servo: add ipfs service
This commit is contained in:
parent
fd567f8c09
commit
57886ec3d0
|
@ -8,6 +8,7 @@
|
||||||
./users.nix
|
./users.nix
|
||||||
./services/ddns-he.nix
|
./services/ddns-he.nix
|
||||||
./services/gitea.nix
|
./services/gitea.nix
|
||||||
|
./services/ipfs.nix
|
||||||
./services/jackett.nix
|
./services/jackett.nix
|
||||||
./services/jellyfin.nix
|
./services/jellyfin.nix
|
||||||
./services/matrix.nix
|
./services/matrix.nix
|
||||||
|
@ -29,6 +30,12 @@
|
||||||
sopsFile = ../../secrets/servo.yaml;
|
sopsFile = ../../secrets/servo.yaml;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# both transmission and ipfs try to set different net defaults.
|
||||||
|
# we just use the most aggressive of the two here:
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
"net.core.rmem_max" = "4194304"; # 4MB
|
||||||
|
};
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
|
23
machines/servo/services/ipfs.nix
Normal file
23
machines/servo/services/ipfs.nix
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
services.ipfs.enable = true;
|
||||||
|
services.ipfs.localDiscovery = true;
|
||||||
|
services.ipfs.swarmAddress = [
|
||||||
|
"/dns4/ipfs.uninsane.org/tcp/4001"
|
||||||
|
"/ip4/0.0.0.0/tcp/4001"
|
||||||
|
"/dns4/ipfs.uninsane.org/udp/4001/quic"
|
||||||
|
"/ip4/0.0.0.0/udp/4001/quic"
|
||||||
|
];
|
||||||
|
services.ipfs.extraConfig = {
|
||||||
|
Addresses = {
|
||||||
|
Announce = [
|
||||||
|
"/dns4/ipfs.uninsane.org/tcp/4001"
|
||||||
|
"/dns4/ipfs.uninsane.org/udp/4001/quic"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
Gateway = {
|
||||||
|
# the gateway can only be used to serve content already replicated on this host
|
||||||
|
NoFetch = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -210,6 +210,23 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."ipfs.uninsane.org" = {
|
||||||
|
# don't default to ssl upgrades, since this may be dnslink'd from a different domain.
|
||||||
|
# ideally we'd disable ssl entirely, but some places assume it?
|
||||||
|
addSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
|
||||||
|
default = true;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://127.0.0.1:8080";
|
||||||
|
extraConfig = ''
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Ipfs-Gateway-Prefix "";
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# exists only to manage certs for dovecot
|
# exists only to manage certs for dovecot
|
||||||
services.nginx.virtualHosts."imap.uninsane.org" = {
|
services.nginx.virtualHosts."imap.uninsane.org" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user