diff options
| author | azahi <azat@bahawi.net> | 2025-02-17 02:21:56 +0300 |
|---|---|---|
| committer | azahi <azat@bahawi.net> | 2025-02-17 02:21:56 +0300 |
| commit | 59180328cda59817d71cd58c8f48ead047375064 (patch) | |
| tree | 2cdd7d1bfa309839ef624c19daf283f510aacf69 /modules/ipfs.nix | |
| parent | 2025-02-05 (diff) | |
2025-02-17
Diffstat (limited to '')
| -rw-r--r-- | modules/ipfs.nix | 271 |
1 files changed, 136 insertions, 135 deletions
diff --git a/modules/ipfs.nix b/modules/ipfs.nix index 80a43b6..c789c18 100644 --- a/modules/ipfs.nix +++ b/modules/ipfs.nix @@ -6,7 +6,6 @@ this, ... }: -with lib; let cfg = config.nixfiles.modules.ipfs; @@ -16,174 +15,176 @@ let in { options.nixfiles.modules.ipfs = { - enable = mkEnableOption "IPFS daemon"; + enable = lib.mkEnableOption "IPFS daemon"; - domain = mkOption { + domain = lib.mkOption { description = "Domain name sans protocol scheme."; - type = with types; str; + type = lib.types.str; default = "ipfs.${config.networking.fqdn}"; }; - gatewayBind = mkOption { + gatewayBind = lib.mkOption { description = "Gateway bind."; - type = with types; str; + type = lib.types.str; default = "127.0.0.1"; }; - gatewayPort = mkOption { + gatewayPort = lib.mkOption { description = "Gateway port."; - type = with types; port; + type = lib.types.port; default = if this.isHeadless then gatewayDefaultPort + 990 else gatewayDefaultPort; }; - apiBind = mkOption { + apiBind = lib.mkOption { description = "API bind."; - type = with types; str; + type = lib.types.str; default = "127.0.0.1"; }; - apiPort = mkOption { + apiPort = lib.mkOption { description = "API port."; - type = with types; port; + type = lib.types.port; default = if this.isHeadless then apiDefaultPort + 990 else apiDefaultPort; }; - swarmPort = mkOption { + swarmPort = lib.mkOption { description = "Swarm port."; - type = with types; port; + type = lib.types.port; default = swarmDefaultPort; }; }; - config = mkIf cfg.enable (mkMerge [ - { - services.kubo = { - enable = true; - - user = my.username; - inherit (config.my) group; - - dataDir = "${config.dirs.data}/ipfs"; - - autoMigrate = true; - autoMount = true; - emptyRepo = true; - enableGC = true; - - # https://github.com/ipfs/kubo/blob/master/docs/config.md - settings = mkMerge [ - ( - let - filterAddresses = - [ - "/ip4/100.64.0.0/ipcidr/10" - "/ip4/169.254.0.0/ipcidr/16" - "/ip4/172.16.0.0/ipcidr/12" - "/ip4/192.0.0.0/ipcidr/24" - "/ip4/192.0.2.0/ipcidr/24" - "/ip4/192.168.0.0/ipcidr/16" - "/ip4/198.18.0.0/ipcidr/15" - "/ip4/198.51.100.0/ipcidr/24" - "/ip4/203.0.113.0/ipcidr/24" - "/ip4/240.0.0.0/ipcidr/4" - "/ip6/100::/ipcidr/64" - "/ip6/2001:2::/ipcidr/48" - "/ip6/2001:db8::/ipcidr/32" - "/ip6/fe80::/ipcidr/10" - ] - ++ optionals (!hasAttr "wireguard" this) [ - "/ip4/10.0.0.0/ipcidr/8" - "/ip6/fc00::/ipcidr/7" - ]; - in - { - Addresses = { - API = "/ip4/${cfg.apiBind}/tcp/${toString cfg.apiPort}"; - Gateway = "/ip4/${cfg.gatewayBind}/tcp/${toString cfg.gatewayPort}"; - Swarm = - let - port = toString cfg.swarmPort; - in + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + services.kubo = { + enable = true; + + user = lib.my.username; + inherit (config.my) group; + + dataDir = "${config.dirs.data}/ipfs"; + + autoMigrate = true; + autoMount = true; + emptyRepo = true; + enableGC = true; + + # https://github.com/ipfs/kubo/blob/master/docs/config.md + settings = lib.mkMerge [ + ( + let + filterAddresses = [ - "/ip4/0.0.0.0/tcp/${port}" - "/ip6/::/tcp/${port}" - "/ip4/0.0.0.0/udp/${port}/quic" - "/ip4/0.0.0.0/udp/${port}/quic-v1" - "/ip4/0.0.0.0/udp/${port}/quic-v1/webtransport" - "/ip6/::/udp/${port}/quic" - "/ip6/::/udp/${port}/quic-v1" - "/ip6/::/udp/${port}/quic-v1/webtransport" + "/ip4/100.64.0.0/ipcidr/10" + "/ip4/169.254.0.0/ipcidr/16" + "/ip4/172.16.0.0/ipcidr/12" + "/ip4/192.0.0.0/ipcidr/24" + "/ip4/192.0.2.0/ipcidr/24" + "/ip4/192.168.0.0/ipcidr/16" + "/ip4/198.18.0.0/ipcidr/15" + "/ip4/198.51.100.0/ipcidr/24" + "/ip4/203.0.113.0/ipcidr/24" + "/ip4/240.0.0.0/ipcidr/4" + "/ip6/100::/ipcidr/64" + "/ip6/2001:2::/ipcidr/48" + "/ip6/2001:db8::/ipcidr/32" + "/ip6/fe80::/ipcidr/10" + ] + ++ lib.optionals (!lib.hasAttr "wireguard" this) [ + "/ip4/10.0.0.0/ipcidr/8" + "/ip6/fc00::/ipcidr/7" ]; + in + { + Addresses = { + API = "/ip4/${cfg.apiBind}/tcp/${toString cfg.apiPort}"; + Gateway = "/ip4/${cfg.gatewayBind}/tcp/${toString cfg.gatewayPort}"; + Swarm = + let + port = toString cfg.swarmPort; + in + [ + "/ip4/0.0.0.0/tcp/${port}" + "/ip6/::/tcp/${port}" + "/ip4/0.0.0.0/udp/${port}/quic" + "/ip4/0.0.0.0/udp/${port}/quic-v1" + "/ip4/0.0.0.0/udp/${port}/quic-v1/webtransport" + "/ip6/::/udp/${port}/quic" + "/ip6/::/udp/${port}/quic-v1" + "/ip6/::/udp/${port}/quic-v1/webtransport" + ]; + + NoAnnounce = filterAddresses; + }; + + Swarm.AddrFilters = filterAddresses; + + API.HTTPHeaders = { + Access-Control-Allow-Origin = [ + "http://127.0.0.1:5001" + "http://webui.ipfs.io.ipns.localhost:6001" + ]; + Access-Control-Allow-Methods = [ + "PUT" + "POST" + ]; + }; - NoAnnounce = filterAddresses; - }; + Experimental.FilestoreEnabled = true; + } + ) + ]; - Swarm.AddrFilters = filterAddresses; - - API.HTTPHeaders = { - Access-Control-Allow-Origin = [ - "http://127.0.0.1:5001" - "http://webui.ipfs.io.ipns.localhost:6001" - ]; - Access-Control-Allow-Methods = [ - "PUT" - "POST" - ]; - }; + localDiscovery = true; - Experimental.FilestoreEnabled = true; - } - ) - ]; - - localDiscovery = true; - - startWhenNeeded = true; - }; - - networking.firewall = rec { - allowedTCPPorts = [ swarmDefaultPort ]; - allowedUDPPorts = allowedTCPPorts; - }; - - boot.kernel.sysctl = { - "net.core.rmem_max" = 7500000; - "net.core.wmem_max" = 7500000; - }; - - topology = with cfg; { - nodes.${this.hostname}.services.ipfs-kubo = { - name = "IPFS Kubo"; - icon = "${inputs.homelab-svg-assets}/assets/ipfs.svg"; - details.listen.text = '' - ${gatewayBind}:${toString gatewayPort} - ${apiBind}:${toString apiPort} - ''; + startWhenNeeded = true; }; - }; - } - (mkIf this.isHeadless { - nixfiles.modules.nginx = { - enable = true; - upstreams = with cfg; { - kubo_gateway.servers."${gatewayBind}:${toString gatewayPort}" = { }; - kubo_api.servers."${apiBind}:${toString apiPort}" = { }; + + networking.firewall = rec { + allowedTCPPorts = [ swarmDefaultPort ]; + allowedUDPPorts = allowedTCPPorts; + }; + + boot.kernel.sysctl = { + "net.core.rmem_max" = 7500000; + "net.core.wmem_max" = 7500000; + }; + + topology = { + nodes.${this.hostname}.services.ipfs-kubo = { + name = "IPFS Kubo"; + icon = "${inputs.homelab-svg-assets}/assets/ipfs.svg"; + details.listen.text = '' + ${cfg.gatewayBind}:${toString cfg.gatewayPort} + ${cfg.apiBind}:${toString cfg.apiPort} + ''; + }; }; - virtualHosts = { - ${cfg.domain} = { - locations."/".proxyPass = "http://kubo_gateway"; - extraConfig = libNginx.config.internalOnly; + } + (lib.mkIf this.isHeadless { + nixfiles.modules.nginx = { + enable = true; + upstreams = { + kubo_gateway.servers."${cfg.gatewayBind}:${toString cfg.gatewayPort}" = { }; + kubo_api.servers."${cfg.apiBind}:${toString cfg.apiPort}" = { }; }; - "api.${cfg.domain}" = { - locations = { - "/".proxyPass = "http://kubo_api"; - "~ ^/$".return = - "301 http${optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui"; + virtualHosts = { + ${cfg.domain} = { + locations."/".proxyPass = "http://kubo_gateway"; + extraConfig = libNginx.config.internalOnly; + }; + "api.${cfg.domain}" = { + locations = { + "/".proxyPass = "http://kubo_api"; + "~ ^/$".return = + "301 http${lib.optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui"; + }; + extraConfig = libNginx.config.internalOnly; }; - extraConfig = libNginx.config.internalOnly; }; }; - }; - topology.nodes.${this.hostname}.services.ipfs-kubo.info = cfg.domain; - }) - ]); + topology.nodes.${this.hostname}.services.ipfs-kubo.info = cfg.domain; + }) + ] + ); } |