Add IPFS node
This commit is contained in:
parent
77effd7bf4
commit
13d7075a08
GPG key ID:
CBBBE7371E81C4EA
|
|
@ -7,6 +7,8 @@ usage() {
|
||||||
printf '$ %s\n' "$0 [-h|--help]"
|
printf '$ %s\n' "$0 [-h|--help]"
|
||||||
printf '$ %s\n' "$0 [--dry] os"
|
printf '$ %s\n' "$0 [--dry] os"
|
||||||
printf '$ %s\n' "$0 [--dry] docker"
|
printf '$ %s\n' "$0 [--dry] docker"
|
||||||
|
printf '$ %s\n' "$0 [--dry] firewall"
|
||||||
|
printf '$ %s\n' "$0 [--dry] ssh"
|
||||||
printf '$ %s\n' "$0 [--dry] users [-i|--init]"
|
printf '$ %s\n' "$0 [--dry] users [-i|--init]"
|
||||||
printf '$ %s\n' "$0 [--dry] reboot [-f|--force]"
|
printf '$ %s\n' "$0 [--dry] reboot [-f|--force]"
|
||||||
printf '$ %s\n' "$0 [--dry] services [-d|--down] [SINGLE_SERVICE]"
|
printf '$ %s\n' "$0 [--dry] services [-d|--down] [SINGLE_SERVICE]"
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,11 @@ services:
|
||||||
data_volume: "{{ mass_data_volume }}/emby"
|
data_volume: "{{ mass_data_volume }}/emby"
|
||||||
version: latest
|
version: latest
|
||||||
|
|
||||||
|
ipfs:
|
||||||
|
domain: ipfs-gateway.{{ base_domain }}
|
||||||
|
volume: "{{ base_volume }}/ipfs"
|
||||||
|
version: v0.19.2 # https://github.com/ipfs/kubo/issues/9901
|
||||||
|
|
||||||
monerod:
|
monerod:
|
||||||
domain: xmr.{{ base_domain }}
|
domain: xmr.{{ base_domain }}
|
||||||
volume: "{{ base_volume }}/monerod"
|
volume: "{{ base_volume }}/monerod"
|
||||||
|
|
|
||||||
20
roles/docker_services/files/ipfs/ipfs-config.sh
Normal file
20
roles/docker_services/files/ipfs/ipfs-config.sh
Normal file
|
|
@ -0,0 +1,20 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -ex
|
||||||
|
|
||||||
|
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["http://'$LAN_IP':5001"]'
|
||||||
|
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["PUT", "POST"]'
|
||||||
|
|
||||||
|
ipfs config --json Gateway.PublicGateways '{
|
||||||
|
"'$IPFS_DOMAIN'": {
|
||||||
|
"UseSubdomains": false,
|
||||||
|
"Paths": ["/ipfs", "/ipns"]
|
||||||
|
}
|
||||||
|
}'
|
||||||
|
|
||||||
|
ipfs config --json DNS.Resolvers '{
|
||||||
|
".": "https://anycast.censurfridns.dk/dns-query"
|
||||||
|
}'
|
||||||
|
|
||||||
|
ipfs config --json Datastore.StorageMax '"100GB"'
|
||||||
|
ipfs config --json Datastore.GCPeriod '"10m"'
|
||||||
45
roles/docker_services/tasks/services/ipfs.yml
Normal file
45
roles/docker_services/tasks/services/ipfs.yml
Normal file
|
|
@ -0,0 +1,45 @@
|
||||||
|
# vim: ft=yaml.ansible
|
||||||
|
---
|
||||||
|
- name: Create IPFS Kubo volume directories
|
||||||
|
ansible.builtin.file:
|
||||||
|
name: "{{ dir }}"
|
||||||
|
owner: root
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
state: directory
|
||||||
|
loop:
|
||||||
|
- "{{ services.ipfs.volume }}/data"
|
||||||
|
- "{{ services.ipfs.volume }}/staging"
|
||||||
|
loop_control:
|
||||||
|
loop_var: dir
|
||||||
|
|
||||||
|
- name: Copy ipfs-config.sh
|
||||||
|
ansible.builtin.copy:
|
||||||
|
src: ipfs/ipfs-config.sh
|
||||||
|
