-[Pareto Security](https://paretosecurity.com/) is an alternative to corporate compliance solutions for companies that care about security but know it doesn't have to be invasive. Available as [services.paretosecurity](#opt-services.paretosecurity.enable)
-[ipfs-cluster](https://ipfscluster.io/), Pinset orchestration for IPFS. Available as [services.ipfs-cluster](#opt-services.ipfs-cluster.enable)
<!-- To avoid merge conflicts, consider adding your item at an arbitrary place in the list instead. -->
enable=lib.mkEnableOption"Pinset orchestration for IPFS - requires ipfs daemon to be useful";
consensus=lib.mkOption{
type=lib.types.enum[
"raft"
"crdt"
];
description="Consensus protocol - 'raft' or 'crdt'. https://cluster.ipfs.io/documentation/guides/consensus/";
};
dataDir=lib.mkOption{
type=lib.types.str;
default="/var/lib/ipfs-cluster";
description="The data dir for ipfs-cluster.";
};
initPeers=lib.mkOption{
type=lib.types.listOflib.types.str;
default=[];
description="Peer addresses to initialize with on first run.";
};
openSwarmPort=lib.mkOption{
type=lib.types.bool;
default=false;
description="Open swarm port, secured by the cluster secret. This does not expose the API or proxy. https://cluster.ipfs.io/documentation/guides/security/";
};
secretFile=lib.mkOption{
type=lib.types.nullOrlib.types.path;
default=null;
description=''
File containing the cluster secret in the format of EnvironmentFile as described by
{manpage}`systemd.exec(5)`. For example:
<programlisting>
CLUSTER_SECRET=<replaceable>...</replaceable>
</programlisting>
If null, a new secret will be generated on first run and stored in the data directory.
A secret in the correct format can also be generated by: `openssl rand -hex 32`
