From 36cc88bceff3c3a39b3e8a1d191feb2bbc173f61 Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sun, 18 Apr 2021 16:24:59 +0000 Subject: [PATCH] ipfs: add to pomerium, explicitly set IPs for swarm --- ops/nixos/bvm-ipfs/default.nix | 34 +++++++++++++++++++-------- ops/nixos/etheroute-lon01/default.nix | 2 ++ 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/ops/nixos/bvm-ipfs/default.nix b/ops/nixos/bvm-ipfs/default.nix index 7dff9cbf47..959783b38a 100644 --- a/ops/nixos/bvm-ipfs/default.nix +++ b/ops/nixos/bvm-ipfs/default.nix @@ -39,16 +39,30 @@ dataDir = "/store/ipfs"; extraConfig = { Experimental.FilestoreEnabled = true; - Addresses.API = [ - "/ip4/127.0.0.1/tcp/5001" - "/ip4/10.100.0.203/tcp/5001" - "/ip4/${config.my.ip.tailscale}/tcp/5001" - ]; - Addresses.Gateway = [ - "/ip4/127.0.0.1/tcp/8080" - "/ip4/10.100.0.203/tcp/8080" - "/ip4/${config.my.ip.tailscale}/tcp/8080" - ]; + Addresses = let + internalv4 = ["127.0.0.1" "10.100.0.203" config.my.ip.tailscale]; + internal = map (a: "/ip4/${a}") internalv4; + externalv4 = internalv4 ++ ["92.118.28.4"]; + externalv6 = ["2a09:a441::4"]; + external = (map (a: "/ip4/${a}") externalv4) ++ (map (a: "/ip6/${a}") externalv6); + in { + API = map (f: "${f}/tcp/5001") internal; + Gateway = map (f: "${f}/tcp/8080") internal; + Swarm = let + suffixes = ["/tcp/4001" "/udp/4001/quic"]; + in builtins.concatMap (suffix: map (prefix: prefix + suffix) external) suffixes; + }; + + API.HTTPHeaders = { + Access-Control-Allow-Origin = [ + "http://bvm-ipfs:5001" + "http://localhost:3000" + "http://127.0.0.1:5001" + "https://webui.ipfs.io" + "https://ipfs.int.lukegb.com" + ]; + Access-Control-Allow-Methods = ["PUT" "POST"]; + }; }; }; diff --git a/ops/nixos/etheroute-lon01/default.nix b/ops/nixos/etheroute-lon01/default.nix index a74596ff40..39cb2d6d2e 100644 --- a/ops/nixos/etheroute-lon01/default.nix +++ b/ops/nixos/etheroute-lon01/default.nix @@ -252,6 +252,8 @@ in { "X-Forwarded-Roles" = "pomerium"; }; }) + (service "bvm-ipfs:5001" "ipfs.int.lukegb.com" {}) + (service "bvm-ipfs:8080" "ipfs-gw.int.lukegb.com" {}) ]; }; };