Merge pull request 'fix kubo' (#80) from fix-kubo into main
Reviewed-on: #80
This commit is contained in:
commit
a171860d8b
6 changed files with 116 additions and 73 deletions
|
@ -31,6 +31,7 @@
|
|||
./services/docker.nix
|
||||
./users/remote-build.nix
|
||||
./services/heisenbridge.nix
|
||||
./services/kubo-local.nix
|
||||
];
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
@ -165,4 +166,8 @@
|
|||
services.tailscale.useRoutingFeatures = "both";
|
||||
hardware.sane.brscan4.enable = true;
|
||||
system.autoUpgrade.allowReboot = true;
|
||||
services.kubo.settings.Addresses.API = lib.mkForce [
|
||||
"/ip4/0.0.0.0/tcp/5001"
|
||||
"/ip6/::/tcp/5001"
|
||||
]; # Only exposed over the tailed scale
|
||||
}
|
||||
|
|
96
config/services/kubo-common.nix
Normal file
96
config/services/kubo-common.nix
Normal file
|
@ -0,0 +1,96 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
services.kubo = {
|
||||
autoMigrate = true;
|
||||
emptyRepo = true;
|
||||
enable = true;
|
||||
enableGC = true;
|
||||
settings = {
|
||||
Addresses = {
|
||||
API = [
|
||||
"/ip4/127.0.0.1/tcp/5001"
|
||||
"/ip6/::1/tcp/5001"
|
||||
];
|
||||
Gateway = "/ip4/127.0.0.1/tcp/41876";
|
||||
};
|
||||
Experimental = {
|
||||
FilestoreEnabled = true;
|
||||
UrlstoreEnabled = true;
|
||||
};
|
||||
Gateway.PublicGateways."ipfs.chir.rs" = {
|
||||
Paths = ["/ipfs" "/ipns"];
|
||||
UseSubdomains = false;
|
||||
};
|
||||
Peering.Peers = [
|
||||
{
|
||||
ID = "12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci";
|
||||
Addrs = [
|
||||
"/ip4/100.105.131.79/tcp/4001/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip4/100.105.131.79/udp/4001/quic-v1/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip4/100.105.131.79/udp/4001/quic-v1/webtransport/certhash/uEiDd_OUVB7F0T7MSZ8VlFKn7dwbuLLEoQv8hmN8vgrgteg/certhash/uEiCwESdZcOeKlGwbhMKId-rqkzx5uPm1z7Bs5Kw3WzJVTA/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip4/100.105.131.79/udp/4001/quic/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/tcp/4001/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic-v1/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic-v1/webtransport/certhash/uEiDd_OUVB7F0T7MSZ8VlFKn7dwbuLLEoQv8hmN8vgrgteg/certhash/uEiCwESdZcOeKlGwbhMKId-rqkzx5uPm1z7Bs5Kw3WzJVTA/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
];
|
||||
}
|
||||
{
|
||||
ID = "12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE";
|
||||
Addrs = [
|
||||
"/ip4/100.99.173.107/tcp/4001/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
|
||||
"/ip4/100.99.173.107/udp/4001/quic-v1/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
|
||||
"/ip4/100.99.173.107/udp/4001/quic-v1/webtransport/certhash/uEiBBlhb66XtCUiqnm_MRhw9dXBDdQPw_cyXSqGfLXPGZZw/certhash/uEiA6S2rO5xyLpJ_Nz4nwuLHBaiwhFGIUbQ-g0Wjm3fAZzA/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
|
||||
"/ip4/100.99.173.107/udp/4001/quic/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/tcp/4001/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic-v1/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic-v1/webtransport/certhash/uEiBBlhb66XtCUiqnm_MRhw9dXBDdQPw_cyXSqGfLXPGZZw/certhash/uEiA6S2rO5xyLpJ_Nz4nwuLHBaiwhFGIUbQ-g0Wjm3fAZzA/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic/p2p/12D3KooWAFmukGRVqg54X97xzd2j1DvUzWQYUWx9Xbi6DQhai7uE"
|
||||
];
|
||||
}
|
||||
{
|
||||
ID = "12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq";
|
||||
Addrs = [
|
||||
"/ip4/100.99.129.7/tcp/4001/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
|
||||
"/ip4/100.99.129.7/udp/4001/quic-v1/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
