refactor kubo config

2023-05-29 20:01:31 +01:00 · 2023-05-29 20:01:31 +01:00 · 4b160609a0
commit 4b160609a0
parent e1eb4af40f
5 changed files with 86 additions and 65 deletions
--- a/config/nas.nix
+++ b/config/nas.nix
@ -31,6 +31,7 @@
    ./services/docker.nix
    ./users/remote-build.nix
    ./services/heisenbridge.nix
+    ./services/kubo-local.nix
  ];

  hardware.cpu.amd.updateMicrocode = true;
@ -165,4 +166,8 @@
  services.tailscale.useRoutingFeatures = "both";
  hardware.sane.brscan4.enable = true;
  system.autoUpgrade.allowReboot = true;
+  services.kubo.settings.Addresses.API = lib.mkForce [
+    "/ip4/0.0.0.0/tcp/5001"
+    "/ip6/::/tcp/5001"
+  ]; # Only exposed over the tailed scale
 }
--- a/config/services/kubo-common.nix
+++ b/config/services/kubo-common.nix
@ -0,0 +1,70 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: {
+  services.kubo = {
+    autoMigrate = true;
+    emptyRepo = true;
+    enable = true;
+    enableGC = true;
+    settings = {
+      Addresses = {
+        API = [
+          "/ip4/127.0.0.1/tcp/5001"
+          "/ip6/::1/tcp/5001"
+        ];
+        Gateway = "/ip4/127.0.0.1/tcp/41876";
+      };
+      Experimental = {
+        FilestoreEnabled = true;
+        UrlstoreEnabled = true;
+      };
+      Gateway.PublicGateways."ipfs.chir.rs" = {
+        Paths = ["/ipfs" "/ipns"];
+        UseSubdomains = false;
+      };
+      Peering.Peers = [
+        {
+          ID = "12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci";
+          Addrs = [
+            "/ip4/100.105.131.79/tcp/4001/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
+            "/ip4/100.105.131.79/udp/4001/quic-v1/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
+            "/ip4/100.105.131.79/udp/4001/quic-v1/webtransport/certhash/uEiDd_OUVB7F0T7MSZ8VlFKn7dwbuLLEoQv8hmN8vgrgteg/certhash/uEiCwESdZcOeKlGwbhMKId-rqkzx5uPm1z7Bs5Kw3WzJVTA/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
+            "/ip4/100.105.131.79/udp/4001/quic/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
+            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/tcp/4001/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
+            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic-v1/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
+            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic-v1/webtransport/certhash/uEiDd_OUVB7F0T7MSZ8VlFKn7dwbuLLEoQv8hmN8vgrgteg/certhash/uEiCwESdZcOeKlGwbhMKId-rqkzx5uPm1z7Bs5Kw3WzJVTA/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
+            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
+          ];
+        }
+        {
+          ID = "12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE";
+          Addrs = [
+            "/ip4/100.99.173.107/tcp/4001/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
+            "/ip4/100.99.173.107/udp/4001/quic-v1/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
+            "/ip4/100.99.173.107/udp/4001/quic-v1/webtransport/certhash/uEiBBlhb66XtCUiqnm_MRhw9dXBDdQPw_cyXSqGfLXPGZZw/certhash/uEiA6S2rO5xyLpJ_Nz4nwuLHBaiwhFGIUbQ-g0Wjm3fAZzA/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
+            "/ip4/100.99.173.107/udp/4001/quic/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
+            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/tcp/4001/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
+            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic-v1/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
+            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic-v1/webtransport/certhash/uEiBBlhb66XtCUiqnm_MRhw9dXBDdQPw_cyXSqGfLXPGZZw/certhash/uEiA6S2rO5xyLpJ_Nz4nwuLHBaiwhFGIUbQ-g0Wjm3fAZzA/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
+            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
+          ];
+        }
+      ];
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    4001
+    4002
+  ];
+  networking.firewall.allowedUDPPorts = [
+    4001
+  ];
+  fileSystems."/var/lib/ipfs/root" = {
+    device = "/";
+    options = ["bind" "ro"];
+  };
+}
--- a/config/services/kubo-local.nix
+++ b/config/services/kubo-local.nix
@ -4,68 +4,8 @@
  lib,
  ...
 }: {
+  imports = [./kubo-common.nix];
  services.kubo = {
    package = pkgs.kubo-orig;
-    autoMigrate = true;
-    emptyRepo = true;
-    enable = true;
-    enableGC = true;
-    settings = {
-      Addresses = {
