cluster/services/ipfs: use cluster secrets
This commit is contained in:
parent
30c80b6942
commit
f17786fccb
4 changed files with 15 additions and 11 deletions
|
@ -1,8 +1,9 @@
|
||||||
{ config, depot, lib, pkgs, ... }:
|
{ cluster, config, depot, lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (depot.lib.meta) domain;
|
inherit (depot.lib.meta) domain;
|
||||||
inherit (depot.lib.nginx) vhosts;
|
inherit (depot.lib.nginx) vhosts;
|
||||||
|
inherit (cluster.config.services.ipfs) secrets;
|
||||||
cfg = config.services.ipfs-cluster;
|
cfg = config.services.ipfs-cluster;
|
||||||
ipfsCfg = config.services.ipfs;
|
ipfsCfg = config.services.ipfs;
|
||||||
|
|
||||||
|
@ -19,20 +20,12 @@ in {
|
||||||
incantations = i: [ ];
|
incantations = i: [ ];
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets = {
|
|
||||||
ipfs-cluster-secret.file = ./cluster-secret.age;
|
|
||||||
ipfs-cluster-pinsvc-credentials = {
|
|
||||||
file = ./cluster-pinsvc-credentials.age;
|
|
||||||
owner = cfg.user;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.ipfs-cluster = {
|
services.ipfs-cluster = {
|
||||||
enable = true;
|
enable = true;
|
||||||
consensus = "crdt";
|
consensus = "crdt";
|
||||||
dataDir = "/srv/storage/ipfs/cluster";
|
dataDir = "/srv/storage/ipfs/cluster";
|
||||||
secretFile = config.age.secrets.ipfs-cluster-secret.path;
|
secretFile = secrets.clusterSecret.path;
|
||||||
pinSvcBasicAuthFile = config.age.secrets.ipfs-cluster-pinsvc-credentials.path;
|
pinSvcBasicAuthFile = secrets.pinningServiceCredentials.path;
|
||||||
openSwarmPort = true;
|
openSwarmPort = true;
|
||||||
settings = {
|
settings = {
|
||||||
cluster = {
|
cluster = {
|
||||||
|
|
|
@ -47,6 +47,17 @@
|
||||||
io-tweaks = ./io-tweaks.nix;
|
io-tweaks = ./io-tweaks.nix;
|
||||||
remote-api = ./remote-api.nix;
|
remote-api = ./remote-api.nix;
|
||||||
};
|
};
|
||||||
|
secrets = let
|
||||||
|
inherit (config.services.ipfs) nodes;
|
||||||
|
in {
|
||||||
|
clusterSecret = {
|
||||||
|
nodes = nodes.clusterPeer;
|
||||||
|
};
|
||||||
|
pinningServiceCredentials = {
|
||||||
|
nodes = nodes.clusterPeer;
|
||||||
|
owner = "ipfs";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
monitoring.blackbox.targets.ipfs-gateway = {
|
monitoring.blackbox.targets.ipfs-gateway = {
|
||||||
|
|
Loading…
Reference in a new issue