diff options
Diffstat (limited to 'modules/nixos/ipfs.nix')
| -rw-r--r-- | modules/nixos/ipfs.nix | 161 |
1 files changed, 74 insertions, 87 deletions
diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix index 0ec64e5..68075ff 100644 --- a/modules/nixos/ipfs.nix +++ b/modules/nixos/ipfs.nix @@ -7,9 +7,9 @@ with lib; let cfg = config.nixfiles.modules.ipfs; - swarmDefaultPort = 4001; - apiDefaultPort = 5001; gatewayDefaultPort = 6001; + apiDefaultPort = 5001; + swarmDefaultPort = 4001; in { options.nixfiles.modules.ipfs = { enable = mkEnableOption "IPFS daemon"; @@ -20,13 +20,13 @@ in { default = "ipfs.${config.networking.fqdn}"; }; - swarmPort = mkOption { - description = "Swarm port."; + gatewayPort = mkOption { + description = "Gateway port."; type = with types; port; default = if this.isHeadless - then swarmDefaultPort + 990 - else swarmDefaultPort; + then gatewayDefaultPort + 990 + else gatewayDefaultPort; }; apiPort = mkOption { @@ -38,19 +38,16 @@ in { else apiDefaultPort; }; - gatewayPort = mkOption { - description = "Gateway port."; + swarmPort = mkOption { + description = "Swarm port."; type = with types; port; - default = - if this.isHeadless - then gatewayDefaultPort + 990 - else gatewayDefaultPort; + default = swarmDefaultPort; }; }; config = mkIf cfg.enable (mkMerge [ { - services.ipfs = { + services.kubo = { enable = true; user = my.username; @@ -58,70 +55,68 @@ in { dataDir = "${config.dirs.data}/ipfs"; - swarmAddress = let - port = toString cfg.swarmPort; - in - if this.isHeadless - then [ - "/ip4/127.0.0.1/tcp/${port}" - "/ip4/127.0.0.1/udp/${port}/quic" - ] - else [ - "/ip4/0.0.0.0/tcp/${port}" - "/ip6/::/tcp/${port}" - "/ip4/0.0.0.0/udp/${port}/quic" - "/ip6/::/udp/${port}/quic" - ]; - apiAddress = "/ip4/127.0.0.1/tcp/${toString cfg.apiPort}"; - gatewayAddress = "/ip4/127.0.0.1/tcp/${toString cfg.gatewayPort}"; - autoMigrate = true; autoMount = true; emptyRepo = true; enableGC = true; - extraConfig = mkMerge [ - (let - filterAddresses = - [ - "/ip4/100.64.0.0/ipcidr/10" - "/ip4/169.254.0.0/ipcidr/16" - "/ip4/172.16.0.0/ipcidr/12" - "/ip4/192.0.0.0/ipcidr/24" - "/ip4/192.0.2.0/ipcidr/24" - "/ip4/192.168.0.0/ipcidr/16" - "/ip4/198.18.0.0/ipcidr/15" - "/ip4/198.51.100.0/ipcidr/24" - "/ip4/203.0.113.0/ipcidr/24" - "/ip4/240.0.0.0/ipcidr/4" - "/ip6/100::/ipcidr/64" - "/ip6/2001:2::/ipcidr/48" - "/ip6/2001:db8::/ipcidr/32" - "/ip6/fe80::/ipcidr/10" - ] - ++ optionals (!hasAttr "wireguard" this) [ - "/ip4/10.0.0.0/ipcidr/8" - "/ip6/fc00::/ipcidr/7" - ]; - in { - Addresses = with config.services.ipfs; { - # https://github.com/NixOS/nixpkgs/pull/165259 - # I think this shit broke inheritance... Gotta test more and make - # a PR I guess. - API = apiAddress; - Gateway = gatewayAddress; - Swarm = swarmAddress; + settings = mkMerge [ + ( + let + filterAddresses = + [ + "/ip4/100.64.0.0/ipcidr/10" + "/ip4/169.254.0.0/ipcidr/16" + "/ip4/172.16.0.0/ipcidr/12" + "/ip4/192.0.0.0/ipcidr/24" + "/ip4/192.0.2.0/ipcidr/24" + "/ip4/192.168.0.0/ipcidr/16" + "/ip4/198.18.0.0/ipcidr/15" + "/ip4/198.51.100.0/ipcidr/24" + "/ip4/203.0.113.0/ipcidr/24" + "/ip4/240.0.0.0/ipcidr/4" + "/ip6/100::/ipcidr/64" + "/ip6/2001:2::/ipcidr/48" + "/ip6/2001:db8::/ipcidr/32" + "/ip6/fe80::/ipcidr/10" + ] + ++ optionals (!hasAttr "wireguard" this) [ + "/ip4/10.0.0.0/ipcidr/8" + "/ip6/fc00::/ipcidr/7" + ]; + in { + Addresses = with config.services.ipfs; { + API = "/ip4/127.0.0.1/tcp/${toString cfg.apiPort}"; + Gateway = "/ip4/127.0.0.1/tcp/${toString cfg.gatewayPort}"; + Swarm = let + port = toString cfg.swarmPort; + in [ + "/ip4/0.0.0.0/tcp/${port}" + "/ip6/::/tcp/${port}" + "/ip4/0.0.0.0/udp/${port}/quic" + "/ip6/::/udp/${port}/quic" + ]; - NoAnnounce = filterAddresses; - }; - Swarm.AddrFilters = filterAddresses; - API.HTTPHeaders.Access-Control-Allow-Methods = ["GET" "POST" "PUT"]; - }) + NoAnnounce = filterAddresses; + }; + Swarm.AddrFilters = filterAddresses; + API.HTTPHeaders.Access-Control-Allow-Methods = [ + "GET" + "POST" + "PUT" + ]; + } + ) (mkIf this.isHeadful { API.HTTPHeaders.Access-Control-Allow-Origin = ["*"]; }) (mkIf this.isHeadless { - API.HTTPHeaders.Access-Control-Allow-Origin = ["https://${cfg.domain}" "https://api.${cfg.domain}"]; + API.HTTPHeaders.Access-Control-Allow-Origin = map (v: "http${ + optionalString config.nixfiles.modules.acme.enable "s" + }://${v}") (with cfg; [ + domain + "api.${domain}" + ]); }) ]; }; @@ -134,30 +129,22 @@ in { (mkIf this.isHeadless { nixfiles.modules.nginx = { enable = true; - upstreams = { - ipfs_gateway.servers."127.0.0.1:${toString cfg.gatewayPort}" = {}; - ipfs_swarm.servers."127.0.0.1:${toString cfg.swarmPort}" = {}; - ipfs_api.servers."127.0.0.1:${toString cfg.apiPort}" = {}; + upstreams = with cfg; { + kubo_gateway.servers."127.0.0.1:${toString gatewayPort}" = {}; + kubo_api.servers."127.0.0.1:${toString apiPort}" = {}; }; virtualHosts = { - ${cfg.domain}.locations."/".proxyPass = "http://ipfs_gateway"; - "swarm.${cfg.domain}" = { - serverName = cfg.domain; - listen = [ - { - addr = "0.0.0.0"; - port = swarmDefaultPort; - } - { - addr = "[::0]"; - port = swarmDefaultPort; - } - ]; - locations."/".proxyPass = "http://ipfs_swarm"; + ${cfg.domain} = { + locations."/".proxyPass = "http://kubo_gateway"; + extraConfig = nginxInternalOnly; }; "api.${cfg.domain}" = { - # TODO Redirect "/" to "/webui" but keep other endpoints. - locations."/".proxyPass = "http://ipfs_api"; + locations = { + "/".proxyPass = "http://kubo_api"; + "~ ^/$".return = "301 http${ + optionalString config.nixfiles.modules.acme.enable "s" + }://api.${cfg.domain}/webui"; + }; extraConfig = nginxInternalOnly; }; }; |