SIPS: Simple IPFS pinning service #52
8 changed files with 145 additions and 0 deletions
|
@ -71,6 +71,22 @@ in
|
||||||
postStart = "chmod 660 /run/ipfs/ipfs-api.sock";
|
postStart = "chmod 660 /run/ipfs/ipfs-api.sock";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.slices.remotefshost.sliceConfig = {
|
||||||
|
IOWeight = 5;
|
||||||
|
IOReadIOPSMax = [
|
||||||
|
"/dev/sda 100"
|
||||||
|
"/dev/sdb 100"
|
||||||
|
];
|
||||||
|
IOWriteIOPSMax = [
|
||||||
|
"/dev/sda 100"
|
||||||
|
"/dev/sdb 100"
|
||||||
|
];
|
||||||
|
IODviceLatencyTargetSec = [
|
||||||
|
"/dev/sda 500ms"
|
||||||
|
"/dev/sdb 500ms"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
environment.variables.IPFS_PATH = lib.mkForce "${ipfsApi}";
|
environment.variables.IPFS_PATH = lib.mkForce "${ipfsApi}";
|
||||||
|
|
||||||
environment.shellAliases = {
|
environment.shellAliases = {
|
||||||
|
|
76
hosts/VEGAS/services/sips/default.nix
Normal file
76
hosts/VEGAS/services/sips/default.nix
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
{ config, inputs, pkgs, tools, ... }:
|
||||||
|
let
|
||||||
|
host = tools.identity.autoDomain "sips";
|
||||||
|
|
||||||
|
inherit (inputs.self.packages.${pkgs.system}) sips;
|
||||||
|
|
||||||
|
connStringNet = "host=127.0.0.1 sslmode=disable dbname=sips user=sips";
|
||||||
|
connString = "host=/var/run/postgresql dbname=sips user=sips";
|
||||||
|
|
||||||
|
sipsctl = pkgs.runCommandNoCC "sipsctl-with-env" {
|
||||||
|
nativeBuildInputs = [ pkgs.makeWrapper ];
|
||||||
|
} ''
|
||||||
|
makeWrapper ${sips}/bin/sipsctl $out/bin/sipsctl \
|
||||||
|
--set PGPASSFILE ${config.age.secrets.sips-db-credentials.path} \
|
||||||
|
--add-flags '--dbdriver postgres --db "${connStringNet}"'
|
||||||
|
|
||||||
|
ln -s ${sips}/share $out/share
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
age.secrets.sips-db-credentials = {
|
||||||
|
file = ../../../../secrets/sips-db-credentials.age;
|
||||||
|
mode = "0400";
|
||||||
|
};
|
||||||
|
|
||||||
|
reservePortsFor = [ "sips" "sipsInternal" "sipsIpfsApiProxy" ];
|
||||||
|
|
||||||
|
systemd.services.sips = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
requires = [ "sips-ipfs-api-proxy.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${sips}/bin/sips --dbdriver postgres --db \"${connString}\" --addr 127.0.0.1:${config.portsStr.sipsInternal} --api http://127.0.0.1:${config.portsStr.sipsIpfsApiProxy} --apitimeout 604800s";
|
||||||
|
PrivateNetwork = true;
|
||||||
|
DynamicUser = true;
|
||||||
|
};
|
||||||
|
environment.PGPASSFILE = config.age.secrets.sips-db-credentials.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.sips-ipfs-api-proxy = {
|
||||||
|
after = [ "network.target" "sips.service" ];
|
||||||
|
bindsTo = [ "sips.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.socat}/bin/socat tcp4-listen:${config.portsStr.sipsIpfsApiProxy},fork,reuseaddr,bind=127.0.0.1 unix-connect:/run/ipfs/ipfs-api.sock";
|
||||||
|
PrivateNetwork = true;
|
||||||
|
DynamicUser = true;
|
||||||
|
SupplementaryGroups = "ipfs";
|
||||||
|
};
|
||||||
|
unitConfig.JoinsNamespaceOf = "sips.service";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services.sips-proxy = {
|
||||||
|
after = [ "network.target" "sips.service" ];
|
||||||
|
bindsTo = [ "sips.service" ];
|
||||||
|
requires = [ "sips-proxy.socket" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${config.systemd.package}/lib/systemd/systemd-socket-proxyd 127.0.0.1:${config.portsStr.sipsInternal}";
|
||||||
|
PrivateNetwork = true;
|
||||||
|
DynamicUser = true;
|
||||||
|
SupplementaryGroups = "ipfs";
|
||||||
|
};
|
||||||
|
unitConfig.JoinsNamespaceOf = "sips.service";
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.sockets.sips-proxy = {
|
||||||
|
wantedBy = [ "sockets.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
socketConfig = {
|
||||||
|
ListenStream = "127.0.0.1:${config.portsStr.sips}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = [ sipsctl ];
|
||||||
|
|
||||||
|
services.nginx.virtualHosts.${host} = tools.nginx.vhosts.proxy "http://127.0.0.1:${config.portsStr.sips}";
