Merge pull request 'fix kubo' (#80) from fix-kubo into main

Reviewed-on: #80
This commit is contained in:
Charlotte 🦝 Delenk 2023-05-29 19:14:49 +00:00
commit a171860d8b
Signed by: gitea-bot
GPG key ID: C9974EDF9932B558
6 changed files with 116 additions and 73 deletions

View file

@ -31,6 +31,7 @@
./services/docker.nix
./users/remote-build.nix
./services/heisenbridge.nix
./services/kubo-local.nix
];
hardware.cpu.amd.updateMicrocode = true;
@ -165,4 +166,8 @@
services.tailscale.useRoutingFeatures = "both";
hardware.sane.brscan4.enable = true;
system.autoUpgrade.allowReboot = true;
services.kubo.settings.Addresses.API = lib.mkForce [
"/ip4/0.0.0.0/tcp/5001"
"/ip6/::/tcp/5001"
]; # Only exposed over the tailed scale
}

View file

@ -0,0 +1,96 @@
{
pkgs,
config,
lib,
...
}: {
services.kubo = {
autoMigrate = true;
emptyRepo = true;
enable = true;
enableGC = true;
settings = {
Addresses = {
API = [
"/ip4/127.0.0.1/tcp/5001"
"/ip6/::1/tcp/5001"
];
Gateway = "/ip4/127.0.0.1/tcp/41876";
};
Experimental = {
FilestoreEnabled = true;
UrlstoreEnabled = true;
};
Gateway.PublicGateways."ipfs.chir.rs" = {
Paths = ["/ipfs" "/ipns"];
UseSubdomains = false;
};
Peering.Peers = [
{
ID = "12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci";
Addrs = [
"/ip4/100.105.131.79/tcp/4001/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip4/100.105.131.79/udp/4001/quic-v1/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip4/100.105.131.79/udp/4001/quic-v1/webtransport/certhash/uEiDd_OUVB7F0T7MSZ8VlFKn7dwbuLLEoQv8hmN8vgrgteg/certhash/uEiCwESdZcOeKlGwbhMKId-rqkzx5uPm1z7Bs5Kw3WzJVTA/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip4/100.105.131.79/udp/4001/quic/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/tcp/4001/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic-v1/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic-v1/webtransport/certhash/uEiDd_OUVB7F0T7MSZ8VlFKn7dwbuLLEoQv8hmN8vgrgteg/certhash/uEiCwESdZcOeKlGwbhMKId-rqkzx5uPm1z7Bs5Kw3WzJVTA/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
];
}
{
ID = "12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE";
Addrs = [
"/ip4/100.99.173.107/tcp/4001/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
"/ip4/100.99.173.107/udp/4001/quic-v1/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
"/ip4/100.99.173.107/udp/4001/quic-v1/webtransport/certhash/uEiBBlhb66XtCUiqnm_MRhw9dXBDdQPw_cyXSqGfLXPGZZw/certhash/uEiA6S2rO5xyLpJ_Nz4nwuLHBaiwhFGIUbQ-g0Wjm3fAZzA/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
"/ip4/100.99.173.107/udp/4001/quic/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/tcp/4001/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic-v1/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic-v1/webtransport/certhash/uEiBBlhb66XtCUiqnm_MRhw9dXBDdQPw_cyXSqGfLXPGZZw/certhash/uEiA6S2rO5xyLpJ_Nz4nwuLHBaiwhFGIUbQ-g0Wjm3fAZzA/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
];
}
{
ID = "12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq";
Addrs = [
"/ip4/100.99.129.7/tcp/4001/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
"/ip4/100.99.129.7/udp/4001/quic-v1/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
"/ip4/100.99.129.7/udp/4001/quic-v1/webtransport/certhash/uEiDKdsFwl7AmtSQbXYxX-BZzbFpKbyAoVDPH1L4_r0OpFQ/certhash/uEiABeqMxri7X_qWstcpG8Ga1rpQ-P_nr-5AHhd2esVB7eQ/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
"/ip4/100.99.129.7/udp/4001/quic/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:8107/tcp/4001/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:8107/udp/4001/quic-v1/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:8107/udp/4001/quic-v1/webtransport/certhash/uEiDKdsFwl7AmtSQbXYxX-BZzbFpKbyAoVDPH1L4_r0OpFQ/certhash/uEiABeqMxri7X_qWstcpG8Ga1rpQ-P_nr-5AHhd2esVB7eQ/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:8107/udp/4001/quic/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
];
}
{
ID = "12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg";
Addrs = [
"/ip4/100.75.9.4/tcp/4001/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
"/ip4/100.75.9.4/udp/4001/quic-v1/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
"/ip4/100.75.9.4/udp/4001/quic-v1/webtransport/certhash/uEiBVo-LYcJSM7AP1AfCT-6U1n0-YofIx79YEabL4OxSTNA/certhash/uEiDpXKor0LPuUqEiuvXuFo4SGs2_VQxtIV1Lg6MNVC9R1w/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
"/ip4/100.75.9.4/udp/4001/quic/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:624b:904/tcp/4001/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:624b:904/udp/4001/quic-v1/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:624b:904/udp/4001/quic-v1/webtransport/certhash/uEiBVo-LYcJSM7AP1AfCT-6U1n0-YofIx79YEabL4OxSTNA/certhash/uEiDpXKor0LPuUqEiuvXuFo4SGs2_VQxtIV1Lg6MNVC9R1w/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:624b:904/udp/4001/quic/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
];
}
];
};
};
networking.firewall.allowedTCPPorts = [
4001
4002
];
networking.firewall.allowedUDPPorts = [
4001
];
fileSystems."/var/lib/ipfs/root" = {
device = "/";
options = ["bind" "ro"];
};
}