-        API = [
-          "/ip4/127.0.0.1/tcp/5001"
-          "/ip6/::1/tcp/5001"
-        ];
-        Gateway = "/ip4/127.0.0.1/tcp/41876";
-      };
-      Experimental = {
-        FilestoreEnabled = true;
-        UrlstoreEnabled = true;
-      };
-      Gateway.PublicGateways."ipfs.chir.rs" = {
-        Paths = ["/ipfs" "/ipns"];
-        UseSubdomains = false;
-      };
-      Peering.Peers = [
-        {
-          ID = "12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci";
-          Addrs = [
-            "/ip4/100.105.131.79/tcp/4001/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
-            "/ip4/100.105.131.79/udp/4001/quic-v1/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
-            "/ip4/100.105.131.79/udp/4001/quic-v1/webtransport/certhash/uEiDd_OUVB7F0T7MSZ8VlFKn7dwbuLLEoQv8hmN8vgrgteg/certhash/uEiCwESdZcOeKlGwbhMKId-rqkzx5uPm1z7Bs5Kw3WzJVTA/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
-            "/ip4/100.105.131.79/udp/4001/quic/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
-            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/tcp/4001/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
-            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic-v1/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
-            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic-v1/webtransport/certhash/uEiDd_OUVB7F0T7MSZ8VlFKn7dwbuLLEoQv8hmN8vgrgteg/certhash/uEiCwESdZcOeKlGwbhMKId-rqkzx5uPm1z7Bs5Kw3WzJVTA/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
-            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
-          ];
-        }
-        {
-          ID = "12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW";
-          Addrs = [
-            "/ip4/100.99.173.107/tcp/4001/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
-            "/ip4/100.99.173.107/udp/4001/quic-v1/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
-            "/ip4/100.99.173.107/udp/4001/quic-v1/webtransport/certhash/uEiBt2eKq-XKCnuzSF96FxQBqesCUMWOMaRivMdCXQn0GCQ/certhash/uEiAqR--0diIG4VB5b47dzDEK-sh3Xfp1_2fz6bvfc37Cqg/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
-            "/ip4/100.99.173.107/udp/4001/quic/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
-            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/tcp/4001/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
-            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic-v1/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
-            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic-v1/webtransport/certhash/uEiBt2eKq-XKCnuzSF96FxQBqesCUMWOMaRivMdCXQn0GCQ/certhash/uEiAqR--0diIG4VB5b47dzDEK-sh3Xfp1_2fz6bvfc37Cqg/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
-            "/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
-          ];
-        }
-      ];
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [
-    4001
-    4002
-  ];
-  networking.firewall.allowedUDPPorts = [
-    4001
-  ];
-  fileSystems."/var/lib/ipfs/root" = {
-    device = "/";
-    options = ["bind" "ro"];
  };
 }
--- a/config/tailscale.hujson
+++ b/config/tailscale.hujson
@ -82,7 +82,7 @@
    {
      "action": "accept",
      "src": ["tag:devDevice"],
-      "dst": ["tag:nas:8384", "tag:nas:631"]
+      "dst": ["tag:nas:8384", "tag:nas:631", "tag:ipfs:5001"]
    },
    // Woodpecker agents
    {
@ -98,8 +98,14 @@
        "tag:instance-20221213-1915:29320", // mautrix-discord
        "tag:instance-20221213-1915:29328", // mautrix-signal
        "tag:instance-20221213-1915:29317", // mautrix-telegram
-        "tag:instance-20221213-1915:29318", // mautrix-whatsapp
+        "tag:instance-20221213-1915:29318" // mautrix-whatsapp
      ]
+    },
+    // IPFS
+    {
+      "action": "accept",
+      "src": ["tag:ipfs"],
+      "dst": ["tag:ipfs:4001"]
    }
  ],

@ -115,6 +121,7 @@
    "tag:devDevice": ["DarkKirb@github"],
    "tag:server": ["DarkKirb@github"],
    "tag:syncthing": ["DarkKirb@github"],
-    "tag:woodpeckerRunner": ["DarkKirb@github"]
+    "tag:woodpeckerRunner": ["DarkKirb@github"],
+    "tag:ipfs": ["DarkKirb@github"]
  }
 }
--- a/config/thinkrac.nix
+++ b/config/thinkrac.nix
@ -19,7 +19,6 @@
    nixos-hardware.nixosModules.common-cpu-intel-kaby-lake
    nixos-hardware.nixosModules.common-pc-ssd
    ./services/postgres.nix
-    ./services/kubo-local.nix
  ];
  hardware.cpu.intel.updateMicrocode = true;