cluster/services/ipfs: switch to ways
This commit is contained in:
parent
ac047b189d
commit
e2397ac946
4 changed files with 40 additions and 63 deletions
|
@ -29,6 +29,10 @@
|
||||||
io-tweaks = [ "VEGAS" ];
|
io-tweaks = [ "VEGAS" ];
|
||||||
remote-api = [ "VEGAS" ];
|
remote-api = [ "VEGAS" ];
|
||||||
};
|
};
|
||||||
|
meshLinks.gateway = {
|
||||||
|
name = "ipfsGateway";
|
||||||
|
link.protocol = "http";
|
||||||
|
};
|
||||||
nixos = {
|
nixos = {
|
||||||
node = [
|
node = [
|
||||||
./node.nix
|
./node.nix
|
||||||
|
@ -51,18 +55,37 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
dns.records = {
|
dns.records = {
|
||||||
p2p.consulService = "ipfs-gateway";
|
|
||||||
pin.consulService = "ipfs-gateway";
|
|
||||||
"ipfs.admin".target = map
|
"ipfs.admin".target = map
|
||||||
(node: depot.hours.${node}.interfaces.primary.addrPublic)
|
(node: depot.hours.${node}.interfaces.primary.addrPublic)
|
||||||
config.services.ipfs.nodes.remote-api;
|
config.services.ipfs.nodes.remote-api;
|
||||||
"^[^_].+\\.ipfs" = {
|
pin.consulService = "ipfs-gateway";
|
||||||
|
};
|
||||||
|
|
||||||
|
ways = {
|
||||||
|
p2p = {
|
||||||
consulService = "ipfs-gateway";
|
consulService = "ipfs-gateway";
|
||||||
rewrite.type = "regex";
|
extras.locations."/routing" = {
|
||||||
|
extraConfig = ''
|
||||||
|
add_header X-Content-Type-Options "";
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
"^[^_].+\\.ipns" = {
|
ipfs = {
|
||||||
consulService = "ipfs-gateway";
|
consulService = "ipfs-gateway";
|
||||||
rewrite.type = "regex";
|
wildcard = true;
|
||||||
|
extras.extraConfig = ''
|
||||||
|
add_header X-Content-Type-Options "";
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
ipns = {
|
||||||
|
consulService = "ipfs-gateway";
|
||||||
|
wildcard = true;
|
||||||
|
extras.extraConfig = ''
|
||||||
|
add_header X-Content-Type-Options "";
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,7 @@
|
||||||
{ config, depot, lib, ... }:
|
{ cluster, config, depot, lib, ... }:
|
||||||
with depot.lib.nginx;
|
|
||||||
let
|
let
|
||||||
inherit (depot.lib.meta) domain;
|
inherit (depot.lib.meta) domain;
|
||||||
gw = config.links.ipfsGateway;
|
gw = cluster.config.hostLinks.${config.networking.hostName}.ipfsGateway;
|
||||||
cfg = config.services.ipfs;
|
cfg = config.services.ipfs;
|
||||||
metrics = config.links.ipfsMetrics;
|
metrics = config.links.ipfsMetrics;
|
||||||
in
|
in
|
||||||
|
@ -34,42 +33,6 @@ in
|
||||||
locations."/".return = "204";
|
locations."/".return = "204";
|
||||||
locations."${metrics.path}".proxyPass = "http://unix:/run/ipfs/ipfs-api.sock:";
|
locations."${metrics.path}".proxyPass = "http://unix:/run/ipfs/ipfs-api.sock:";
|
||||||
};
|
};
|
||||||
"p2p.${domain}" = vhosts.basic // {
|
|
||||||
locations."/".return = "204";
|
|
||||||
locations."/routing" = {
|
|
||||||
proxyPass = gw.url;
|
|
||||||
extraConfig = ''
|
|
||||||
add_header X-Content-Type-Options "";
|
|
||||||
add_header Access-Control-Allow-Origin *;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
security.acme.certs."ipfs.${domain}" = {
|
|
||||||
domain = "*.ipfs.${domain}";
|
|
||||||
extraDomainNames = [ "*.ipns.${domain}" ];
|
|
||||||
dnsProvider = "exec";
|
|
||||||
group = "nginx";
|
|
||||||
};
|
|
||||||
|
|
||||||
security.acme.certs."p2p.${domain}" = {
|
|
||||||
dnsProvider = "exec";
|
|
||||||
webroot = lib.mkForce null;
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."ipfs.${domain}" = vhosts.basic // {
|
|
||||||