View file

@ -4,68 +4,8 @@
lib,
...
}: {
imports = [./kubo-common.nix];
services.kubo = {
package = pkgs.kubo-orig;
autoMigrate = true;
emptyRepo = true;
enable = true;
enableGC = true;
settings = {
Addresses = {
API = [
"/ip4/127.0.0.1/tcp/5001"
"/ip6/::1/tcp/5001"
];
Gateway = "/ip4/127.0.0.1/tcp/41876";
};
Experimental = {
FilestoreEnabled = true;
UrlstoreEnabled = true;
};
Gateway.PublicGateways."ipfs.chir.rs" = {
Paths = ["/ipfs" "/ipns"];
UseSubdomains = false;
};
Peering.Peers = [
{
ID = "12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci";
Addrs = [
"/ip4/100.105.131.79/tcp/4001/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip4/100.105.131.79/udp/4001/quic-v1/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip4/100.105.131.79/udp/4001/quic-v1/webtransport/certhash/uEiDd_OUVB7F0T7MSZ8VlFKn7dwbuLLEoQv8hmN8vgrgteg/certhash/uEiCwESdZcOeKlGwbhMKId-rqkzx5uPm1z7Bs5Kw3WzJVTA/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip4/100.105.131.79/udp/4001/quic/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/tcp/4001/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic-v1/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic-v1/webtransport/certhash/uEiDd_OUVB7F0T7MSZ8VlFKn7dwbuLLEoQv8hmN8vgrgteg/certhash/uEiCwESdZcOeKlGwbhMKId-rqkzx5uPm1z7Bs5Kw3WzJVTA/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
];
}
{
ID = "12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW";
Addrs = [
"/ip4/100.99.173.107/tcp/4001/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
"/ip4/100.99.173.107/udp/4001/quic-v1/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
"/ip4/100.99.173.107/udp/4001/quic-v1/webtransport/certhash/uEiBt2eKq-XKCnuzSF96FxQBqesCUMWOMaRivMdCXQn0GCQ/certhash/uEiAqR--0diIG4VB5b47dzDEK-sh3Xfp1_2fz6bvfc37Cqg/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
"/ip4/100.99.173.107/udp/4001/quic/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/tcp/4001/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic-v1/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic-v1/webtransport/certhash/uEiBt2eKq-XKCnuzSF96FxQBqesCUMWOMaRivMdCXQn0GCQ/certhash/uEiAqR--0diIG4VB5b47dzDEK-sh3Xfp1_2fz6bvfc37Cqg/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
];
}
];
};
};
networking.firewall.allowedTCPPorts = [
4001
4002
];
networking.firewall.allowedUDPPorts = [
4001
];
fileSystems."/var/lib/ipfs/root" = {
device = "/";
options = ["bind" "ro"];
};
}

View file

@ -82,7 +82,7 @@
{
"action": "accept",
"src": ["tag:devDevice"],
"dst": ["tag:nas:8384", "tag:nas:631"]
"dst": ["tag:nas:8384", "tag:nas:631", "tag:ipfs:5001"]
},
// Woodpecker agents
{
@ -98,8 +98,14 @@
"tag:instance-20221213-1915:29320", // mautrix-discord
"tag:instance-20221213-1915:29328", // mautrix-signal
"tag:instance-20221213-1915:29317", // mautrix-telegram
"tag:instance-20221213-1915:29318", // mautrix-whatsapp
"tag:instance-20221213-1915:29318" // mautrix-whatsapp
]
},
// IPFS
{
"action": "accept",
"src": ["tag:ipfs"],
"dst": ["tag:ipfs:4001"]
}
],
@ -115,6 +121,7 @@
"tag:devDevice": ["DarkKirb@github"],
"tag:server": ["DarkKirb@github"],
"tag:syncthing": ["DarkKirb@github"],
"tag:woodpeckerRunner": ["DarkKirb@github"]
"tag:woodpeckerRunner": ["DarkKirb@github"],
"tag:ipfs": ["DarkKirb@github"]
}
}

View file

@ -19,7 +19,6 @@
nixos-hardware.nixosModules.common-cpu-intel-kaby-lake
nixos-hardware.nixosModules.common-pc-ssd
./services/postgres.nix
./services/kubo-local.nix
];
hardware.cpu.intel.updateMicrocode = true;

View file

@ -306,14 +306,10 @@ in {
ipfs.gid = config.ids.gids.ipfs;
};
systemd.tmpfiles.rules =
[
"d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -"
]
++ optionals cfg.autoMount [
"d '${cfg.ipfsMountDir}' - ${cfg.user} ${cfg.group} - -"
"d '${cfg.ipnsMountDir}' - ${cfg.user} ${cfg.group} - -"
];
systemd.tmpfiles.rules = optionals cfg.autoMount [
"d '${cfg.ipfsMountDir}' - ${cfg.user} ${cfg.group} - -"
"d '${cfg.ipnsMountDir}' - ${cfg.user} ${cfg.group} - -"
];
# The hardened systemd unit breaks the fuse-mount function according to documentation in the unit file itself
systemd.packages =