|
||||
"/ip4/100.99.129.7/udp/4001/quic-v1/webtransport/certhash/uEiDKdsFwl7AmtSQbXYxX-BZzbFpKbyAoVDPH1L4_r0OpFQ/certhash/uEiABeqMxri7X_qWstcpG8Ga1rpQ-P_nr-5AHhd2esVB7eQ/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
|
||||
"/ip4/100.99.129.7/udp/4001/quic/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:8107/tcp/4001/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:8107/udp/4001/quic-v1/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:8107/udp/4001/quic-v1/webtransport/certhash/uEiDKdsFwl7AmtSQbXYxX-BZzbFpKbyAoVDPH1L4_r0OpFQ/certhash/uEiABeqMxri7X_qWstcpG8Ga1rpQ-P_nr-5AHhd2esVB7eQ/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:8107/udp/4001/quic/p2p/12D3KooWHY9DrTbuUe1gznxC8AYnX6TWmB3zBeTfA3MP4xFT67Vq"
|
||||
];
|
||||
}
|
||||
{
|
||||
ID = "12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg";
|
||||
Addrs = [
|
||||
"/ip4/100.75.9.4/tcp/4001/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
|
||||
"/ip4/100.75.9.4/udp/4001/quic-v1/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
|
||||
"/ip4/100.75.9.4/udp/4001/quic-v1/webtransport/certhash/uEiBVo-LYcJSM7AP1AfCT-6U1n0-YofIx79YEabL4OxSTNA/certhash/uEiDpXKor0LPuUqEiuvXuFo4SGs2_VQxtIV1Lg6MNVC9R1w/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
|
||||
"/ip4/100.75.9.4/udp/4001/quic/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:624b:904/tcp/4001/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:624b:904/udp/4001/quic-v1/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:624b:904/udp/4001/quic-v1/webtransport/certhash/uEiBVo-LYcJSM7AP1AfCT-6U1n0-YofIx79YEabL4OxSTNA/certhash/uEiDpXKor0LPuUqEiuvXuFo4SGs2_VQxtIV1Lg6MNVC9R1w/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:624b:904/udp/4001/quic/p2p/12D3KooWNcWmCrzEEN4EmoRWjDfP6oZqCB3Lr14sfzy3wfjX73kg"
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
4001
|
||||
4002
|
||||
];
|
||||
networking.firewall.allowedUDPPorts = [
|
||||
4001
|
||||
];
|
||||
fileSystems."/var/lib/ipfs/root" = {
|
||||
device = "/";
|
||||
options = ["bind" "ro"];
|
||||
};
|
||||
}
|
|
@ -4,68 +4,8 @@
|
|||
lib,
|
||||
...
|
||||
}: {
|
||||
imports = [./kubo-common.nix];
|
||||
services.kubo = {
|
||||
package = pkgs.kubo-orig;
|
||||
autoMigrate = true;
|
||||
emptyRepo = true;
|
||||
enable = true;
|
||||
enableGC = true;
|
||||
settings = {
|
||||
Addresses = {
|
||||
API = [
|
||||
"/ip4/127.0.0.1/tcp/5001"
|
||||
"/ip6/::1/tcp/5001"
|
||||
];
|
||||
Gateway = "/ip4/127.0.0.1/tcp/41876";
|
||||
};
|
||||
Experimental = {
|
||||
FilestoreEnabled = true;
|
||||
UrlstoreEnabled = true;
|
||||
};
|
||||
Gateway.PublicGateways."ipfs.chir.rs" = {
|
||||
Paths = ["/ipfs" "/ipns"];
|
||||
UseSubdomains = false;
|
||||
};
|
||||
Peering.Peers = [
|
||||
{
|
||||
ID = "12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci";
|
||||
Addrs = [
|
||||
"/ip4/100.105.131.79/tcp/4001/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip4/100.105.131.79/udp/4001/quic-v1/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip4/100.105.131.79/udp/4001/quic-v1/webtransport/certhash/uEiDd_OUVB7F0T7MSZ8VlFKn7dwbuLLEoQv8hmN8vgrgteg/certhash/uEiCwESdZcOeKlGwbhMKId-rqkzx5uPm1z7Bs5Kw3WzJVTA/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip4/100.105.131.79/udp/4001/quic/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/tcp/4001/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic-v1/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic-v1/webtransport/certhash/uEiDd_OUVB7F0T7MSZ8VlFKn7dwbuLLEoQv8hmN8vgrgteg/certhash/uEiCwESdZcOeKlGwbhMKId-rqkzx5uPm1z7Bs5Kw3WzJVTA/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6269:834f/udp/4001/quic/p2p/12D3KooWFWF4mob5DwhKGwYt1axQZiMnmTFH5oCN8JL7HA6wboci"
