Set up ipwhl.loang.net

1 files changed, 51 insertions, 0 deletions

diff --git a/ipfs.nix b/ipfs.nix
new file mode 100644
index 0000000..a2bf6a3
--- /dev/null
+++ b/ipfs.nix
@@ -0,0 +1,51 @@
+{ config, pkgs, ... }:
+let domain = config.networking.domain;
+in {
+  security.acme.certs.${domain} = {
+    credentialsFile = pkgs.writeText "namesilo.env" ''
+      NAMESILO_API_KEY_FILE=/var/lib/acme/namesilo.key
+      NAMESILO_PROPAGATION_TIMEOUT=1800
+    '';
+    dnsProvider = "namesilo";
+    extraDomainNames = [
+      "*.ipfs.${domain}"
+      "*.ipns.${domain}"
+    ];
+    webroot = null;
+  };
+
+  services = {
+    ipfs = {
+      enable = true;
+      enableGC = true;
+      extraConfig.GateWay = {
+        NoFetch = true;
+        PublicGateways.${domain} = {
+          Paths =  [ "/ipfs" "/ipns" ];
+          UseSubdomains = true;
+        };
+      };
+    };
+
+    nginx.virtualHosts = let
+      ipfsGateway = "http://localhost:8080";
+      ipfsProxy = {
+        forceSSL = true;
+        locations."/".proxyPass = ipfsGateway;
+        useACMEHost = domain;
+      };
+    in {
+      "${domain}".locations = {
+        "/ipfs".proxyPass = ipfsGateway;
+        "/ipns".proxyPass = ipfsGateway;
+      };
+      "*.ipfs.${domain}" = ipfsProxy;
+      "*.ipns.${domain}" = ipfsProxy;
+      "ipwhl.${domain}" = {
+        enableACME = true;
+        forceSSL = true;
+        locations."/".proxyPass = ipfsGateway;
+      };
+    };
+  };
+}