♻️ consolidate nix configs

2024-09-02 10:47:02 -04:00
parent 49884d40e5
commit 06ddc96680
49 changed files with 26 additions and 26 deletions
--- a/nix/modules/ipfs/badbits.deny
+++ b/nix/modules/ipfs/badbits.deny
--- a/nix/modules/ipfs/cluster.nix
+++ b/nix/modules/ipfs/cluster.nix
@ -0,0 +1,36 @@
+{ config, ... }:
+
+{
+  imports = [
+    ./default.nix
+    ../../services/ipfs-cluster.nix
+  ];
+
+  services = {
+    kubo = {
+      enable = true;
+      settings = {
+        Discovery = { MDNS = { Enabled = true; }; };
+        Swarm = {
+          AddrFilters = null;
+          ConnMgr = {
+            Type = "basic";
+            LowWater = 25;
+            HighWater = 50;
+            GracePeriod = "1m0s";
+          };
+        };
+      };
+    };
+
+    ipfs-cluster = {
+      enable = true;
+      consensus = "crdt";
+      secretFile = config.sops.secrets.ipfs-cluster-secret.path;
+    };
+  };
+
+  sops.secrets.ipfs-cluster-secret = {
+    owner = "ipfs";
+  };
+}
--- a/nix/modules/ipfs/default.nix
+++ b/nix/modules/ipfs/default.nix
@ -0,0 +1,25 @@
+_:
+
+{
+  services = {
+    kubo = {
+      enable = true;
+      settings = {
+        Addresses = {
+          Announce = [ ];
+          API = "/ip4/0.0.0.0/tcp/5001";
+          Gateway = "/ip4/0.0.0.0/tcp/8080";
+          NoAnnounce = [ ];
+          Swarm = [
+            "/ip4/0.0.0.0/tcp/4001"
+            "/ip6/::/tcp/4001"
+            "/ip4/0.0.0.0/udp/4001/quic"
+            "/ip6/::/udp/4001/quic"
+          ];
+        };
+        API = { HTTPHeaders = { Access-Control-Allow-Origin = [ "*" ]; }; };
+        Routing = { Type = "dht"; };
+      };
+    };
+  };
+}
--- a/nix/modules/ipfs/gateway.nix
+++ b/nix/modules/ipfs/gateway.nix
@ -0,0 +1,67 @@
+{ pkgs, ... }:
+
+let
+  peers = [
+    {
+      ID = "12D3KooWMQSgdfa4tUrDhkFx4zP3ZpgT1ryj9KH5RGUae62Vsc7y";
+      Addrs = [ "/ip4/100.95.167.126/tcp/4001" ];
+    }
+    {
+      ID = "12D3KooWMqSiDukubKNKrK7J4PaF3mfNnZFVAd3Lh7qj3Y3e5bcN";
+      Addrs = [ "/ip4/100.87.220.71/tcp/4001" ];
+
+    }
+    {
+      ID = "12D3KooWGmNRyqP969QbyP8NLVRZNK2i6yCcP6N6N2r2DCG4H34v";
+      Addrs = [ "/ip4/100.126.255.109/tcp/4001" ];
+
+    }
+    {
+      ID = "12D3KooWFkR8nsG5pzffoAfMzmwBcSakXxnogVa6inRxUbpfN5ua";
+      Addrs = [ "/ip4/100.74.59.80/tcp/4001" ];
+
+    }
+  ];
+in
+{
+  imports = [ ./default.nix ];
+
+  environment.systemPackages = with pkgs; [ ipfs-migrator ];
+
+  environment.etc = {
+    "ipfs/denylists/badbits.deny".source = ./badbits.deny;
+  };
+
+  networking.firewall = {
+    allowedTCPPorts = [ 4001 ];
+    allowedUDPPorts = [ 4001 ];
+  };
+  services = {
+    kubo = {
+      enable = true;
+      settings = {
+        Discovery = { MDNS = { Enabled = false; }; };
+        Peering = { Peers = peers; };
+        Swarm = { AddrFilters = null; };
+      };
+    };
+    nginx = {
+      # IPFS Gateway
+      virtualHosts."walkah.cloud" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = { proxyPass = "http://127.0.0.1:8080"; };
+      };
+
+      # Hosted Sites
+      virtualHosts."walkah.net" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/" = { proxyPass = "http://127.0.0.1:8080"; };
+        serverAliases = [
+          "www.walkah.net"
+        ];
+      };
+    };
+  };
+}