servo: add ipfs service

2022-06-26 03:37:50 -07:00 · 2022-06-26 03:37:50 -07:00 · 57886ec3d0
commit 57886ec3d0
parent fd567f8c09
3 changed files with 47 additions and 0 deletions
--- a/machines/servo/default.nix
+++ b/machines/servo/default.nix
@ -8,6 +8,7 @@
    ./users.nix
    ./services/ddns-he.nix
    ./services/gitea.nix
+    ./services/ipfs.nix
    ./services/jackett.nix
    ./services/jellyfin.nix
    ./services/matrix.nix
@ -29,6 +30,12 @@
    sopsFile = ../../secrets/servo.yaml;
  };

+  # both transmission and ipfs try to set different net defaults.
+  # we just use the most aggressive of the two here:
+  boot.kernel.sysctl = {
+    "net.core.rmem_max" = "4194304";  # 4MB
+  };
+
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
--- a/machines/servo/services/ipfs.nix
+++ b/machines/servo/services/ipfs.nix
@ -0,0 +1,23 @@
+{ ... }:
+{
+  services.ipfs.enable = true;
+  services.ipfs.localDiscovery = true;
+  services.ipfs.swarmAddress = [
+    "/dns4/ipfs.uninsane.org/tcp/4001"
+    "/ip4/0.0.0.0/tcp/4001"
+    "/dns4/ipfs.uninsane.org/udp/4001/quic"
+    "/ip4/0.0.0.0/udp/4001/quic"
+  ];
+  services.ipfs.extraConfig = {
+    Addresses = {
+      Announce = [
+        "/dns4/ipfs.uninsane.org/tcp/4001"
+        "/dns4/ipfs.uninsane.org/udp/4001/quic"
+      ];
+    };
+    Gateway = {
+      # the gateway can only be used to serve content already replicated on this host
+      NoFetch = true;
+    };
+  };
+}
--- a/machines/servo/services/nginx.nix
+++ b/machines/servo/services/nginx.nix
@ -210,6 +210,23 @@
    };
  };

+  services.nginx.virtualHosts."ipfs.uninsane.org" = {
+    # don't default to ssl upgrades, since this may be dnslink'd from a different domain.
+    # ideally we'd disable ssl entirely, but some places assume it?
+    addSSL = true;
+    enableACME = true;
+
+    default = true;
+
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8080";
+      extraConfig = ''
+        proxy_set_header Host $host;
+        proxy_set_header X-Ipfs-Gateway-Prefix "";
+      '';
+    };
+  };
+
  # exists only to manage certs for dovecot
  services.nginx.virtualHosts."imap.uninsane.org" = {
    forceSSL = true;