{ config, lib, pkgs, ... }: let cfg = config.services.kubo; ipfsApi = pkgs.writeTextDir "api" "/ip4/127.0.0.1/tcp/5001"; peeringPeers = [ { ID = "Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo"; Addrs = [ "/ip4/95.216.8.12/udp/110/quic" "/ip4/95.216.8.12/tcp/110" ]; } { ID = "12D3KooWQWsHPUUeFhe4b6pyCaD1hBoj8j6Z7S7kTznRTh1p1eVt"; Addrs = [ "/ip4/152.67.79.222/udp/110/quic" "/ip4/152.67.79.222/tcp/110" ]; } ]; in { services.kubo = { enable = true; localDiscovery = true; autoMount = true; startWhenNeeded = false; enableGC = true; extraFlags = [ "--enable-pubsub-experiment" "--enable-namesys-pubsub" ]; settings = { Addresses = { Swarm = [ "/ip4/0.0.0.0/tcp/4001" "/ip4/0.0.0.0/tcp/110" "/ip4/0.0.0.0/udp/4001/quic" "/ip4/0.0.0.0/udp/110/quic" ]; API = "/ip4/127.0.0.1/tcp/5001"; }; Peering.Peers = peeringPeers; Bootstrap = (lib.flatten (map (p: map (a: "${a}/p2p/${p.ID}") p.Addrs) peeringPeers)) ++ [ "/dnsaddr/bootstrap.libp2p.io/p2p/12D3KooWEZXjE41uU4EL2gpkAQeDXYok6wghN7wwNVPF5bwkaNfS" "/dnsaddr/bootstrap.libp2p.io/p2p/QmcZf59bWwK5XFi76CZX8cbJ4BhTzzA3gU1ZjYZcYW3dwt" "/dnsaddr/bootstrap.libp2p.io/p2p/QmZa1sAxajnQjVM8WjWXoMbmPd7NsWhfKsPkErzpm9wGkp" "/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN" "/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb" "/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa" ]; Datastore = { BloomFilterSize = 0; GCPeriod = "1h"; HashOnRead = false; NoSync = true; Spec = { mounts = []; child = { path = "badgerds"; syncWrites = false; truncate = true; type = "badgerds"; }; prefix = "badger.datastore"; type = "measure"; }; StorageGCWatermark = 90; StorageMax = "200GB"; }; Routing = { Type = "custom"; Routers = { LanDHT = { Type = "dht"; Parameters = { Mode = "auto"; PublicIPNetwork = false; AcceleratedDHTClient = false; }; }; WanDHT = { Type = "dht"; Parameters = { Mode = "auto"; PublicIPNetwork = true; AcceleratedDHTClient = false; }; }; CidContact = { Type = "http"; Parameters.Endpoint = "https://cid.contact"; }; PrivateVoid = { Type = "http"; Parameters.Endpoint = "https://p2p.privatevoid.net"; }; AllDHT = { Type = "parallel"; Parameters.Routers = [ { RouterName = "WanDHT"; IgnoreErrors = false; Timeout = "30s"; } { RouterName = "LanDHT"; IgnoreErrors = false; Timeout = "10s"; } ]; }; Parallel = { Type = "parallel"; Parameters.Routers = [ { RouterName = "WanDHT"; IgnoreErrors = false; Timeout = "30s"; } { RouterName = "LanDHT"; IgnoreErrors = false; Timeout = "10s"; } { RouterName = "CidContact"; IgnoreErrors = true; Timeout = "10s"; ExecuteAfter = "3s"; } { RouterName = "PrivateVoid"; IgnoreErrors = true; Timeout = "5s"; ExecuteAfter = "200ms"; } ]; }; }; Methods = { find-peers.RouterName = "Parallel"; find-providers.RouterName = "Parallel"; get-ipns.RouterName = "Parallel"; put-ipns.RouterName = "Parallel"; provide.RouterName = "AllDHT"; }; }; }; }; systemd.services.ipfs = { serviceConfig = { AmbientCapabilities = "CAP_NET_BIND_SERVICE"; ReadWritePaths = lib.mkForce [ ]; }; }; systemd.sockets = { ipfs-api.enable = false; ipfs-gateway.enable = false; }; environment = { variables.IPFS_PATH = lib.mkForce "${ipfsApi}"; shellAliases = { ipfs-admin = "doas -u ${cfg.user} env IPFS_PATH=${cfg.dataDir} ipfs"; f = "ipfs files"; }; }; networking.firewall.allowedTCPPorts = [ 110 4001 ]; environment.systemPackages = lib.singleton (pkgs.writeShellScriptBin "share" '' PATH=${cfg.package}/bin:$PATH set -e cid=$(ipfs add -Qrp --pin=false "$@") test -n $cid || exit 0 echo -e "\n\n IPFS path: /ipfs/$cid" b32=$(ipfs cid base32 $cid) echo -e " Web link: https://$b32.ipfs.privatevoid.net" echo -e " Web link: https://$b32.ipfs.dweb.link" echo -e " Web link: https://privatevoid.net/ipfs/$cid" echo -e " Web link: https://ipfs.io/ipfs/$cid" echo -e " Web link: https://cloudflare-ipfs.com/ipfs/$cid\n" ''); networking.networkmanager.dispatcherScripts = [{ source = pkgs.writeShellScript "nm-ipfs-reconnect.sh" '' [[ "$2" != "up" ]] && exit 0 PATH=${pkgs.systemd}/bin:${pkgs.findutils}/bin:${cfg.package}/bin:$PATH export IPFS_PATH=${ipfsApi} systemctl is-active ipfs.service || exit 0 case $1 in wl*|en*) ipfs swarm peers | xargs -P4 -n1 timeout 3 ipfs swarm disconnect ipfs bootstrap | xargs -P4 -n1 timeout 10 ipfs swarm connect esac exit 0 ''; type = "basic"; }]; }