Loading nixos/modules/services/network-filesystems/kubo.nix +22 −17 Original line number Diff line number Diff line Loading @@ -10,29 +10,22 @@ let settingsFormat = pkgs.formats.json { }; rawDefaultConfig = lib.importJSON ( defaultConfig = pkgs.runCommand "kubo-default-config" { nativeBuildInputs = [ cfg.package ]; nativeBuildInputs = [ cfg.package pkgs.jq ]; } '' export IPFS_PATH="$TMPDIR" ipfs init --empty-repo --profile=${profile} ipfs --offline config show > "$out" '' ); # Remove the PeerID (an attribute of "Identity") of the temporary Kubo repo. # The "Pinning" section contains the "RemoteServices" section, which would prevent # the daemon from starting as that setting can't be changed via ipfs config replace. defaultConfig = removeAttrs rawDefaultConfig [ "Identity" "Pinning" ]; customizedConfig = lib.recursiveUpdate defaultConfig cfg.settings; # Remove the variable key to make the result deterministic. ipfs --offline config show | jq 'del(.Identity)' > $out ''; configFile = settingsFormat.generate "kubo-config.json" customizedConfig; configFile = settingsFormat.generate "kubo-config.json" cfg.settings; # Create a fake repo containing only the file "api". # $IPFS_PATH will point to this directory instead of the real one. Loading Loading @@ -392,8 +385,20 @@ in '' + '' fi # We need the Identity and Pinning configuration from the current settings. ipfs --offline config show | ${pkgs.jq}/bin/jq -s '.[0].Pinning as $Pinning | .[0].Identity as $Identity | .[1] + {$Identity,$Pinning}' - '${configFile}' | ${lib.getExe pkgs.jq} '{ Identity, Pinning, }' | # Now we deep-merge all configuration sources (later data wins): # 1. the default configuration # 2. the user-provided configuration # 3. the dynamic keys from the existing configuration ${lib.getExe pkgs.jq} -s 'reduce .[] as $config ({}; . * $config)' \ ${defaultConfig} \ ${configFile} \ - \ | # This command automatically injects the private key and other secrets from # the old config file back into the new config file. Loading nixos/tests/kubo/kubo.nix +1 −1 Original line number Diff line number Diff line Loading @@ -56,7 +56,7 @@ with subtest("Socket activation for the Gateway"): machine.succeed( f"curl 'http://127.0.0.1:8080/ipfs/{ipfs_hash.strip()}' | grep fnord2" f"curl -s 'http://127.0.0.1:8080/ipfs/{ipfs_hash.strip()}' | grep fnord2" ) with subtest("Setting dataDir works properly with the hardened systemd unit"): Loading Loading
nixos/modules/services/network-filesystems/kubo.nix +22 −17 Original line number Diff line number Diff line Loading @@ -10,29 +10,22 @@ let settingsFormat = pkgs.formats.json { }; rawDefaultConfig = lib.importJSON ( defaultConfig = pkgs.runCommand "kubo-default-config" { nativeBuildInputs = [ cfg.package ]; nativeBuildInputs = [ cfg.package pkgs.jq ]; } '' export IPFS_PATH="$TMPDIR" ipfs init --empty-repo --profile=${profile} ipfs --offline config show > "$out" '' ); # Remove the PeerID (an attribute of "Identity") of the temporary Kubo repo. # The "Pinning" section contains the "RemoteServices" section, which would prevent # the daemon from starting as that setting can't be changed via ipfs config replace. defaultConfig = removeAttrs rawDefaultConfig [ "Identity" "Pinning" ]; customizedConfig = lib.recursiveUpdate defaultConfig cfg.settings; # Remove the variable key to make the result deterministic. ipfs --offline config show | jq 'del(.Identity)' > $out ''; configFile = settingsFormat.generate "kubo-config.json" customizedConfig; configFile = settingsFormat.generate "kubo-config.json" cfg.settings; # Create a fake repo containing only the file "api". # $IPFS_PATH will point to this directory instead of the real one. Loading Loading @@ -392,8 +385,20 @@ in '' + '' fi # We need the Identity and Pinning configuration from the current settings. ipfs --offline config show | ${pkgs.jq}/bin/jq -s '.[0].Pinning as $Pinning | .[0].Identity as $Identity | .[1] + {$Identity,$Pinning}' - '${configFile}' | ${lib.getExe pkgs.jq} '{ Identity, Pinning, }' | # Now we deep-merge all configuration sources (later data wins): # 1. the default configuration # 2. the user-provided configuration # 3. the dynamic keys from the existing configuration ${lib.getExe pkgs.jq} -s 'reduce .[] as $config ({}; . * $config)' \ ${defaultConfig} \ ${configFile} \ - \ | # This command automatically injects the private key and other secrets from # the old config file back into the new config file. Loading
nixos/tests/kubo/kubo.nix +1 −1 Original line number Diff line number Diff line Loading @@ -56,7 +56,7 @@ with subtest("Socket activation for the Gateway"): machine.succeed( f"curl 'http://127.0.0.1:8080/ipfs/{ipfs_hash.strip()}' | grep fnord2" f"curl -s 'http://127.0.0.1:8080/ipfs/{ipfs_hash.strip()}' | grep fnord2" ) with subtest("Setting dataDir works properly with the hardened systemd unit"): Loading