|
||||
];
|
||||
}
|
||||
{
|
||||
ID = "12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW";
|
||||
Addrs = [
|
||||
"/ip4/100.99.173.107/tcp/4001/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
|
||||
"/ip4/100.99.173.107/udp/4001/quic-v1/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
|
||||
"/ip4/100.99.173.107/udp/4001/quic-v1/webtransport/certhash/uEiBt2eKq-XKCnuzSF96FxQBqesCUMWOMaRivMdCXQn0GCQ/certhash/uEiAqR--0diIG4VB5b47dzDEK-sh3Xfp1_2fz6bvfc37Cqg/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
|
||||
"/ip4/100.99.173.107/udp/4001/quic/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/tcp/4001/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic-v1/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic-v1/webtransport/certhash/uEiBt2eKq-XKCnuzSF96FxQBqesCUMWOMaRivMdCXQn0GCQ/certhash/uEiAqR--0diIG4VB5b47dzDEK-sh3Xfp1_2fz6bvfc37Cqg/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
|
||||
"/ip6/fd7a:115c:a1e0:ab12:4843:cd96:6263:ad6b/udp/4001/quic/p2p/12D3KooWB2C361sKMdLgRE7kJ4XvE8EcfxDz9EExUrvPmkTUApJW"
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
4001
|
||||
4002
|
||||
];
|
||||
networking.firewall.allowedUDPPorts = [
|
||||
4001
|
||||
];
|
||||
fileSystems."/var/lib/ipfs/root" = {
|
||||
device = "/";
|
||||
options = ["bind" "ro"];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -82,7 +82,7 @@
|
|||
{
|
||||
"action": "accept",
|
||||
"src": ["tag:devDevice"],
|
||||
"dst": ["tag:nas:8384", "tag:nas:631"]
|
||||
"dst": ["tag:nas:8384", "tag:nas:631", "tag:ipfs:5001"]
|
||||
},
|
||||
// Woodpecker agents
|
||||
{
|
||||
|
@ -98,8 +98,14 @@
|
|||
"tag:instance-20221213-1915:29320", // mautrix-discord
|
||||
"tag:instance-20221213-1915:29328", // mautrix-signal
|
||||
"tag:instance-20221213-1915:29317", // mautrix-telegram
|
||||
"tag:instance-20221213-1915:29318", // mautrix-whatsapp
|
||||
"tag:instance-20221213-1915:29318" // mautrix-whatsapp
|
||||
]
|
||||
},
|
||||
// IPFS
|
||||
{
|
||||
"action": "accept",
|
||||
"src": ["tag:ipfs"],
|
||||
"dst": ["tag:ipfs:4001"]
|
||||
}
|
||||
],
|
||||
|
||||
|
@ -115,6 +121,7 @@
|
|||
"tag:devDevice": ["DarkKirb@github"],
|
||||
"tag:server": ["DarkKirb@github"],
|
||||
"tag:syncthing": ["DarkKirb@github"],
|
||||
"tag:woodpeckerRunner": ["DarkKirb@github"]
|
||||
"tag:woodpeckerRunner": ["DarkKirb@github"],
|
||||
"tag:ipfs": ["DarkKirb@github"]
|
||||
}
|
||||
}
|
||||
|
|
|
@ -19,7 +19,6 @@
|
|||
nixos-hardware.nixosModules.common-cpu-intel-kaby-lake
|
||||
nixos-hardware.nixosModules.common-pc-ssd
|
||||
./services/postgres.nix
|
||||
./services/kubo-local.nix
|
||||
];
|
||||
hardware.cpu.intel.updateMicrocode = true;
|
||||
|
||||
|
|
|
@ -306,14 +306,10 @@ in {
|
|||
ipfs.gid = config.ids.gids.ipfs;
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules =
|
||||
[
|
||||
"d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -"
|
||||
]
|
||||
++ optionals cfg.autoMount [
|
||||
"d '${cfg.ipfsMountDir}' - ${cfg.user} ${cfg.group} - -"
|
||||
"d '${cfg.ipnsMountDir}' - ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
systemd.tmpfiles.rules = optionals cfg.autoMount [
|
||||
"d '${cfg.ipfsMountDir}' - ${cfg.user} ${cfg.group} - -"
|
||||
"d '${cfg.ipnsMountDir}' - ${cfg.user} ${cfg.group} - -"
|
||||
];
|
||||
|
||||
# The hardened systemd unit breaks the fuse-mount function according to documentation in the unit file itself
|
||||
systemd.packages =
|
||||
|
|
Loading…
Reference in a new issue