cluster/services/ipfs: use cluster secrets

This commit is contained in:
Max Headroom 2024-07-08 19:08:51 +02:00
parent 30c80b6942
commit f17786fccb
4 changed files with 15 additions and 11 deletions

View file

@ -1,8 +1,9 @@
{ config, depot, lib, pkgs, ... }:
{ cluster, config, depot, lib, ... }:
let
inherit (depot.lib.meta) domain;
inherit (depot.lib.nginx) vhosts;
inherit (cluster.config.services.ipfs) secrets;
cfg = config.services.ipfs-cluster;
ipfsCfg = config.services.ipfs;
@ -19,20 +20,12 @@ in {
incantations = i: [ ];
};
age.secrets = {
ipfs-cluster-secret.file = ./cluster-secret.age;
ipfs-cluster-pinsvc-credentials = {
file = ./cluster-pinsvc-credentials.age;
owner = cfg.user;
};
};
services.ipfs-cluster = {
enable = true;
consensus = "crdt";
dataDir = "/srv/storage/ipfs/cluster";
secretFile = config.age.secrets.ipfs-cluster-secret.path;
pinSvcBasicAuthFile = config.age.secrets.ipfs-cluster-pinsvc-credentials.path;
secretFile = secrets.clusterSecret.path;
pinSvcBasicAuthFile = secrets.pinningServiceCredentials.path;
openSwarmPort = true;
settings = {
cluster = {

View file

@ -47,6 +47,17 @@
io-tweaks = ./io-tweaks.nix;
remote-api = ./remote-api.nix;
};
secrets = let
inherit (config.services.ipfs) nodes;
in {
clusterSecret = {
nodes = nodes.clusterPeer;
};
pinningServiceCredentials = {
nodes = nodes.clusterPeer;
owner = "ipfs";
};
};
};
monitoring.blackbox.targets.ipfs-gateway = {