cluster/services/ipfs: switch to ways
This commit is contained in:
parent
ac047b189d
commit
e2397ac946
4 changed files with 40 additions and 63 deletions
|
|
@ -29,6 +29,10 @@
|
|||
io-tweaks = [ "VEGAS" ];
|
||||
remote-api = [ "VEGAS" ];
|
||||
};
|
||||
meshLinks.gateway = {
|
||||
name = "ipfsGateway";
|
||||
link.protocol = "http";
|
||||
};
|
||||
nixos = {
|
||||
node = [
|
||||
./node.nix
|
||||
|
|
@ -51,18 +55,37 @@
|
|||
};
|
||||
|
||||
dns.records = {
|
||||
p2p.consulService = "ipfs-gateway";
|
||||
pin.consulService = "ipfs-gateway";
|
||||
"ipfs.admin".target = map
|
||||
(node: depot.hours.${node}.interfaces.primary.addrPublic)
|
||||
config.services.ipfs.nodes.remote-api;
|
||||
"^[^_].+\\.ipfs" = {
|
||||
pin.consulService = "ipfs-gateway";
|
||||
};
|
||||
|
||||
ways = {
|
||||
p2p = {
|
||||
consulService = "ipfs-gateway";
|
||||
rewrite.type = "regex";
|
||||
extras.locations."/routing" = {
|
||||
extraConfig = ''
|
||||
add_header X-Content-Type-Options "";
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
'';
|
||||
};
|
||||
};
|
||||
"^[^_].+\\.ipns" = {
|
||||
ipfs = {
|
||||
consulService = "ipfs-gateway";
|
||||
rewrite.type = "regex";
|
||||
wildcard = true;
|
||||
extras.extraConfig = ''
|
||||
add_header X-Content-Type-Options "";
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
'';
|
||||
};
|
||||
ipns = {
|
||||
consulService = "ipfs-gateway";
|
||||
wildcard = true;
|
||||
extras.extraConfig = ''
|
||||
add_header X-Content-Type-Options "";
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
{ config, depot, lib, ... }:
|
||||
with depot.lib.nginx;
|
||||
{ cluster, config, depot, lib, ... }:
|
||||
let
|
||||
inherit (depot.lib.meta) domain;
|
||||
gw = config.links.ipfsGateway;
|
||||
gw = cluster.config.hostLinks.${config.networking.hostName}.ipfsGateway;
|
||||
cfg = config.services.ipfs;
|
||||
metrics = config.links.ipfsMetrics;
|
||||
in
|
||||
|
|
@ -34,42 +33,6 @@ in
|
|||
locations."/".return = "204";
|
||||
locations."${metrics.path}".proxyPass = "http://unix:/run/ipfs/ipfs-api.sock:";
|
||||
};
|
||||
"p2p.${domain}" = vhosts.basic // {
|
||||
locations."/".return = "204";
|
||||
locations."/routing" = {
|
||||
proxyPass = gw.url;
|
||||
extraConfig = ''
|
||||
add_header X-Content-Type-Options "";
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
security.acme.certs."ipfs.${domain}" = {
|
||||
domain = "*.ipfs.${domain}";
|
||||
extraDomainNames = [ "*.ipns.${domain}" ];
|
||||
dnsProvider = "exec";
|
||||
group = "nginx";
|
||||
};
|
||||
|
||||
security.acme.certs."p2p.${domain}" = {
|
||||
dnsProvider = "exec";
|
||||
webroot = lib.mkForce null;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."ipfs.${domain}" = vhosts.basic // {
|
||||
serverName = "~^(.+)\.(ip[fn]s)\.${domain}$";
|
||||
enableACME = false;
|
||||
useACMEHost = "ipfs.${domain}";
|
||||
locations = {
|
||||
"/" = {
|
||||
proxyPass = gw.url;
|
||||
extraConfig = ''
|
||||
add_header X-Content-Type-Options "";
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.ipfs.extraConfig.Gateway.PublicGateways = {
|
||||
|
|
@ -88,20 +51,11 @@ in
|
|||
consul.services.ipfs-gateway = {
|
||||
mode = "external";
|
||||
unit = "ipfs";
|
||||
definition = rec {
|
||||
definition = {
|
||||
name = "ipfs-gateway";
|
||||
address = depot.reflection.interfaces.primary.addrPublic;
|
||||
port = 443;
|
||||
address = gw.ipv4;
|
||||
port = gw.port;
|
||||
checks = [
|
||||
rec {
|
||||
name = "Frontend";
|
||||
id = "service:ipfs-gateway:frontend";
|
||||
interval = "60s";
|
||||
http = "https://${address}/";
|
||||
tls_server_name = "bafybeiczsscdsbs7ffqz55asqdf3smv6klcw3gofszvwlyarci47bgf354.ipfs.${domain}"; # empty directory
|
||||
header.Host = lib.singleton tls_server_name;
|
||||
method = "HEAD";
|
||||
}
|
||||
{
|
||||
name = "IPFS Node";
|
||||
id = "service:ipfs-gateway:ipfs";
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ let
|
|||
cfg = config.services.ipfs;
|
||||
apiAddress = "/unix/run/ipfs/ipfs-api.sock";
|
||||
ipfsApi = pkgs.writeTextDir "api" apiAddress;
|
||||
gw = config.links.ipfsGateway;
|
||||
gw = cluster.config.hostLinks.${config.networking.hostName}.ipfsGateway;
|
||||
ipfsPort = 110;
|
||||
nameservers = lib.unique config.networking.nameservers;
|
||||
in
|
||||
|
|
@ -13,8 +13,6 @@ in
|
|||
depot.nixosModules.ipfs
|
||||
];
|
||||
|
||||
links.ipfsGateway.protocol = "http";
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [ ipfsPort 4001 ];
|
||||
allowedUDPPorts = [ ipfsPort 4001 ];
|
||||
|
|
@ -157,7 +155,9 @@ in
|
|||
"fc00::/7"
|
||||
"fe80::/10"
|
||||
];
|
||||
IPAddressAllow = nameservers;
|
||||
IPAddressAllow = nameservers ++ [
|
||||
cluster.config.vars.meshNet.cidr
|
||||
];
|
||||
};
|
||||
postStart = "chmod 660 /run/ipfs/ipfs-api.sock";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
{ config, depot, ... }:
|
||||
{ cluster, config, depot, ... }:
|
||||
with depot.lib.nginx;
|
||||
let
|
||||
inherit (depot.lib.meta) domain;
|
||||
cfg = config.services.ipfs;
|
||||
gw = config.links.ipfsGateway;
|
||||
gw = cluster.config.hostLinks.${config.networking.hostName}.ipfsGateway;
|
||||
in
|
||||
{
|
||||
users.users.nginx.extraGroups = [ cfg.group ];
|
||||
|
|
|
|||
Loading…
Reference in a new issue