diff options
Diffstat (limited to 'modules/ipfs.nix')
| -rw-r--r-- | modules/ipfs.nix | 145 |
1 files changed, 145 insertions, 0 deletions
diff --git a/modules/ipfs.nix b/modules/ipfs.nix new file mode 100644 index 0000000..cd28372 --- /dev/null +++ b/modules/ipfs.nix @@ -0,0 +1,145 @@ +{ + config, + lib, + libNginx, + this, + ... +}: +with lib; +let + cfg = config.nixfiles.modules.ipfs; + + gatewayDefaultPort = 6001; + apiDefaultPort = 5001; + swarmDefaultPort = 4001; +in +{ + options.nixfiles.modules.ipfs = { + enable = mkEnableOption "IPFS daemon"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "ipfs.${config.networking.fqdn}"; + }; + + gatewayPort = mkOption { + description = "Gateway port."; + type = with types; port; + default = if this.isHeadless then gatewayDefaultPort + 990 else gatewayDefaultPort; + }; + + apiPort = mkOption { + description = "API port."; + type = with types; port; + default = if this.isHeadless then apiDefaultPort + 990 else apiDefaultPort; + }; + + swarmPort = mkOption { + description = "Swarm port."; + type = with types; port; + default = swarmDefaultPort; + }; + }; + + config = mkIf cfg.enable (mkMerge [ + { + services.kubo = { + enable = true; + + user = my.username; + inherit (config.my) group; + + dataDir = "${config.dirs.data}/ipfs"; + + autoMigrate = true; + autoMount = true; + emptyRepo = true; + enableGC = true; + + # https://github.com/ipfs/kubo/blob/master/docs/config.md + settings = mkMerge [ + ( + let + filterAddresses = + [ + "/ip4/100.64.0.0/ipcidr/10" + "/ip4/169.254.0.0/ipcidr/16" + "/ip4/172.16.0.0/ipcidr/12" + "/ip4/192.0.0.0/ipcidr/24" + "/ip4/192.0.2.0/ipcidr/24" + "/ip4/192.168.0.0/ipcidr/16" + "/ip4/198.18.0.0/ipcidr/15" + "/ip4/198.51.100.0/ipcidr/24" + "/ip4/203.0.113.0/ipcidr/24" + "/ip4/240.0.0.0/ipcidr/4" + "/ip6/100::/ipcidr/64" + "/ip6/2001:2::/ipcidr/48" + "/ip6/2001:db8::/ipcidr/32" + "/ip6/fe80::/ipcidr/10" + ] + ++ optionals (!hasAttr "wireguard" this) [ + "/ip4/10.0.0.0/ipcidr/8" + "/ip6/fc00::/ipcidr/7" + ]; + in + { + Addresses = { + API = "/ip4/127.0.0.1/tcp/${toString cfg.apiPort}"; + Gateway = "/ip4/127.0.0.1/tcp/${toString cfg.gatewayPort}"; + Swarm = + let + port = toString cfg.swarmPort; + in + [ + "/ip4/0.0.0.0/tcp/${port}" + "/ip6/::/tcp/${port}" + "/ip4/0.0.0.0/udp/${port}/quic" + "/ip4/0.0.0.0/udp/${port}/quic-v1" + "/ip4/0.0.0.0/udp/${port}/quic-v1/webtransport" + "/ip6/::/udp/${port}/quic" + "/ip6/::/udp/${port}/quic-v1" + "/ip6/::/udp/${port}/quic-v1/webtransport" + ]; + + NoAnnounce = filterAddresses; + }; + Swarm.AddrFilters = filterAddresses; + } + ) + ]; + + localDiscovery = true; + + startWhenNeeded = true; + }; + + networking.firewall = rec { + allowedTCPPorts = [ swarmDefaultPort ]; + allowedUDPPorts = allowedTCPPorts; + }; + } + (mkIf this.isHeadless { + nixfiles.modules.nginx = { + enable = true; + upstreams = with cfg; { + kubo_gateway.servers."127.0.0.1:${toString gatewayPort}" = { }; + kubo_api.servers."127.0.0.1:${toString apiPort}" = { }; + }; + virtualHosts = { + ${cfg.domain} = { + locations."/".proxyPass = "http://kubo_gateway"; + extraConfig = libNginx.config.internalOnly; + }; + "api.${cfg.domain}" = { + locations = { + "/".proxyPass = "http://kubo_api"; + "~ ^/$".return = "301 http${optionalString config.nixfiles.modules.acme.enable "s"}://api.${cfg.domain}/webui"; + }; + extraConfig = libNginx.config.internalOnly; + }; + }; + }; + }) + ]); +} |