ipfs: add to pomerium, explicitly set IPs for swarm

This commit is contained in:
Luke Granger-Brown 2021-04-18 16:24:59 +00:00
parent 42e8b1eed0
commit 36cc88bcef
2 changed files with 26 additions and 10 deletions

View file

@ -39,16 +39,30 @@
dataDir = "/store/ipfs"; dataDir = "/store/ipfs";
extraConfig = { extraConfig = {
Experimental.FilestoreEnabled = true; Experimental.FilestoreEnabled = true;
Addresses.API = [ Addresses = let
"/ip4/127.0.0.1/tcp/5001" internalv4 = ["127.0.0.1" "10.100.0.203" config.my.ip.tailscale];
"/ip4/10.100.0.203/tcp/5001" internal = map (a: "/ip4/${a}") internalv4;
"/ip4/${config.my.ip.tailscale}/tcp/5001" externalv4 = internalv4 ++ ["92.118.28.4"];
]; externalv6 = ["2a09:a441::4"];
Addresses.Gateway = [ external = (map (a: "/ip4/${a}") externalv4) ++ (map (a: "/ip6/${a}") externalv6);
"/ip4/127.0.0.1/tcp/8080" in {
"/ip4/10.100.0.203/tcp/8080" API = map (f: "${f}/tcp/5001") internal;
"/ip4/${config.my.ip.tailscale}/tcp/8080" Gateway = map (f: "${f}/tcp/8080") internal;
]; Swarm = let
suffixes = ["/tcp/4001" "/udp/4001/quic"];
in builtins.concatMap (suffix: map (prefix: prefix + suffix) external) suffixes;
};
API.HTTPHeaders = {
Access-Control-Allow-Origin = [
"http://bvm-ipfs:5001"
"http://localhost:3000"
"http://127.0.0.1:5001"
"https://webui.ipfs.io"
"https://ipfs.int.lukegb.com"
];
Access-Control-Allow-Methods = ["PUT" "POST"];
};
}; };
}; };

View file

@ -252,6 +252,8 @@ in {
"X-Forwarded-Roles" = "pomerium"; "X-Forwarded-Roles" = "pomerium";
}; };
}) })
(service "bvm-ipfs:5001" "ipfs.int.lukegb.com" {})
(service "bvm-ipfs:8080" "ipfs-gw.int.lukegb.com" {})
]; ];
}; };
}; };