2022-06-18 16:26:31 +03:00
|
|
|
{ config, inputs, lib, pkgs, tools, ... }:
|
2022-02-03 21:36:14 +02:00
|
|
|
let
|
|
|
|
inherit (tools.meta) domain;
|
|
|
|
cfg = config.services.ipfs;
|
|
|
|
apiAddress = "/unix/run/ipfs/ipfs-api.sock";
|
|
|
|
ipfsApi = pkgs.writeTextDir "api" apiAddress;
|
2022-06-18 03:44:51 +03:00
|
|
|
gw = config.links.ipfsGateway;
|
2022-09-24 14:32:46 +03:00
|
|
|
ipfsPort = 110;
|
2022-02-03 21:36:14 +02:00
|
|
|
in
|
|
|
|
{
|
|
|
|
age.secrets.ipfs-swarm-key = {
|
|
|
|
file = ../../secrets/ipfs-swarm-key.age;
|
|
|
|
mode = "0400";
|
|
|
|
owner = cfg.user;
|
|
|
|
inherit (cfg) group;
|
|
|
|
};
|
|
|
|
|
2022-06-18 03:44:51 +03:00
|
|
|
links.ipfsGateway.protocol = "http";
|
2022-02-03 21:36:14 +02:00
|
|
|
|
|
|
|
networking.firewall = {
|
2022-09-24 14:50:05 +03:00
|
|
|
allowedTCPPorts = [ ipfsPort 4001 ];
|
|
|
|
allowedUDPPorts = [ ipfsPort 4001 ];
|
2022-02-03 21:36:14 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
services.ipfs = {
|
|
|
|
enable = true;
|
2022-06-18 16:26:31 +03:00
|
|
|
package = inputs.self.packages.${pkgs.system}.ipfs;
|
2022-02-03 21:36:14 +02:00
|
|
|
startWhenNeeded = false;
|
|
|
|
autoMount = true;
|
2022-05-31 11:33:20 +03:00
|
|
|
autoMigrate = false;
|
2022-02-03 21:36:14 +02:00
|
|
|
|
2022-09-24 14:50:05 +03:00
|
|
|
swarmAddress = [
|
|
|
|
"/ip4/0.0.0.0/tcp/${toString ipfsPort}"
|
|
|
|
"/ip4/0.0.0.0/tcp/4001"
|
|
|
|
];
|
2022-02-03 21:36:14 +02:00
|
|
|
inherit apiAddress;
|
2022-06-18 03:44:51 +03:00
|
|
|
gatewayAddress = "/ip4/${gw.ipv4}/tcp/${gw.portStr}";
|
2022-02-03 21:36:14 +02:00
|
|
|
dataDir = "/srv/storage/ipfs/repo";
|
|
|
|
localDiscovery = false;
|
|
|
|
|
2022-05-31 11:50:57 +03:00
|
|
|
extraFlags = [ "--migrate" ];
|
2022-02-03 21:36:14 +02:00
|
|
|
extraConfig = {
|
|
|
|
Bootstrap = [
|
|
|
|
"/ip4/168.235.67.108/tcp/4001/p2p/QmRMA5pWXtfuW1y5w2t9gYxrDDD6bPRLKdWAYnHTeCxZMm"
|
|
|
|
"/ip4/51.38.87.150/tcp/4001/p2p/12D3KooWDUgNsoLVauCDpRAo54mc4whoBudgeXQnZZK2iVYhBLCN"
|
|
|
|
"/ip4/77.54.95.19/tcp/12104/p2p/12D3KooWC1RZxLvAeEFNTZWk1FWc1sZZ3yemF4FNNRYa3X854KJ8"
|
2022-09-24 14:32:46 +03:00
|
|
|
"/ip4/95.216.8.12/tcp/${toString ipfsPort}/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo"
|
2022-02-03 21:36:14 +02:00
|
|
|
];
|
2022-09-23 22:54:03 +03:00
|
|
|
AutoNAT.ServiceMode = "enabled";
|
2022-02-03 21:36:14 +02:00
|
|
|
API.HTTPHeaders = {
|
|
|
|
Access-Control-Allow-Origin = [
|
|
|
|
"https://ipfs.admin.${domain}"
|
|
|
|
"http://127.0.0.1:5001"
|
|
|
|
];
|
|
|
|
Access-Control-Allow-Methods = [ "PUT" "POST" ];
|
|
|
|
};
|
|
|
|
Gateway = {
|
|
|
|
Writable = false;
|
|
|
|
APICommands = [];
|
|
|
|
HTTPHeaders = {
|
|
|
|
Access-Control-Allow-Headers = [
|
|
|
|
"X-Requested-With"
|
|
|
|
"Range"
|
|
|
|
"User-Agent"
|
|
|
|
];
|
|
|
|
Access-Control-Allow-Methods = [
|
|
|
|
"GET"
|
|
|
|
];
|
|
|
|
Access-Control-Allow-Origin = [
|
|
|
|
"*"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.sockets = {
|
|
|
|
ipfs-api.enable = false;
|
|
|
|
ipfs-gateway.enable = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
"d '/run/ipfs' 0750 ${cfg.user} ${cfg.group} - -"
|
|
|
|
"L+ '${cfg.dataDir}/swarm.key' - - - - ${config.age.secrets.ipfs-swarm-key.path}"
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
|
|
systemd.services.ipfs = {
|
|
|
|
environment.LIBP2P_FORCE_PNET = "1";
|
2022-09-24 14:59:05 +03:00
|
|
|
serviceConfig = {
|
|
|
|
Slice = "remotefshost.slice";
|
|
|
|
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
|
|
|
|
};
|
2022-02-03 21:36:14 +02:00
|
|
|
postStart = "chmod 660 /run/ipfs/ipfs-api.sock";
|
|
|
|
};
|
|
|
|
|
|
|
|
environment.variables.IPFS_PATH = lib.mkForce "${ipfsApi}";
|
|
|
|
|
|
|
|
environment.shellAliases = {
|
|
|
|
ipfs-admin = "sudo -u ${cfg.user} env IPFS_PATH=${cfg.dataDir} ipfs";
|
|
|
|
};
|
|
|
|
}
|