depot/cluster/services/ipfs/node.nix

171 lines
4.8 KiB
Nix
Raw Permalink Normal View History

2023-08-31 01:55:45 +03:00
{ cluster, config, depot, lib, pkgs, ... }:
2022-02-03 21:36:14 +02:00
let
2023-08-31 01:55:45 +03:00
inherit (depot.lib.meta) domain;
2022-02-03 21:36:14 +02:00
cfg = config.services.ipfs;
apiAddress = "/unix/run/ipfs/ipfs-api.sock";
ipfsApi = pkgs.writeTextDir "api" apiAddress;
2024-07-04 19:30:38 +03:00
gw = cluster.config.hostLinks.${config.networking.hostName}.ipfsGateway;
ipfsPort = 110;
nameservers = lib.unique config.networking.nameservers;
2022-02-03 21:36:14 +02:00
in
{
imports = [
depot.nixosModules.ipfs
];
2022-02-03 21:36:14 +02:00
networking.firewall = {
2022-09-24 14:50:05 +03:00
allowedTCPPorts = [ ipfsPort 4001 ];
allowedUDPPorts = [ ipfsPort 4001 ];
2022-02-03 21:36:14 +02:00
};
services.ipfs = {
enable = true;
2023-03-07 02:26:07 +02:00
package = depot.packages.ipfs;
2022-02-03 21:36:14 +02:00
startWhenNeeded = false;
autoMount = true;
2022-05-31 11:33:20 +03:00
autoMigrate = false;
2022-02-03 21:36:14 +02:00
2022-09-24 14:50:05 +03:00
swarmAddress = [
"/ip4/0.0.0.0/tcp/${toString ipfsPort}"
"/ip4/0.0.0.0/tcp/4001"
"/ip4/0.0.0.0/udp/${toString ipfsPort}/quic-v1"
"/ip4/0.0.0.0/udp/4001/quic-v1"
2022-09-24 14:50:05 +03:00
];
2022-02-03 21:36:14 +02:00
inherit apiAddress;
2022-06-18 03:44:51 +03:00
gatewayAddress = "/ip4/${gw.ipv4}/tcp/${gw.portStr}";
2022-02-03 21:36:14 +02:00
dataDir = "/srv/storage/ipfs/repo";
localDiscovery = false;
2022-05-31 11:50:57 +03:00
extraFlags = [ "--migrate" ];
2022-02-03 21:36:14 +02:00
extraConfig = {
Bootstrap = [
2023-08-31 01:55:45 +03:00
"/ip4/${depot.hours.VEGAS.interfaces.primary.addr}/tcp/${toString ipfsPort}/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN"
"/dnsaddr/bootstrap.libp2p.io/p2p/12D3KooWEZXjE41uU4EL2gpkAQeDXYok6wghN7wwNVPF5bwkaNfS"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmcZf59bWwK5XFi76CZX8cbJ4BhTzzA3gU1ZjYZcYW3dwt"
"/dnsaddr/bootstrap.libp2p.io/p2p/QmZa1sAxajnQjVM8WjWXoMbmPd7NsWhfKsPkErzpm9wGkp"
2022-02-03 21:36:14 +02:00
];
2022-09-23 22:54:03 +03:00
AutoNAT.ServiceMode = "enabled";
2022-02-03 21:36:14 +02:00
API.HTTPHeaders = {
Access-Control-Allow-Origin = [
"https://ipfs.admin.${domain}"
"http://127.0.0.1:5001"
];
Access-Control-Allow-Methods = [ "PUT" "POST" ];
};
Peering.Peers = map
(name: let inherit (cluster.config.hostLinks.${name}.ipfs) extra; in {
ID = extra.peerId;
Addrs = extra.multiaddrs;
})
2023-08-31 01:55:45 +03:00
(cluster.config.services.ipfs.otherNodes.node config.networking.hostName);
2022-02-03 21:36:14 +02:00
Gateway = {
Writable = false;
ExposeRoutingAPI = true;
2022-02-03 21:36:14 +02:00
APICommands = [];
HTTPHeaders = {
Access-Control-Allow-Headers = [
"X-Requested-With"
"Range"
"User-Agent"
];
Access-Control-Allow-Methods = [
"GET"
];
Access-Control-Allow-Origin = [
"*"
];
};
};
2022-11-16 00:39:46 +02:00
Routing = {
Type = "custom";
Routers = {
WanDHT = {
Type = "dht";
Parameters = {
Mode = "auto";
2022-11-16 00:39:46 +02:00
PublicIPNetwork = true;
AcceleratedDHTClient = true;
};
};
CidContact = {
Type = "http";
Parameters.Endpoint = "https://cid.contact";
2022-11-16 00:39:46 +02:00
};
Parallel = {
Type = "parallel";
Parameters.Routers = [
{
RouterName = "WanDHT";
IgnoreErrors = false;
Timeout = "5m";
}
{
RouterName = "CidContact";
IgnoreErrors = true;
Timeout = "3s";
ExecuteAfter = "1s";
}
];
};
};
Methods = {
find-peers.RouterName = "Parallel";
find-providers.RouterName = "Parallel";
get-ipns.RouterName = "Parallel";
put-ipns.RouterName = "Parallel";
provide.RouterName = "WanDHT";
};
};
2022-02-03 21:36:14 +02:00
};
};
systemd.sockets = {
ipfs-api.enable = false;
ipfs-gateway.enable = false;
};
systemd.tmpfiles.rules = [
"d '/run/ipfs' 0750 ${cfg.user} ${cfg.group} - -"
];
systemd.services.ipfs = {
strictMounts = [ cfg.dataDir ];
serviceConfig = {
Slice = "remotefshost.slice";
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
IPAddressDeny = [
"10.0.0.0/8"
"100.64.0.0/10"
"169.254.0.0/16"
"172.16.0.0/12"
"192.0.0.0/24"
"192.0.2.0/24"
"192.168.0.0/16"
"198.18.0.0/15"
"198.51.100.0/24"
"203.0.113.0/24"
"240.0.0.0/4"
"100::/64"
"2001:2::/48"
"2001:db8::/32"
"fc00::/7"
"fe80::/10"
];
2024-07-04 19:30:38 +03:00
IPAddressAllow = nameservers ++ [
cluster.config.vars.meshNet.cidr
];
};
2022-02-03 21:36:14 +02:00
postStart = "chmod 660 /run/ipfs/ipfs-api.sock";
};
environment.variables.IPFS_PATH = lib.mkForce "${ipfsApi}";
environment.shellAliases = {
ipfs-admin = "sudo -u ${cfg.user} env IPFS_PATH=${cfg.dataDir} ipfs";
};
}