197 lines
5.9 KiB
Nix
197 lines
5.9 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.services.kubo;
|
|
ipfsApi = pkgs.writeTextDir "api" "/ip4/127.0.0.1/tcp/5001";
|
|
peeringPeers = [
|
|
{
|
|
ID = "Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo";
|
|
Addrs = [
|
|
"/ip4/95.216.8.12/udp/110/quic"
|
|
"/ip4/95.216.8.12/tcp/110"
|
|
];
|
|
}
|
|
{
|
|
ID = "12D3KooWQWsHPUUeFhe4b6pyCaD1hBoj8j6Z7S7kTznRTh1p1eVt";
|
|
Addrs = [
|
|
"/ip4/152.67.79.222/udp/110/quic"
|
|
"/ip4/152.67.79.222/tcp/110"
|
|
];
|
|
}
|
|
];
|
|
in {
|
|
services.kubo = {
|
|
enable = true;
|
|
localDiscovery = true;
|
|
autoMount = true;
|
|
startWhenNeeded = false;
|
|
enableGC = true;
|
|
extraFlags = [ "--enable-pubsub-experiment" "--enable-namesys-pubsub" ];
|
|
settings = {
|
|
Addresses = {
|
|
Swarm = [
|
|
"/ip4/0.0.0.0/tcp/4001"
|
|
"/ip4/0.0.0.0/tcp/110"
|
|
"/ip4/0.0.0.0/udp/4001/quic"
|
|
"/ip4/0.0.0.0/udp/110/quic"
|
|
];
|
|
API = "/ip4/127.0.0.1/tcp/5001";
|
|
};
|
|
Peering.Peers = peeringPeers;
|
|
Bootstrap = (lib.flatten (map (p: map (a: "${a}/p2p/${p.ID}") p.Addrs) peeringPeers)) ++ [
|
|
"/dnsaddr/bootstrap.libp2p.io/p2p/12D3KooWEZXjE41uU4EL2gpkAQeDXYok6wghN7wwNVPF5bwkaNfS"
|
|
"/dnsaddr/bootstrap.libp2p.io/p2p/QmcZf59bWwK5XFi76CZX8cbJ4BhTzzA3gU1ZjYZcYW3dwt"
|
|
"/dnsaddr/bootstrap.libp2p.io/p2p/QmZa1sAxajnQjVM8WjWXoMbmPd7NsWhfKsPkErzpm9wGkp"
|
|
"/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN"
|
|
"/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"
|
|
"/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa"
|
|
];
|
|
Datastore = {
|
|
BloomFilterSize = 0;
|
|
GCPeriod = "1h";
|
|
HashOnRead = false;
|
|
NoSync = true;
|
|
Spec = {
|
|
mounts = [];
|
|
child = {
|
|
path = "badgerds";
|
|
syncWrites = false;
|
|
truncate = true;
|
|
type = "badgerds";
|
|
};
|
|
prefix = "badger.datastore";
|
|
type = "measure";
|
|
};
|
|
StorageGCWatermark = 90;
|
|
StorageMax = "200GB";
|
|
};
|
|
Routing = {
|
|
Type = "custom";
|
|
Routers = {
|
|
LanDHT = {
|
|
Type = "dht";
|
|
Parameters = {
|
|
Mode = "auto";
|
|
PublicIPNetwork = false;
|
|
AcceleratedDHTClient = false;
|
|
};
|
|
};
|
|
WanDHT = {
|
|
Type = "dht";
|
|
Parameters = {
|
|
Mode = "auto";
|
|
PublicIPNetwork = true;
|
|
AcceleratedDHTClient = true;
|
|
};
|
|
};
|
|
CidContact = {
|
|
Type = "http";
|
|
Parameters.Endpoint = "https://cid.contact";
|
|
};
|
|
PrivateVoid = {
|
|
Type = "http";
|
|
Parameters.Endpoint = "https://p2p.privatevoid.net";
|
|
};
|
|
AllDHT = {
|
|
Type = "parallel";
|
|
Parameters.Routers = [
|
|
{
