depot/modules/ipfs/default.nix

103 lines
2.7 KiB
Nix
Raw Normal View History

2022-06-18 16:26:31 +03:00
{ config, inputs, lib, pkgs, tools, ... }:
2022-02-03 21:36:14 +02:00
let
inherit (tools.meta) domain;
cfg = config.services.ipfs;
apiAddress = "/unix/run/ipfs/ipfs-api.sock";
ipfsApi = pkgs.writeTextDir "api" apiAddress;
2022-06-18 03:44:51 +03:00
gw = config.links.ipfsGateway;
ipfsPort = 110;
2022-02-03 21:36:14 +02:00
in
{
age.secrets.ipfs-swarm-key = {
file = ../../secrets/ipfs-swarm-key.age;
mode = "0400";
owner = cfg.user;
inherit (cfg) group;
};
2022-06-18 03:44:51 +03:00
links.ipfsGateway.protocol = "http";
2022-02-03 21:36:14 +02:00
networking.firewall = {
2022-09-24 14:50:05 +03:00
allowedTCPPorts = [ ipfsPort 4001 ];
allowedUDPPorts = [ ipfsPort 4001 ];
2022-02-03 21:36:14 +02:00
};
services.ipfs = {
enable = true;
2022-06-18 16:26:31 +03:00
package = inputs.self.packages.${pkgs.system}.ipfs;
2022-02-03 21:36:14 +02:00
startWhenNeeded = false;
autoMount = true;
2022-05-31 11:33:20 +03:00
autoMigrate = false;
2022-02-03 21:36:14 +02:00
2022-09-24 14:50:05 +03:00
swarmAddress = [
"/ip4/0.0.0.0/tcp/${toString ipfsPort}"
"/ip4/0.0.0.0/tcp/4001"
];
2022-02-03 21:36:14 +02:00
inherit apiAddress;
2022-06-18 03:44:51 +03:00
gatewayAddress = "/ip4/${gw.ipv4}/tcp/${gw.portStr}";
2022-02-03 21:36:14 +02:00
dataDir = "/srv/storage/ipfs/repo";
localDiscovery = false;
2022-05-31 11:50:57 +03:00
extraFlags = [ "--migrate" ];
2022-02-03 21:36:14 +02:00
extraConfig = {
Bootstrap = [
"/ip4/168.235.67.108/tcp/4001/p2p/QmRMA5pWXtfuW1y5w2t9gYxrDDD6bPRLKdWAYnHTeCxZMm"
"/ip4/51.38.87.150/tcp/4001/p2p/12D3KooWDUgNsoLVauCDpRAo54mc4whoBudgeXQnZZK2iVYhBLCN"
"/ip4/77.54.95.19/tcp/12104/p2p/12D3KooWC1RZxLvAeEFNTZWk1FWc1sZZ3yemF4FNNRYa3X854KJ8"
"/ip4/95.216.8.12/tcp/${toString ipfsPort}/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo"
2022-02-03 21:36:14 +02:00
];
2022-09-23 22:54:03 +03:00
AutoNAT.ServiceMode = "enabled";
2022-02-03 21:36:14 +02:00
API.HTTPHeaders = {
Access-Control-Allow-Origin = [
"https://ipfs.admin.${domain}"
"http://127.0.0.1:5001"
];
Access-Control-Allow-Methods = [ "PUT" "POST" ];
};
Gateway = {
Writable = false;
APICommands = [];
HTTPHeaders = {
Access-Control-Allow-Headers = [
"X-Requested-With"
"Range"
"User-Agent"
];
Access-Control-Allow-Methods = [
"GET"
];
Access-Control-Allow-Origin = [
"*"
];
};
};
};
};
systemd.sockets = {
ipfs-api.enable = false;
ipfs-gateway.enable = false;
};
systemd.tmpfiles.rules = [
"d '/run/ipfs' 0750 ${cfg.user} ${cfg.group} - -"
"L+ '${cfg.dataDir}/swarm.key' - - - - ${config.age.secrets.ipfs-swarm-key.path}"
];
systemd.services.ipfs = {
environment.LIBP2P_FORCE_PNET = "1";
serviceConfig = {
Slice = "remotefshost.slice";
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
};
2022-02-03 21:36:14 +02:00
postStart = "chmod 660 /run/ipfs/ipfs-api.sock";
};
environment.variables.IPFS_PATH = lib.mkForce "${ipfsApi}";
environment.shellAliases = {
ipfs-admin = "sudo -u ${cfg.user} env IPFS_PATH=${cfg.dataDir} ipfs";
};
}