diff options
-rw-r--r-- | configuration.nix | 1 | ||||
-rw-r--r-- | ipfs.nix | 87 |
2 files changed, 0 insertions, 88 deletions
diff --git a/configuration.nix b/configuration.nix index 6654bd9..5f94597 100644 --- a/configuration.nix +++ b/configuration.nix @@ -33,7 +33,6 @@ ./automation.nix ./dbms.nix ./dns.nix - ./ipfs.nix ./irc.nix ./git.nix ./matrix.nix diff --git a/ipfs.nix b/ipfs.nix deleted file mode 100644 index 876b74c..0000000 --- a/ipfs.nix +++ /dev/null @@ -1,87 +0,0 @@ -# IPFS and IPWHL configuration -# Copyright (C) 2022 Nguyễn Gia Phong -# -# This file is part of loang configuration. -# -# Loang configuration is free software: you can redistribute it and/or modify -# it under the terms of the GNU Affero General Public License as published -# by the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# Loang configuration is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU Affero General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with loang configuration. If not, see <https://www.gnu.org/licenses/>. - -{ config, ... }: -let inherit (config.networking) domain; -in { - networking.firewall = { - allowedTCPPorts = [ 4001 ]; - allowedUDPPorts = [ 4001 ]; - }; - - security = { - acme.certs.${domain} = { - credentialsFile = builtins.toFile "knot.env" '' - RFC2136_NAMESERVER=127.0.0.1 - RFC2136_TSIG_KEY=lego - RFC2136_TSIG_ALGORITHM=hmac-sha256 - RFC2136_TSIG_SECRET_FILE=/var/lib/acme/knot.secret - ''; - dnsProvider = "rfc2136"; - extraDomainNames = [ - "*.ipfs.${domain}" - "*.ipns.${domain}" - ]; - webroot = null; - }; - - sudo.extraRules = [ - { - users = [ "xarvos" ]; - commands = [ "ALL" ]; - runAs = "ipfs"; - } - ]; - }; - - services = { - kubo = { - dataDir = "/mnt/nas/ipfs"; - enable = true; - enableGC = true; - settings.GateWay = { - NoFetch = true; - PublicGateways."${domain}" = { - Paths = [ "/ipfs" "/ipns" ]; - UseSubdomains = true; - }; - }; - }; - - nginx.virtualHosts = let - ipfsGateway = "http://localhost:8080"; - ipfsProxy = { - forceSSL = true; - locations."/".proxyPass = ipfsGateway; - useACMEHost = domain; - }; - in { - "${domain}".locations = { - "/ipfs".proxyPass = ipfsGateway; - "/ipns".proxyPass = ipfsGateway; - }; - "*.ipfs.${domain}" = ipfsProxy; - "*.ipns.${domain}" = ipfsProxy; - "ipwhl.${domain}" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = ipfsGateway; - }; - }; - }; -} |