys [ TITAN ]; "ipfs-cluster-secret.age".publicKeys = max ++ map systemKeys [ TITAN ];
"ipfs-swarm-key.age".publicKeys = max ++ map systemKeys [ TITAN jericho ];
"transmission-rpc-password.age".publicKeys = max ++ map systemKeys [ TITAN ]; "transmission-rpc-password.age".publicKeys = max ++ map systemKeys [ TITAN ];
"wireguard-key-upload.age".publicKeys = max ++ map systemKeys [ TITAN ]; "wireguard-key-upload.age".publicKeys = max ++ map systemKeys [ TITAN ];
"shadow-max.age".publicKeys = max ++ map systemKeys [ TITAN jericho ]; "shadow-max.age".publicKeys = max ++ map systemKeys [ TITAN jericho ];