Compare commits
2 Commits
458558fb26
...
b1922d26f6
| Author | SHA1 | Date | |
|---|---|---|---|
|
b1922d26f6
|
||
|
|
f7ff1248fe
|
@@ -37,13 +37,13 @@
|
||||
"hostname::default",
|
||||
"ipfs::default",
|
||||
"ipfs::_user",
|
||||
"firewall::default",
|
||||
"chef-sugar::default",
|
||||
"kosmos-ipfs::kredits_pinner",
|
||||
"kosmos-nodejs::default",
|
||||
"nodejs::nodejs_from_package",
|
||||
"nodejs::repo",
|
||||
"kosmos-ipfs::firewall_swarm",
|
||||
"firewall::default",
|
||||
"chef-sugar::default",
|
||||
"kosmos-nginx::default",
|
||||
"nginx::default",
|
||||
"nginx::package",
|
||||
|
||||
@@ -1,20 +1,55 @@
|
||||
node.normal['ipfs']['version'] = "0.15.0"
|
||||
node.normal['ipfs']['checksum'] = "5830ce226956c5e2a2de3a3440704402dd3501c43ec16eeec2d61491317005f2"
|
||||
|
||||
node.default['kosmos-ipfs']['api']['port'] = 5001
|
||||
node.default['kosmos-ipfs']['ipfs']['config'] = {
|
||||
# The default gateway is already used by kosmos' hubot (8080)
|
||||
"Addresses.Gateway" => "/ip4/127.0.0.1/tcp/9090",
|
||||
# Do not keep track of bandwidth metrics. Disabling bandwidth metrics can
|
||||
# lead to a slight performance improvement, as well as a reduction in memory
|
||||
# usage.
|
||||
'Swarm.DisableBandwidthMetrics' => true,
|
||||
# API with Web UI
|
||||
"Addresses.API" => "/ip4/0.0.0.0/tcp/5001",
|
||||
# Enable bandwith metrics
|
||||
'Swarm.DisableBandwidthMetrics' => false,
|
||||
# Disable the p2p-circuit relay transport
|
||||
'Swarm.Transports.Network.Relay' => false,
|
||||
# Number of connections that, when exceeded, will trigger a connection GC
|
||||
# operation
|
||||
'Swarm.ConnMgr.HighWater' => 40,
|
||||
# Minimum number of connections to maintain
|
||||
'Swarm.ConnMgr.LowWater' => 20
|
||||
'Swarm.ConnMgr.LowWater' => 20,
|
||||
# Do not dial out to these IP ranges
|
||||
# We go a bit nuts on the 10.0 range definitions to allow dialouts on our own
|
||||
# private network
|
||||
'Swarm.AddrFilters' => [
|
||||
'/ip4/10.128.0.0/ipcidr/9',
|
||||
'/ip4/10.64.0.0/ipcidr/10',
|
||||
'/ip4/10.32.0.0/ipcidr/11',
|
||||
'/ip4/10.16.0.0/ipcidr/12',
|
||||
'/ip4/10.8.0.0/ipcidr/13',
|
||||
'/ip4/10.4.0.0/ipcidr/14',
|
||||
'/ip4/10.2.0.0/ipcidr/15',
|
||||
'/ip4/10.0.0.0/ipcidr/16',
|
||||
'/ip4/10.1.128.0/ipcidr/17',
|
||||
'/ip4/10.1.64.0/ipcidr/18',
|
||||
'/ip4/10.1.32.0/ipcidr/19',
|
||||
'/ip4/10.1.16.0/ipcidr/20',
|
||||
'/ip4/10.1.8.0/ipcidr/21',
|
||||
'/ip4/10.1.4.0/ipcidr/22',
|
||||
'/ip4/10.1.2.0/ipcidr/23',
|
||||
'/ip4/10.1.0.0/ipcidr/24',
|
||||
'/ip4/100.64.0.0/ipcidr/10',
|
||||
'/ip4/169.254.0.0/ipcidr/16',
|
||||
'/ip4/172.16.0.0/ipcidr/12',
|
||||
'/ip4/192.0.0.0/ipcidr/24',
|
||||
'/ip4/192.0.0.0/ipcidr/29',
|
||||
'/ip4/192.0.0.8/ipcidr/32',
|
||||
'/ip4/192.0.0.170/ipcidr/32',
|
||||
'/ip4/192.0.0.171/ipcidr/32',
|
||||
'/ip4/192.0.2.0/ipcidr/24',
|
||||
'/ip4/192.168.0.0/ipcidr/16',
|
||||
'/ip4/198.18.0.0/ipcidr/15',
|
||||
'/ip4/198.51.100.0/ipcidr/24',
|
||||
'/ip4/203.0.113.0/ipcidr/24',
|
||||
'/ip4/240.0.0.0/ipcidr/4'],
|
||||
}
|
||||
|
||||
node.default['kosmos-ipfs']['nginx']['api_port'] = 5001
|
||||
|
||||
@@ -4,6 +4,7 @@
|
||||
#
|
||||
|
||||
include_recipe "ipfs"
|
||||
include_recipe 'firewall'
|
||||
include_recipe "kosmos-ipfs::kredits_pinner"
|
||||
|
||||
node['kosmos-ipfs']['ipfs']['config'].each do |k, v|
|
||||
@@ -15,3 +16,27 @@ end
|
||||
unless node.chef_environment == "development"
|
||||
include_recipe "kosmos-ipfs::firewall_swarm"
|
||||
end
|
||||
|
||||
firewall_rule 'ipfs_api' do
|
||||
port 5001
|
||||
source "10.1.1.0/24"
|
||||
protocol :tcp
|
||||
command :allow
|
||||
logging :connections
|
||||
end
|
||||
|
||||
firewall_rule 'ipfs_local_p2p_allow_out' do
|
||||
destination "10.1.1.0/24"
|
||||
direction :out
|
||||
protocol :none
|
||||
command :allow
|
||||
logging :connections
|
||||
end
|
||||
|
||||
firewall_rule 'ipfs_local_p2p_deny_out' do
|
||||
destination "10.0.0.0/8"
|
||||
direction :out
|
||||
protocol :none
|
||||
command :deny
|
||||
logging :connections
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user