From 61ab6f67afcbcc06e35a651959937a2e293e4473 Mon Sep 17 00:00:00 2001
From: Yann Autissier <yann.autissier@gmail.com>
Date: Sun, 20 Nov 2022 01:34:03 +0100
Subject: [PATCH] ipfs config

---
 docker/ipfs/ipfs-config.sh | 14 ++++++++------
 make/apps/def.mk           |  2 +-
 stack/ipfs/.env.dist       | 17 ++++++++++++-----
 stack/ipfs/ipfs.yml        |  6 +++++-
 stack/node/ipfs/.env.dist  | 11 ++++++++++-
 stack/node/ipfs/ipfs.yml   |  9 ++++++---
 6 files changed, 42 insertions(+), 17 deletions(-)

diff --git a/docker/ipfs/ipfs-config.sh b/docker/ipfs/ipfs-config.sh
index 65bca2f..02e66e9 100755
--- a/docker/ipfs/ipfs-config.sh
+++ b/docker/ipfs/ipfs-config.sh
@@ -37,10 +37,11 @@ ipfs config Addresses.Gateway "${IPFS_ADDRESSES_GATEWAY:-/ip4/${IPFS_ADDRESSES_G
 [ -n "${IPFS_ADDRESSES_NOANNOUNCE}" ] && ipfs config --json Addresses.NoAnnounce "${IPFS_ADDRESSES_NOANNOUNCE}"
 
 ## api http headers
-ipfs config --json API.HTTPHeaders "${IPFS_API_HTTPHEADERS:-{
+[ -n "${IPFS_API_HTTPHEADERS}${IPFS_API_HTTPHEADERS_ACA_CREDENTIALS}${IPFS_API_HTTPHEADERS_ACA_HEADERS}${IPFS_API_HTTPHEADERS_ACA_METHODS}${IPFS_API_HTTPHEADERS_ACA_ORIGIN}" ] \
+ && ipfs config --json API.HTTPHeaders "${IPFS_API_HTTPHEADERS:-{
 \"Access-Control-Allow-Credentials\": ${IPFS_API_HTTPHEADERS_ACA_CREDENTIALS:-null},
 \"Access-Control-Allow-Headers\": ${IPFS_API_HTTPHEADERS_ACA_HEADERS:-null},
-\"Access-Control-Allow-Methods\": ${IPFS_API_HTTPSHEADERS_ACA_METHODS:-null},
+\"Access-Control-Allow-Methods\": ${IPFS_API_HTTPHEADERS_ACA_METHODS:-null},
 \"Access-Control-Allow-Origin\": ${IPFS_API_HTTPHEADERS_ACA_ORIGIN:-null}
 }}"
 
@@ -63,11 +64,12 @@ ipfs config Datastore.StorageMax "$((diskSize * ${IPFS_DISK_USAGE_PERCENT:-50/10
 [ -n "${IPFS_EXPERIMENTAL_STRATEGICPROVIDING}" ] && ipfs config --json Experimental.StrategicProviding "${IPFS_EXPERIMENTAL_STRATEGICPROVIDING}"
 [ -n "${IPFS_EXPERIMENTAL_URLSTOREENABLED}" ] && ipfs config --json Experimental.UrlstoreEnabled "${IPFS_EXPERIMENTAL_URLSTOREENABLED}"
 
-## api http headers
-ipfs config --json Gateway.HTTPHeaders "${IPFS_GATEWAY_HTTPHEADERS:-{
-\"Access-Control-Allow-Credentials\": ${IPFS_GATEWAY_HTTPHEADERS_ACA_CREDENTIALS:-null},
+## gateway http headers
+[ -n "${IPFS_GATEWAY_HTTPHEADERS}${IPFS_GATEWAY_HTTPHEADERS_ACA_CREDENTIALS}${IPFS_GATEWAY_HTTPHEADERS_ACA_HEADERS}${IPFS_GATEWAY_HTTPHEADERS_ACA_METHODS}${IPFS_GATEWAY_HTTPHEADERS_ACA_ORIGIN}" ] \
+ && ipfs config --json Gateway.HTTPHeaders "${IPFS_GATEWAY_HTTPHEADERS:-{
+\"Access-Control-Allow-Credentials\": ${IPFS_GATEWAY_HTTPHEADERS_ACA_CREDENTIALS:-[ \"true\" ]},
 \"Access-Control-Allow-Headers\": ${IPFS_GATEWAY_HTTPHEADERS_ACA_HEADERS:-[ \"X-Requested-With\", \"Range\", \"User-Agent\" ]},
-\"Access-Control-Allow-Methods\": ${IPFS_GATEWAY_HTTPSHEADERS_ACA_METHODS:-[ \"GET\" ]},
+\"Access-Control-Allow-Methods\": ${IPFS_GATEWAY_HTTPHEADERS_ACA_METHODS:-[ \"GET\" ]},
 \"Access-Control-Allow-Origin\": ${IPFS_GATEWAY_HTTPHEADERS_ACA_ORIGIN:-[ \"*\" ]}
 }}"
 
