depot/ops/nixos/bvm-ipfs/default.nix

# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com>
#
# SPDX-License-Identifier: Apache-2.0

{ config, ... }:
{
  imports = [
    ../lib/bvm.nix
  ];

  # Networking!
  networking = {
    hostName = "bvm-ipfs";
    hostId = "6eca8221";

    interfaces.enp1s0 = {
      ipv4.addresses = [{ address = "10.100.0.203"; prefixLength = 23; }];
    };
    interfaces.enp6s0 = {
      ipv4.addresses = [{ address = "92.118.28.4"; prefixLength = 24; }];
      ipv6.addresses = [{ address = "2a09:a441::4"; prefixLength = 32; }];
    };
    defaultGateway = { address = "92.118.28.1"; interface = "enp6s0"; };
    defaultGateway6 = { address = "2a09:a441::1"; interface = "enp6s0"; };

    firewall.allowedTCPPorts = [
      # IPFS
      4001
    ];
    firewall.allowedUDPPorts = [
      # IPFS
      4001
    ];
  };
  my.ip.tailscale = "100.73.206.41";

  services.ipfs = {
    enable = true;
    dataDir = "/store/ipfs";
    extraConfig = {
      Experimental.FilestoreEnabled = true;
      Addresses = let
        internalv4 = ["127.0.0.1" "10.100.0.203" config.my.ip.tailscale];
        internal = map (a: "/ip4/${a}") internalv4;
        externalv4 = internalv4 ++ ["92.118.28.4"];
        externalv6 = ["2a09:a441::4"];
        external = (map (a: "/ip4/${a}") externalv4) ++ (map (a: "/ip6/${a}") externalv6);
      in {
        API = map (f: "${f}/tcp/5001") internal;
        Gateway = map (f: "${f}/tcp/8080") internal;
        Swarm = let
          suffixes = ["/tcp/4001" "/udp/4001/quic"];
        in builtins.concatMap (suffix: map (prefix: prefix + suffix) external) suffixes;
      };

      API.HTTPHeaders = {
        Access-Control-Allow-Origin = [
          "http://bvm-ipfs:5001"
          "http://localhost:3000"
          "http://127.0.0.1:5001"
          "https://webui.ipfs.io"
          "https://ipfs.int.lukegb.com"
        ];
        Access-Control-Allow-Methods = ["PUT" "POST"];
      };
    };
  };

  system.stateVersion = "21.05";
}