serverName = "~^(.+)\.(ip[fn]s)\.${domain}$";
|
|
||||||
enableACME = false;
|
|
||||||
useACMEHost = "ipfs.${domain}";
|
|
||||||
locations = {
|
|
||||||
"/" = {
|
|
||||||
proxyPass = gw.url;
|
|
||||||
extraConfig = ''
|
|
||||||
add_header X-Content-Type-Options "";
|
|
||||||
add_header Access-Control-Allow-Origin *;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
services.ipfs.extraConfig.Gateway.PublicGateways = {
|
services.ipfs.extraConfig.Gateway.PublicGateways = {
|
||||||
|
@ -88,20 +51,11 @@ in
|
||||||
consul.services.ipfs-gateway = {
|
consul.services.ipfs-gateway = {
|
||||||
mode = "external";
|
mode = "external";
|
||||||
unit = "ipfs";
|
unit = "ipfs";
|
||||||
definition = rec {
|
definition = {
|
||||||
name = "ipfs-gateway";
|
name = "ipfs-gateway";
|
||||||
address = depot.reflection.interfaces.primary.addrPublic;
|
address = gw.ipv4;
|
||||||
port = 443;
|
port = gw.port;
|
||||||
checks = [
|
checks = [
|
||||||
rec {
|
|
||||||
name = "Frontend";
|
|
||||||
id = "service:ipfs-gateway:frontend";
|
|
||||||
interval = "60s";
|
|
||||||
http = "https://${address}/";
|
|
||||||
tls_server_name = "bafybeiczsscdsbs7ffqz55asqdf3smv6klcw3gofszvwlyarci47bgf354.ipfs.${domain}"; # empty directory
|
|
||||||
header.Host = lib.singleton tls_server_name;
|
|
||||||
method = "HEAD";
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
name = "IPFS Node";
|
name = "IPFS Node";
|
||||||
id = "service:ipfs-gateway:ipfs";
|
id = "service:ipfs-gateway:ipfs";
|
||||||
|
|
|
@ -4,7 +4,7 @@ let
|
||||||
cfg = config.services.ipfs;
|
cfg = config.services.ipfs;
|
||||||
apiAddress = "/unix/run/ipfs/ipfs-api.sock";
|
apiAddress = "/unix/run/ipfs/ipfs-api.sock";
|
||||||
ipfsApi = pkgs.writeTextDir "api" apiAddress;
|
ipfsApi = pkgs.writeTextDir "api" apiAddress;
|
||||||
gw = config.links.ipfsGateway;
|
gw = cluster.config.hostLinks.${config.networking.hostName}.ipfsGateway;
|
||||||
ipfsPort = 110;
|
ipfsPort = 110;
|
||||||
nameservers = lib.unique config.networking.nameservers;
|
nameservers = lib.unique config.networking.nameservers;
|
||||||
in
|
in
|
||||||
|
@ -13,8 +13,6 @@ in
|
||||||
depot.nixosModules.ipfs
|
depot.nixosModules.ipfs
|
||||||
];
|
];
|
||||||
|
|
||||||
links.ipfsGateway.protocol = "http";
|
|
||||||
|
|
||||||
networking.firewall = {
|
networking.firewall = {
|
||||||
allowedTCPPorts = [ ipfsPort 4001 ];
|
allowedTCPPorts = [ ipfsPort 4001 ];
|
||||||
allowedUDPPorts = [ ipfsPort 4001 ];
|
allowedUDPPorts = [ ipfsPort 4001 ];
|
||||||
|
@ -157,7 +155,9 @@ in
|
||||||
"fc00::/7"
|
"fc00::/7"
|
||||||
"fe80::/10"
|
"fe80::/10"
|
||||||
];
|
];
|
||||||
IPAddressAllow = nameservers;
|
IPAddressAllow = nameservers ++ [
|
||||||
|
cluster.config.vars.meshNet.cidr
|
||||||
|
];
|
||||||
};
|
};
|
||||||
postStart = "chmod 660 /run/ipfs/ipfs-api.sock";
|
postStart = "chmod 660 /run/ipfs/ipfs-api.sock";
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
{ config, depot, ... }:
|
{ cluster, config, depot, ... }:
|
||||||
with depot.lib.nginx;
|
with depot.lib.nginx;
|
||||||
let
|
let
|
||||||
inherit (depot.lib.meta) domain;
|
inherit (depot.lib.meta) domain;
|
||||||
cfg = config.services.ipfs;
|
cfg = config.services.ipfs;
|
||||||
gw = config.links.ipfsGateway;
|
gw = cluster.config.hostLinks.${config.networking.hostName}.ipfsGateway;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
users.users.nginx.extraGroups = [ cfg.group ];
|
users.users.nginx.extraGroups = [ cfg.group ];
|
||||||
|
|
Loading…
Reference in a new issue