dest: "{{ services.ipfs.volume }}/ipfs-config.sh"
|
||||||
|
owner: root
|
||||||
|
mode: u=rwx,g=rx,o=rx
|
||||||
|
|
||||||
|
- name: Deploy IPFS Kubo Docker container
|
||||||
|
community.docker.docker_container:
|
||||||
|
name: ipfs_kubo
|
||||||
|
state: "{{ 'absent' if stop is defined and stop else 'started' }}"
|
||||||
|
restart: "{{ stop is undefined or not stop }}"
|
||||||
|
image: ipfs/kubo:{{ services.ipfs.version }}
|
||||||
|
restart_policy: always
|
||||||
|
default_host_ip: ''
|
||||||
|
env:
|
||||||
|
IPFS_DOMAIN: "{{ services.ipfs.domain }}"
|
||||||
|
IPFS_PROFILE: server
|
||||||
|
LAN_IP: "{{ ansible_default_ipv4.address }}"
|
||||||
|
networks:
|
||||||
|
- name: services
|
||||||
|
aliases:
|
||||||
|
- ipfs_kubo
|
||||||
|
volumes:
|
||||||
|
- "{{ services.ipfs.volume }}/ipfs-config.sh:/container-init.d/ipfs-config.sh:ro"
|
||||||
|
- "{{ services.ipfs.volume }}/data:/data/ipfs:rw"
|
||||||
|
- "{{ services.ipfs.volume }}/staging:/export:rw"
|
||||||
|
published_ports:
|
||||||
|
- 4001:4001/tcp
|
||||||
|
- 4001:4001/udp
|
||||||
|
- 5001:5001/tcp
|
||||||
|
|
@ -27,6 +27,18 @@
|
||||||
reverse_proxy emby:8096
|
reverse_proxy emby:8096
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{{ services.ipfs.domain }} {
|
||||||
|
tls {{ secrets.tls_email }}
|
||||||
|
|
||||||
|
header {
|
||||||
|
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
|
||||||
|
-Server
|
||||||
|
}
|
||||||
|
|
||||||
|
reverse_proxy ipfs_kubo:8080
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
{{ services.monerod.domain }}:18089 {
|
{{ services.monerod.domain }}:18089 {
|
||||||
tls {{ secrets.tls_email }}
|
tls {{ secrets.tls_email }}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -7,13 +7,18 @@
|
||||||
proto: "{{ item.proto | default('tcp') }}"
|
proto: "{{ item.proto | default('tcp') }}"
|
||||||
loop:
|
loop:
|
||||||
- port: '22' # SSH
|
- port: '22' # SSH
|
||||||
- port: '53' # Pi-hole
|
- port: '53' # Pi-hole (not port-forwarded)
|
||||||
proto: tcp
|
proto: tcp
|
||||||
- port: '53' # Pi-hole
|
- port: '53' # Pi-hole (not port-forwarded)
|
||||||
proto: udp
|
proto: udp
|
||||||
- port: '80' # HTTP
|
- port: '80' # HTTP
|
||||||
- port: '81' # Pi-hole
|
- port: '81' # Pi-hole (not port-forwarded)
|
||||||
- port: '443' # HTTPS
|
- port: '443' # HTTPS
|
||||||
|
- port: '4001' # IPFS Kubo P2P
|
||||||
|
proto: tcp
|
||||||
|
- port: '4001' # IPFS Kubo P2P
|
||||||
|
proto: udp
|
||||||
|
- port: '5001' # IPFS Kubo RPC API (not port-forwarded)
|
||||||
- port: '18080' # monerod P2P
|
- port: '18080' # monerod P2P
|
||||||
- port: '18089' # monerod RPC
|
- port: '18089' # monerod RPC
|
||||||
- port: '51820' # Wireguard
|
- port: '51820' # Wireguard
|
||||||
|
|
@ -21,5 +26,5 @@
|
||||||
|
|
||||||
- name: Enable UFW
|
- name: Enable UFW
|
||||||
community.general.ufw:
|
community.general.ufw:
|
||||||
state: enabled
|
|
||||||
policy: deny
|
policy: deny
|
||||||
|
state: enabled
|
||||||
|
|
|
||||||
Reference in a new issue