about summary refs log tree commit diff
path: root/modules/nixos/ipfs.nix
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-04-12 04:01:46 +0300
committerAzat Bahawi <azat@bahawi.net>2023-04-12 04:01:46 +0300
commitd6368c86bc949371e904eed3d0a6583ebd53b055 (patch)
tree042db513412ba7f1577b1ac690d4e0e0fac22cbf /modules/nixos/ipfs.nix
parent2023-04-07 (diff)
2023-04-12
Diffstat (limited to 'modules/nixos/ipfs.nix')
-rw-r--r--modules/nixos/ipfs.nix161
1 files changed, 74 insertions, 87 deletions
diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix
index 0ec64e5..68075ff 100644
--- a/modules/nixos/ipfs.nix
+++ b/modules/nixos/ipfs.nix
@@ -7,9 +7,9 @@
 with lib; let
   cfg = config.nixfiles.modules.ipfs;
 
-  swarmDefaultPort = 4001;
-  apiDefaultPort = 5001;
   gatewayDefaultPort = 6001;
+  apiDefaultPort = 5001;
+  swarmDefaultPort = 4001;
 in {
   options.nixfiles.modules.ipfs = {
     enable = mkEnableOption "IPFS daemon";
@@ -20,13 +20,13 @@ in {
       default = "ipfs.${config.networking.fqdn}";
     };
 
-    swarmPort = mkOption {
-      description = "Swarm port.";
+    gatewayPort = mkOption {
+      description = "Gateway port.";
       type = with types; port;
       default =
         if this.isHeadless
-        then swarmDefaultPort + 990
-        else swarmDefaultPort;
+        then gatewayDefaultPort + 990
+        else gatewayDefaultPort;
     };
 
     apiPort = mkOption {
@@ -38,19 +38,16 @@ in {
         else apiDefaultPort;
     };
 
-    gatewayPort = mkOption {
-      description = "Gateway port.";
+    swarmPort = mkOption {
+      description = "Swarm port.";
       type = with types; port;
-      default =
-        if this.isHeadless
-        then gatewayDefaultPort + 990
-        else gatewayDefaultPort;
+      default = swarmDefaultPort;
     };
   };
 
   config = mkIf cfg.enable (mkMerge [
     {
-      services.ipfs = {
+      services.kubo = {
         enable = true;
 
         user = my.username;
@@ -58,70 +55,68 @@ in {
 
         dataDir = "${config.dirs.data}/ipfs";
 
-        swarmAddress = let
-          port = toString cfg.swarmPort;
-        in
-          if this.isHeadless
-          then [
-            "/ip4/127.0.0.1/tcp/${port}"
-            "/ip4/127.0.0.1/udp/${port}/quic"
-          ]
-          else [
-            "/ip4/0.0.0.0/tcp/${port}"
-            "/ip6/::/tcp/${port}"
-            "/ip4/0.0.0.0/udp/${port}/quic"
-            "/ip6/::/udp/${port}/quic"
-          ];
-        apiAddress = "/ip4/127.0.0.1/tcp/${toString cfg.apiPort}";
-        gatewayAddress = "/ip4/127.0.0.1/tcp/${toString cfg.gatewayPort}";
-
         autoMigrate = true;
         autoMount = true;
         emptyRepo = true;
         enableGC = true;
 