|
||||||
|
}
|
|
@ -36,6 +36,7 @@
|
||||||
./services/nix/nar-serve.nix
|
./services/nix/nar-serve.nix
|
||||||
./services/object-storage
|
./services/object-storage
|
||||||
./services/openvpn
|
./services/openvpn
|
||||||
|
./services/sips
|
||||||
./services/sso
|
./services/sso
|
||||||
./services/vault
|
./services/vault
|
||||||
./services/warehouse
|
./services/warehouse
|
||||||
|
|
|
@ -27,4 +27,6 @@ in
|
||||||
minio-console = pkgs.callPackage ./servers/minio-console { };
|
minio-console = pkgs.callPackage ./servers/minio-console { };
|
||||||
|
|
||||||
privatevoid-smart-card-ca-bundle = pkgs.callPackage ./data/privatevoid-smart-card-certificate-authority-bundle.nix { };
|
privatevoid-smart-card-ca-bundle = pkgs.callPackage ./data/privatevoid-smart-card-certificate-authority-bundle.nix { };
|
||||||
|
|
||||||
|
sips = pkgs.callPackage ./servers/sips { };
|
||||||
}
|
}
|
||||||
|
|
34
packages/servers/sips/default.nix
Normal file
34
packages/servers/sips/default.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{ lib
|
||||||
|
, buildGoModule
|
||||||
|
, fetchFromGitHub
|
||||||
|
}:
|
||||||
|
|
||||||
|
buildGoModule rec {
|
||||||
|
pname = "sips";
|
||||||
|
version = "0.3.0";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "DeedleFake";
|
||||||
|
repo = pname;
|
||||||
|
rev = "v${version}";
|
||||||
|
sha256 = "0v5g4zz7j6150yk7k3svh3ffgr0ghzp5yl01bpq99i0lkpliidpx";
|
||||||
|
};
|
||||||
|
|
||||||
|
vendorSha256 = "sha256-JZ8wtfu+jLikTKjYt+1Zt05jNVahEyRU/ciK2n+AACc=";
|
||||||
|
|
||||||
|
subPackages = [ "cmd/sips" "cmd/sipsctl" ];
|
||||||
|
|
||||||
|
# HACK: this can't cross-compile
|
||||||
|
postInstall = ''
|
||||||
|
mkdir -p $out/share/bash-completion/completions $out/share/zsh/site-functions
|
||||||
|
$out/bin/sipsctl completion bash > $out/share/bash-completion/completions/sipsctl
|
||||||
|
$out/bin/sipsctl completion zsh > $out/share/zsh/site-functions/_sipsctl
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "A Simple IPFS Pinning Service";
|
||||||
|
homepage = "https://github.com/DeedleFake/sips";
|
||||||
|
license = licenses.mit;
|
||||||
|
maintainers = with maintainers; [ ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -21,6 +21,7 @@ in with hosts;
|
||||||
"nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"oauth2_proxy-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"postfix-ldap-mailboxes.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
|
"sips-db-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"synapse-db.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"synapse-keys.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
"synapse-ldap.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
"synapse-ldap.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||||
|
|
13
secrets/sips-db-credentials.age
Normal file
13
secrets/sips-db-credentials.age
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 NO562A E/9/zbcPJ/7RcvpQDdiH3964S2458+gfe4y58gljdRM
|
||||||
|
EkmMt7j+MRT4+StvnCbmyyFudWsGHN72Vq+sW3BMG3k
|
||||||
|
-> ssh-ed25519 5/zT0w 2hwtQ2r3Yt92hnBdHS6dlxxWEMhc/a+Xs6GFjOer9xQ
|
||||||
|
IADvMgdOEj9lVpEyPYQf4VHzbAqa5jf1xHCxu3tX0Os
|
||||||
|
-> ssh-ed25519 d3WGuA SH5ARarHt6Z6ieKm42ECfJps0ZQZpEnbIcJzWZhGr1Q
|
||||||
|
fjQQJJUkQf8fv7CihShd51ChXse9GBmoY/q186M7FBE
|
||||||
|
-> /a.-grease
|
||||||
|
w3y137fgLnhJLYkLo2uSwwIIevdM+G7A9ewrChPDFEmoahoOYPoNfPb6Lo4XBMEv
|
||||||
|
OSVsc+9B5cO95zQ2hOncu7LlsDUcdCHa8rLJFVaGLwfqXi79EnCsdrucUK+nnNCe
|
||||||
|
|
||||||
|
--- mpr2ZFj40sPB65FCmlwUSWhRNU0TWSkNvyCh4HQN/e4
|
||||||
|
ÿH1 ¹8—‹y@¯Ù;Ùa´«]'•Š<E280A2>ê¡gRÕy/7µ&¯¯ó >Ld'þ°¯˜tYN|eÜ žÆÔ_©oìÁÖ5¼à°Þ㼘+ä`[fí3ÆöéOPgÔwZÔfÞTÕÊT¨¼£}àyhs3Íì
|
|
@ -7,6 +7,8 @@ let
|
||||||
|
|
||||||
inherit domain;
|
inherit domain;
|
||||||
|
|
||||||
|
autoDomain = name: "${builtins.hashString "md5" name}.dev.${domain}";
|
||||||
|
|
||||||
ldap = {
|
ldap = {
|
||||||
server = with self.ldap.server; {
|
server = with self.ldap.server; {
|
||||||
# TODO: unhardcode everything here
|
# TODO: unhardcode everything here
|
||||||
|
|
Loading…
Reference in a new issue