nixos/profiles/kubo.nix

   1 {
   2   pkgs,
   3   lib,
   4   config,
   5   pkgs-unstable,
   6   ...
   7 }:
   8 {
   9   services.kubo = {
  10     enable = true;
  11     package = pkgs-unstable.kubo;
  12     defaultMode = "online";
  13     autoMount = true;
  14     enableGC = true;
  15     localDiscovery = false;
  16     settings = {
  17       Addresses.API = [ "/ip4/127.0.0.1/tcp/5001" ];
  18       Datastore.StorageMax = "10GB";
  19       Discovery.MDNS.Enabled = false;
  20       API.HTTPHeaders.Access-Control-Allow-Origin = [
  21         "http://localhost:3000"
  22         "http://127.0.0.1:5001"
  23         "https://webui.ipfs.io"
  24       ];
  25       API.HTTPHeaders.Access-Control-Allow-Methods = [
  26         "PUT"
  27         "POST"
  28       ];
  29       #Bootstrap = [
  30       #];
  31       #Swarm.AddrFilters = null;
  32     };
  33     startWhenNeeded = true;
  34   };
  35   networking.nftables.ruleset = ''
  36     table inet filter {
  37       chain input-net {
  38         meta l4proto { udp, tcp } th sport 4001 counter accept comment "kubo: IPFS libp2p swarm"
  39       }
  40       chain output-net {
  41         meta l4proto { udp, tcp } th dport 4001 skuid ${toString config.services.kubo.user} counter accept comment "kubo: IPFS libp2p swarm"
  42       }
  43     }
  44   '';
  45 }