kubo: add profile

author Julien Moutinho <julm+julm-nix@sourcephile.fr>

Tue, 22 Jul 2025 23:24:44 +0000 (01:24 +0200)

committer Julien Moutinho <julm+julm-nix@sourcephile.fr>

Tue, 22 Jul 2025 23:24:44 +0000 (01:24 +0200)
author Julien Moutinho <julm+julm-nix@sourcephile.fr>
Tue, 22 Jul 2025 23:24:44 +0000 (01:24 +0200)
committer Julien Moutinho <julm+julm-nix@sourcephile.fr>
Tue, 22 Jul 2025 23:24:44 +0000 (01:24 +0200)
diff --git a/hosts/pumpkin.nix b/hosts/pumpkin.nix

index 8a74ca9b78a2821b0f1f532ba6eef184c4439ce5..5bfbc78b68d509abb28c992f74a7eacace83fbd5 100644 (file)
--- a/hosts/pumpkin.nix
+++ b/hosts/pumpkin.nix
@@ -57,6 +57,7 @@
        "wireshark"
        #"ipfs"
        config.services.davfs2.davGroup
        "wireshark"
        #"ipfs"
        config.services.davfs2.davGroup
+      config.services.kubo.group
        #"vboxusers"
      ];
      # If created, zfs-mount.service would require:
        #"vboxusers"
      ];
      # If created, zfs-mount.service would require:
@@ -190,22 +191,6 @@
        */
      };
  
        */
      };
  
-  services.kubo = {
-    #enable = true;
-    defaultMode = "online";
-    autoMount = true;
-    enableGC = true;
-    localDiscovery = false;
-    settings = {
-      Datastore.StorageMax = "10GB";
-      Discovery.MDNS.Enabled = false;
-      #Bootstrap = [
-      #];
-      #Swarm.AddrFilters = null;
-    };
-    startWhenNeeded = true;
-  };
-
    services.udev.packages = [
      # Allow the console user access the Yubikey USB device node,
      # needed for challenge/response to work correctly.
    services.udev.packages = [
      # Allow the console user access the Yubikey USB device node,
      # needed for challenge/response to work correctly.
diff --git a/hosts/pumpkin/networking.nix b/hosts/pumpkin/networking.nix

index d6cfd4cbba0cf79dc8102fdbd64cf11226fe4d12..74efcef774c2eea95b1d990233e0195d6aa8d95f 100644 (file)
--- a/hosts/pumpkin/networking.nix
+++ b/hosts/pumpkin/networking.nix
@@ -4,6 +4,7 @@
      ../../nixos/profiles/dnscrypt-proxy2.nix
      ../../nixos/profiles/networking/ssh.nix
      ../../nixos/profiles/networking/wifi.nix
      ../../nixos/profiles/dnscrypt-proxy2.nix
      ../../nixos/profiles/networking/ssh.nix
      ../../nixos/profiles/networking/wifi.nix
+    ../../nixos/profiles/kubo.nix
      #../../nixos/profiles/openvpn/calyx.nix
      networking/nftables.nix
    ];
      #../../nixos/profiles/openvpn/calyx.nix
      networking/nftables.nix
    ];
diff --git a/nixos/profiles/kubo.nix b/nixos/profiles/kubo.nix

new file mode 100644 (file)

index 0000000..874610f
--- /dev/null
+++ b/nixos/profiles/kubo.nix
@@ -0,0 +1,33 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
+  services.kubo = {
+    enable = true;
+    defaultMode = "online";
+    autoMount = true;
+    enableGC = true;
+    localDiscovery = false;
+    settings = {
+      Datastore.StorageMax = "10GB";
+      Discovery.MDNS.Enabled = false;
+      #Bootstrap = [
+      #];
+      #Swarm.AddrFilters = null;
+    };
+    startWhenNeeded = true;
+  };
+  networking.nftables.ruleset = ''
+    table inet filter {
+      chain input-net {
+        meta l4proto { udp, tcp } th sport 4001 counter accept comment "kubo: IPFS libp2p swarm"
+      }
+      chain output-net {
+        meta l4proto { udp, tcp } th dport 4001 skuid ${toString config.services.kubo.user} counter accept comment "kubo: IPFS libp2p swarm"
+      }
+    }
+  '';
+}
author	Julien Moutinho <julm+julm-nix@sourcephile.fr>
	Tue, 22 Jul 2025 23:24:44 +0000 (01:24 +0200)
committer	Julien Moutinho <julm+julm-nix@sourcephile.fr>
	Tue, 22 Jul 2025 23:24:44 +0000 (01:24 +0200)
hosts/pumpkin.nix		patch \| blob \| history
hosts/pumpkin/networking.nix		patch \| blob \| history
nixos/profiles/kubo.nix	[new file with mode: 0644]	patch \| blob