samsapti
/
pi-ansible
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add IPFS node

This commit is contained in:
Sam A. 2023-07-02 02:09:57 +02:00
parent 77effd7bf4
commit 13d7075a08
Signed by: samsapti
GPG Key ID: CBBBE7371E81C4EA
6 changed files with 93 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
provision.sh
View File

@ -7,6 +7,8 @@ usage() {
printf '$ %s\n' "$0 [-h|--help]"
printf '$ %s\n' "$0 [--dry] os"
printf '$ %s\n' "$0 [--dry] docker"
printf '$ %s\n' "$0 [--dry] firewall"
printf '$ %s\n' "$0 [--dry] ssh"
printf '$ %s\n' "$0 [--dry] users [-i|--init]"
printf '$ %s\n' "$0 [--dry] reboot [-f|--force]"
printf '$ %s\n' "$0 [--dry] services [-d|--down] [SINGLE_SERVICE]"

5
roles/docker_services/defaults/main.yml
View File

@ -21,6 +21,11 @@ services:
data_volume: "{{ mass_data_volume }}/emby"
version: latest
ipfs:
domain: ipfs-gateway.{{ base_domain }}
volume: "{{ base_volume }}/ipfs"
version: v0.19.2 # https://github.com/ipfs/kubo/issues/9901
monerod:
domain: xmr.{{ base_domain }}
volume: "{{ base_volume }}/monerod"

20
roles/docker_services/files/ipfs/ipfs-config.sh Normal file
View File

@ -0,0 +1,20 @@
#!/bin/sh
set -ex
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["http://'$LAN_IP':5001"]'
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["PUT", "POST"]'
ipfs config --json Gateway.PublicGateways '{
"'$IPFS_DOMAIN'": {
"UseSubdomains": false,
"Paths": ["/ipfs", "/ipns"]
}
}'
ipfs config --json DNS.Resolvers '{
".": "https://anycast.censurfridns.dk/dns-query"
}'
ipfs config --json Datastore.StorageMax '"100GB"'
ipfs config --json Datastore.GCPeriod '"10m"'

45
roles/docker_services/tasks/services/ipfs.yml Normal file
View File

@ -0,0 +1,45 @@
# vim: ft=yaml.ansible
---
- name: Create IPFS Kubo volume directories
ansible.builtin.file:
name: "{{ dir }}"
owner: root
mode: u=rwx,g=rx,o=rx
state: directory
loop:
- "{{ services.ipfs.volume }}/data"
- "{{ services.ipfs.volume }}/staging"
loop_control:
loop_var: dir
- name: Copy ipfs-config.sh
ansible.builtin.copy:
src: ipfs/ipfs-config.sh
dest: "{{ services.ipfs.volume }}/ipfs-config.sh"
owner: root
mode: u=rwx,g=rx,o=rx
- name: Deploy IPFS Kubo Docker container
community.docker.docker_container:
name: ipfs_kubo
state: "{{ 'absent' if stop is defined and stop else 'started' }}"
restart: "{{ stop is undefined or not stop }}"
image: ipfs/kubo:{{ services.ipfs.version }}
restart_policy: always
default_host_ip: ''
env:
IPFS_DOMAIN: "{{ services.ipfs.domain }}"
IPFS_PROFILE: server
LAN_IP: "{{ ansible_default_ipv4.address }}"
networks:
- name: services
aliases:
- ipfs_kubo
volumes:
- "{{ services.ipfs.volume }}/ipfs-config.sh:/container-init.d/ipfs-config.sh:ro"
- "{{ services.ipfs.volume }}/data:/data/ipfs:rw"
- "{{ services.ipfs.volume }}/staging:/export:rw"
published_ports:
- 4001:4001/tcp
- 4001:4001/udp
- 5001:5001/tcp

12
roles/docker_services/templates/Caddyfile.j2
View File

@ -27,6 +27,18 @@
reverse_proxy emby:8096
}
{{ services.ipfs.domain }} {
tls {{ secrets.tls_email }}
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
-Server
}
reverse_proxy ipfs_kubo:8080
}
{{ services.monerod.domain }}:18089 {
tls {{ secrets.tls_email }}

13
roles/os_config/tasks/firewall.yml
View File

@ -7,13 +7,18 @@
proto: "{{ item.proto | default('tcp') }}"
loop:
- port: '22' # SSH
- port: '53' # Pi-hole
- port: '53' # Pi-hole (not port-forwarded)
proto: tcp
- port: '53' # Pi-hole
- port: '53' # Pi-hole (not port-forwarded)
proto: udp
- port: '80' # HTTP
- port: '81' # Pi-hole
- port: '81' # Pi-hole (not port-forwarded)
- port: '443' # HTTPS
- port: '4001' # IPFS Kubo P2P
proto: tcp
- port: '4001' # IPFS Kubo P2P
proto: udp
- port: '5001' # IPFS Kubo RPC API (not port-forwarded)
- port: '18080' # monerod P2P
- port: '18089' # monerod RPC
- port: '51820' # Wireguard
@ -21,5 +26,5 @@
- name: Enable UFW
community.general.ufw:
state: enabled
policy: deny
state: enabled