servo: add ipfs service
This commit is contained in:
parent
fd567f8c09
commit
57886ec3d0
|
@ -8,6 +8,7 @@
|
|||
./users.nix
|
||||
./services/ddns-he.nix
|
||||
./services/gitea.nix
|
||||
./services/ipfs.nix
|
||||
./services/jackett.nix
|
||||
./services/jellyfin.nix
|
||||
./services/matrix.nix
|
||||
|
@ -29,6 +30,12 @@
|
|||
sopsFile = ../../secrets/servo.yaml;
|
||||
};
|
||||
|
||||
# both transmission and ipfs try to set different net defaults.
|
||||
# we just use the most aggressive of the two here:
|
||||
boot.kernel.sysctl = {
|
||||
"net.core.rmem_max" = "4194304"; # 4MB
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
|
|
23
machines/servo/services/ipfs.nix
Normal file
23
machines/servo/services/ipfs.nix
Normal file
|
@ -0,0 +1,23 @@
|
|||
{ ... }:
|
||||
{
|
||||
services.ipfs.enable = true;
|
||||
services.ipfs.localDiscovery = true;
|
||||
services.ipfs.swarmAddress = [
|
||||
"/dns4/ipfs.uninsane.org/tcp/4001"
|
||||
"/ip4/0.0.0.0/tcp/4001"
|
||||
"/dns4/ipfs.uninsane.org/udp/4001/quic"
|
||||
"/ip4/0.0.0.0/udp/4001/quic"
|
||||
];
|
||||
services.ipfs.extraConfig = {
|
||||
Addresses = {
|
||||
Announce = [
|
||||
"/dns4/ipfs.uninsane.org/tcp/4001"
|
||||
"/dns4/ipfs.uninsane.org/udp/4001/quic"
|
||||
];
|
||||
};
|
||||
Gateway = {
|
||||
# the gateway can only be used to serve content already replicated on this host
|
||||
NoFetch = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -210,6 +210,23 @@
|
|||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."ipfs.uninsane.org" = {
|
||||
# don't default to ssl upgrades, since this may be dnslink'd from a different domain.
|
||||
# ideally we'd disable ssl entirely, but some places assume it?
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
default = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:8080";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Ipfs-Gateway-Prefix "";
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# exists only to manage certs for dovecot
|
||||
services.nginx.virtualHosts."imap.uninsane.org" = {
|
||||
forceSSL = true;
|
||||
|
|
Loading…
Reference in New Issue
Block a user