|
|
RouterName = "WanDHT";
|
|
IgnoreErrors = false;
|
|
Timeout = "30s";
|
|
}
|
|
{
|
|
RouterName = "LanDHT";
|
|
IgnoreErrors = false;
|
|
Timeout = "10s";
|
|
}
|
|
];
|
|
};
|
|
Parallel = {
|
|
Type = "parallel";
|
|
Parameters.Routers = [
|
|
{
|
|
RouterName = "WanDHT";
|
|
IgnoreErrors = false;
|
|
Timeout = "30s";
|
|
}
|
|
{
|
|
RouterName = "LanDHT";
|
|
IgnoreErrors = false;
|
|
Timeout = "10s";
|
|
}
|
|
{
|
|
RouterName = "CidContact";
|
|
IgnoreErrors = true;
|
|
Timeout = "10s";
|
|
ExecuteAfter = "3s";
|
|
}
|
|
{
|
|
RouterName = "PrivateVoid";
|
|
IgnoreErrors = true;
|
|
Timeout = "5s";
|
|
ExecuteAfter = "1s";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
Methods = {
|
|
find-peers.RouterName = "Parallel";
|
|
find-providers.RouterName = "Parallel";
|
|
get-ipns.RouterName = "Parallel";
|
|
put-ipns.RouterName = "Parallel";
|
|
provide.RouterName = "AllDHT";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.ipfs = {
|
|
serviceConfig = {
|
|
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
|
|
ReadWritePaths = lib.mkForce [ ];
|
|
};
|
|
};
|
|
systemd.sockets = {
|
|
ipfs-api.enable = false;
|
|
ipfs-gateway.enable = false;
|
|
};
|
|
|
|
environment = {
|
|
variables.IPFS_PATH = lib.mkForce "${ipfsApi}";
|
|
shellAliases = {
|
|
ipfs-admin = "doas -u ${cfg.user} env IPFS_PATH=${cfg.dataDir} ipfs";
|
|
f = "ipfs files";
|
|
};
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 110 4001 ];
|
|
|
|
environment.systemPackages = lib.singleton (pkgs.writeShellScriptBin "share" ''
|
|
PATH=${cfg.package}/bin:$PATH
|
|
set -e
|
|
cid=$(ipfs add -Qrp --pin=false "$@")
|
|
test -n $cid || exit 0
|
|
echo -e "\n\n IPFS path: /ipfs/$cid"
|
|
b32=$(ipfs cid base32 $cid)
|
|
echo -e " Web link: https://$b32.ipfs.privatevoid.net"
|
|
echo -e " Web link: https://$b32.ipfs.dweb.link"
|
|
echo -e " Web link: https://privatevoid.net/ipfs/$cid"
|
|
echo -e " Web link: https://ipfs.io/ipfs/$cid"
|
|
echo -e " Web link: https://cloudflare-ipfs.com/ipfs/$cid\n"
|
|
'');
|
|
networking.networkmanager.dispatcherScripts = [{
|
|
source = pkgs.writeShellScript "nm-ipfs-reconnect.sh" ''
|
|
[[ "$2" != "up" ]] && exit 0
|
|
PATH=${pkgs.systemd}/bin:${pkgs.findutils}/bin:${cfg.package}/bin:$PATH
|
|
export IPFS_PATH=${ipfsApi}
|
|
systemctl is-active ipfs.service || exit 0
|
|
case $1 in
|
|
wl*|en*)
|
|
ipfs swarm peers | xargs -P4 -n1 timeout 3 ipfs swarm disconnect
|
|
ipfs bootstrap | xargs -P4 -n1 timeout 10 ipfs swarm connect
|
|
esac
|
|
exit 0
|
|
'';
|
|
type = "basic";
|
|
}];
|
|
}
|