-        extraConfig = mkMerge [
-          (let
-            filterAddresses =
-              [
-                "/ip4/100.64.0.0/ipcidr/10"
-                "/ip4/169.254.0.0/ipcidr/16"
-                "/ip4/172.16.0.0/ipcidr/12"
-                "/ip4/192.0.0.0/ipcidr/24"
-                "/ip4/192.0.2.0/ipcidr/24"
-                "/ip4/192.168.0.0/ipcidr/16"
-                "/ip4/198.18.0.0/ipcidr/15"
-                "/ip4/198.51.100.0/ipcidr/24"
-                "/ip4/203.0.113.0/ipcidr/24"
-                "/ip4/240.0.0.0/ipcidr/4"
-                "/ip6/100::/ipcidr/64"
-                "/ip6/2001:2::/ipcidr/48"
-                "/ip6/2001:db8::/ipcidr/32"
-                "/ip6/fe80::/ipcidr/10"
-              ]
-              ++ optionals (!hasAttr "wireguard" this) [
-                "/ip4/10.0.0.0/ipcidr/8"
-                "/ip6/fc00::/ipcidr/7"
-              ];
-          in {
-            Addresses = with config.services.ipfs; {
-              # https://github.com/NixOS/nixpkgs/pull/165259
-              # I think this shit broke inheritance... Gotta test more and make
-              # a PR I guess.
-              API = apiAddress;
-              Gateway = gatewayAddress;
-              Swarm = swarmAddress;
+        settings = mkMerge [
+          (
+            let
+              filterAddresses =
+                [
+                  "/ip4/100.64.0.0/ipcidr/10"
+                  "/ip4/169.254.0.0/ipcidr/16"
+                  "/ip4/172.16.0.0/ipcidr/12"
+                  "/ip4/192.0.0.0/ipcidr/24"
+                  "/ip4/192.0.2.0/ipcidr/24"
+                  "/ip4/192.168.0.0/ipcidr/16"
+                  "/ip4/198.18.0.0/ipcidr/15"
+                  "/ip4/198.51.100.0/ipcidr/24"
+                  "/ip4/203.0.113.0/ipcidr/24"
+                  "/ip4/240.0.0.0/ipcidr/4"
+                  "/ip6/100::/ipcidr/64"
+                  "/ip6/2001:2::/ipcidr/48"
+                  "/ip6/2001:db8::/ipcidr/32"
+                  "/ip6/fe80::/ipcidr/10"
+                ]
+                ++ optionals (!hasAttr "wireguard" this) [
+                  "/ip4/10.0.0.0/ipcidr/8"
+                  "/ip6/fc00::/ipcidr/7"
+                ];
+            in {
+              Addresses = with config.services.ipfs; {
+                API = "/ip4/127.0.0.1/tcp/${toString cfg.apiPort}";
+                Gateway = "/ip4/127.0.0.1/tcp/${toString cfg.gatewayPort}";
+                Swarm = let
+                  port = toString cfg.swarmPort;
+                in [
+                  "/ip4/0.0.0.0/tcp/${port}"
+                  "/ip6/::/tcp/${port}"
+                  "/ip4/0.0.0.0/udp/${port}/quic"
+                  "/ip6/::/udp/${port}/quic"
+                ];
 
-              NoAnnounce = filterAddresses;
-            };
-            Swarm.AddrFilters = filterAddresses;
-            API.HTTPHeaders.Access-Control-Allow-Methods = ["GET" "POST" "PUT"];
-          })
+                NoAnnounce = filterAddresses;
+              };
+              Swarm.AddrFilters = filterAddresses;
+              API.HTTPHeaders.Access-Control-Allow-Methods = [
+                "GET"
+                "POST"
+                "PUT"
+              ];
+            }
+          )
           (mkIf this.isHeadful {
             API.HTTPHeaders.Access-Control-Allow-Origin = ["*"];
           })
           (mkIf this.isHeadless {
-            API.HTTPHeaders.Access-Control-Allow-Origin = ["https://${cfg.domain}" "https://api.${cfg.domain}"];
+            API.HTTPHeaders.Access-Control-Allow-Origin = map (v: "http${
+              optionalString config.nixfiles.modules.acme.enable "s"
+            }://${v}") (with cfg; [
+              domain
+              "api.${domain}"
+            ]);
           })
         ];
       };
@@ -134,30 +129,22 @@ in {
     (mkIf this.isHeadless {
       nixfiles.modules.nginx = {
         enable = true;
-        upstreams = {
-          ipfs_gateway.servers."127.0.0.1:${toString cfg.gatewayPort}" = {};
-          ipfs_swarm.servers."127.0.0.1:${toString cfg.swarmPort}" = {};
-          ipfs_api.servers."127.0.0.1:${toString cfg.apiPort}" = {};
+        upstreams = with cfg; {
+          kubo_gateway.servers."127.0.0.1:${toString gatewayPort}" = {};
+          kubo_api.servers."127.0.0.1:${toString apiPort}" = {};
         };
         virtualHosts = {
-          ${cfg.domain}.locations."/".proxyPass = "http://ipfs_gateway";
-          "swarm.${cfg.domain}" = {
-            serverName = cfg.domain;
-            listen = [
-              {
-                addr = "0.0.0.0";
-                port = swarmDefaultPort;
-              }
-              {
-                addr = "[::0]";
-                port = swarmDefaultPort;
-              }
-            ];
-            locations."/".proxyPass = "http://ipfs_swarm";
+          ${cfg.domain} = {
+            locations."/".proxyPass = "http://kubo_gateway";
+            extraConfig = nginxInternalOnly;
           };
           "api.${cfg.domain}" = {
-            # TODO Redirect "/" to "/webui" but keep other endpoints.
-            locations."/".proxyPass = "http://ipfs_api";
+            locations = {
+              "/".proxyPass = "http://kubo_api";
+              "~ ^/$".return = "301 http${
+                optionalString config.nixfiles.modules.acme.enable "s"
+              }://api.${cfg.domain}/webui";
+            };
             extraConfig = nginxInternalOnly;
           };
         };

Consider giving Nix/NixOS a try! <3