# IPFS and IPWHL configuration # Copyright (C) 2022 Nguyễn Gia Phong # # This file is part of loang configuration. # # Loang configuration is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # Loang configuration is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with loang configuration. If not, see . { config, ... }: let inherit (config.networking) domain; in { networking.firewall = { allowedTCPPorts = [ 4001 ]; allowedUDPPorts = [ 4001 ]; }; security = { acme.certs.${domain} = { credentialsFile = builtins.toFile "knot.env" '' RFC2136_NAMESERVER=127.0.0.1 RFC2136_TSIG_KEY=lego RFC2136_TSIG_ALGORITHM=hmac-sha256 RFC2136_TSIG_SECRET_FILE=/var/lib/acme/knot.secret ''; dnsProvider = "rfc2136"; extraDomainNames = [ "*.ipfs.${domain}" "*.ipns.${domain}" ]; webroot = null; }; sudo.extraRules = [ { users = [ "xarvos" ]; commands = [ "ALL" ]; runAs = "ipfs"; } ]; }; services = { kubo = { dataDir = "/mnt/nas/ipfs"; enable = true; enableGC = true; settings.GateWay = { NoFetch = true; PublicGateways."${domain}" = { Paths = [ "/ipfs" "/ipns" ]; UseSubdomains = true; }; }; }; nginx.virtualHosts = let ipfsGateway = "http://localhost:8080"; ipfsProxy = { forceSSL = true; locations."/".proxyPass = ipfsGateway; useACMEHost = domain; }; in { "${domain}".locations = { "/ipfs".proxyPass = ipfsGateway; "/ipns".proxyPass = ipfsGateway; }; "*.ipfs.${domain}" = ipfsProxy; "*.ipns.${domain}" = ipfsProxy; "ipwhl.${domain}" = { enableACME = true; forceSSL = true; locations."/".proxyPass = ipfsGateway; }; }; }; }