diff --git a/flake.lock b/flake.lock
index 8bd1325..04bdfc3 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
]
},
"locked": {
- "lastModified": 1743125241,
- "narHash": "sha256-TA/xYqZbBwCCprXf8ABORDsjJy0Idw6OdQNqYQhgKCM=",
+ "lastModified": 1743350051,
+ "narHash": "sha256-QtVfBQe5VBnRPP5ustegPlsTdV/SZzt8akOIN5Hlwjk=",
"owner": "nix-darwin",
"repo": "nix-darwin",
- "rev": "75f8e4dbc553d3052f917e66ee874f69d49c9981",
+ "rev": "eaff8219d629bb86e71e3274e1b7915014e7fb22",
"type": "github"
},
"original": {
@@ -137,11 +137,11 @@
]
},
"locked": {
- "lastModified": 1743136572,
- "narHash": "sha256-uwaVrKgi6g1TUq56247j6QvvFtYHloCkjCrEpGBvV54=",
+ "lastModified": 1743438213,
+ "narHash": "sha256-ZZDN+0v1r4I1xkQWlt8euOJv5S4EvElUCZMrDjTCEsY=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "1efd2503172016a6742c87b47b43ca2c8145607d",
+ "rev": "ccd7df836e1f42ea84806760f25b77b586370259",
"type": "github"
},
"original": {
@@ -222,11 +222,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1743076231,
- "narHash": "sha256-yQugdVfi316qUfqzN8JMaA2vixl+45GxNm4oUfXlbgw=",
+ "lastModified": 1743320628,
+ "narHash": "sha256-FurMxmjEEqEMld11eX2vgfAx0Rz0JhoFm8UgxbfCZa8=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "6c5963357f3c1c840201eda129a99d455074db04",
+ "rev": "63158b9cbb6ec93d26255871c447b0f01da81619",
"type": "github"
},
"original": {
@@ -441,11 +441,11 @@
]
},
"locked": {
- "lastModified": 1742700801,
- "narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=",
+ "lastModified": 1743305778,
+ "narHash": "sha256-Ux/UohNtnM5mn9SFjaHp6IZe2aAnUCzklMluNtV6zFo=",
"owner": "Mic92",
"repo": "sops-nix",
- "rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852",
+ "rev": "8e873886bbfc32163fe027b8676c75637b7da114",
"type": "github"
},
"original": {
diff --git a/nix/modules/ipfs/cluster.nix b/nix/modules/ipfs/cluster.nix
index 98a3ae2..d5280ff 100644
--- a/nix/modules/ipfs/cluster.nix
+++ b/nix/modules/ipfs/cluster.nix
@@ -3,7 +3,6 @@
{
imports = [
./default.nix
- ../../services/ipfs-cluster.nix
];
services = {
diff --git a/nix/services/ipfs-cluster.nix b/nix/services/ipfs-cluster.nix
deleted file mode 100644
index 9a1180f..0000000
--- a/nix/services/ipfs-cluster.nix
+++ /dev/null
@@ -1,138 +0,0 @@
-## From https://github.com/NixOS/nixpkgs/pull/100871
-{
- config,
- lib,
- pkgs,
- ...
-}:
-with lib;
-let
- cfg = config.services.ipfs-cluster;
-
- # secret is by envvar, not flag
- initFlags = toString [
- (optionalString (cfg.initPeers != [ ]) "--peers")
- (lib.strings.concatStringsSep "," cfg.initPeers)
- ];
-in
-{
- ###### interface
- options = {
- services.ipfs-cluster = {
- enable = mkEnableOption "Pinset orchestration for IPFS - requires ipfs daemon to be useful";
-
- user = mkOption {
- type = types.str;
- default = "ipfs";
- description = "User under which the ipfs-cluster daemon runs.";
- };
-
- group = mkOption {
- type = types.str;
- default = "ipfs";
- description = "Group under which the ipfs-cluster daemon runs.";
- };
-
- consensus = mkOption {
- type = types.enum [
- "raft"
- "crdt"
- ];
- description = "Consensus protocol - 'raft' or 'crdt'. https://cluster.ipfs.io/documentation/guides/consensus/";
- };
-
- dataDir = mkOption {
- type = types.str;
- default = "/var/lib/ipfs-cluster";
- description = "The data dir for ipfs-cluster.";
- };
-
- initPeers = mkOption {
- type = types.listOf types.str;
- default = [ ];
- description = "Peer addresses to initialize with on first run.";
- };
-
- openSwarmPort = mkOption {
- type = types.bool;
- description = "Open swarm port, secured by the cluster secret. This does not expose the API or proxy. https://cluster.ipfs.io/documentation/guides/security/";
- };
-
- secretFile = mkOption {
- type = types.nullOr types.path;
- default = null;
- description = ''
- File containing the cluster secret in the format of EnvironmentFile as described by
- systemd.exec
- 5. For example:
-
- CLUSTER_SECRET=...
-
-
- if null, a new secret will be generated on first run.
- A secret in the correct format can also be generated by: openssl rand -hex 32
- '';
- };
- };
- };
-
- ###### implementation
-
- config = mkIf cfg.enable {
- environment.systemPackages = [ pkgs.ipfs-cluster ];
- systemd = {
- tmpfiles.rules = [ "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" ];
-
- services.ipfs-cluster-init = {
- path = [
- "/run/wrappers"
- pkgs.ipfs-cluster
- ];
- environment.IPFS_CLUSTER_PATH = cfg.dataDir;
- wantedBy = [ "default.target" ];
-
- serviceConfig =
- {
- # "" clears exec list (man systemd.service -> execStart)
- ExecStart = [
- ""
- "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service init --consensus ${cfg.consensus} ${initFlags}"
- ];
- Type = "oneshot";
- RemainAfterExit = true;
- User = cfg.user;
- Group = cfg.group;
- }
- // optionalAttrs (cfg.secretFile != null) {
- EnvironmentFile = cfg.secretFile;
- };
- unitConfig.ConditionDirectoryNotEmpty = "!${cfg.dataDir}";
- };
-
- services.ipfs-cluster = {
- environment.IPFS_CLUSTER_PATH = cfg.dataDir;
- wantedBy = [ "multi-user.target" ];
-
- wants = [ "ipfs-cluster-init.service" ];
- after = [ "ipfs-cluster-init.service" ];
-
- serviceConfig =
- {
- ExecStart = [
- ""
- "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service daemon"
- ];
- User = cfg.user;
- Group = cfg.group;
- }
- // optionalAttrs (cfg.secretFile != null) {
- EnvironmentFile = cfg.secretFile;
- };
- };
- };
- networking.firewall.allowedTCPPorts = mkIf cfg.openSwarmPort [
- 9094
- 9096
- ];
- };
-}