diff --git a/make/apps/def.mk b/make/apps/def.mk
index 6e5f47f..d65a180 100644
--- a/make/apps/def.mk
+++ b/make/apps/def.mk
@@ -19,7 +19,7 @@ APP_URL                         ?= $(APP_SCHEME)://$(APP_URI)
 CMDARGS                         += exec exec:% exec@% run run:% run@%
 CONTEXT                         += APP APPS BRANCH DOMAIN VERSION RELEASE
 CONTEXT_DEBUG                   += APP_DIR APP_URL APP_REPOSITORY APP_UPSTREAM_REPOSITORY ENV_DEPLOY
-ENV_DEPLOY                      ?= $(shell ls .git/refs/remotes/origin/ 2>/dev/null)
+ENV_DEPLOY                      ?= $(patsubst origin/%,%,$(shell git rev-parse --symbolic --remotes=origin |sed '/origin\/HEAD/d' 2>/dev/null))
 ENV_VARS                        += APP_DIR APP_DOMAIN APP_HOST APP_PATH APP_URL CONSUL_HTTP_TOKEN $(if $(filter true,$(MOUNT_NFS)),NFS_CONFIG)
 MOUNT_NFS                       ?= false
 NFS_CONFIG                      ?= addr=$(NFS_HOST),actimeo=3,intr,noacl,noatime,nocto,nodiratime,nolock,soft,rsize=32768,wsize=32768,tcp,rw,vers=3
diff --git a/stack/ipfs/.env.dist b/stack/ipfs/.env.dist
index ad4d9ca..a9be73f 100644
--- a/stack/ipfs/.env.dist
+++ b/stack/ipfs/.env.dist
@@ -1,10 +1,17 @@
-IPFS_ADDRESSES_API_DOMAIN=${DOCKER_NETWORK_PRIVATE}
+IPFS_ADDRESSES_API_DOMAIN=${DOCKER_NETWORK_PUBLIC}
 IPFS_ADDRESSES_GATEWAY_INET4=0.0.0.0
-IPFS_DAEMON_ARGS=--enable-gc --migrate
+IPFS_DAEMON_ARGS=--migrate
 IPFS_IPNS_USEPUBSUB=true
-IPFS_LOGGING=error
+IPFS_LOGGING=warning
+IPFS_NETWORK=private
 IPFS_PUBSUB_ENABLE=true
 IPFS_PUBSUB_ROUTER=gossipsub
 IPFS_ROUTING_TYPE=dht
-IPFS_SERVICE_8080_CHECK_TCP=/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme
-IPFS_SERVICE_8080_TAGS=urlprefix-ipfs.${APP_DOMAIN}/
+IPFS_SERVICE_5001_CHECK_HTTP=/api/v0/diag/sys
+IPFS_SERVICE_5001_TAGS=urlprefix-ipfs.${APP_DOMAIN}/api
+IPFS_SERVICE_8080_CHECK_HTTP=/ipfs/QmUNLLsPACCz1vLxQVkXqqLX5R1X345qqfHbsf67hvA3Nn
+IPFS_SERVICE_8080_TAGS=urlprefix-ipfs.${APP_DOMAIN}/,urlprefix-*.ipfs.${APP_DOMAIN}/,urlprefix-ipns.${APP_DOMAIN}/,urlprefix-*.ipns.${APP_DOMAIN}/
+IPFS_API_HTTPHEADERS_ACA_CREDENTIALS=["true"]
+IPFS_API_HTTPHEADERS_ACA_HEADERS=["X-Requested-With", "Range", "User-Agent"]
+IPFS_API_HTTPHEADERS_ACA_METHODS=["OPTIONS", "POST"]
+IPFS_API_HTTPHEADERS_ACA_ORIGIN=["http://ipfs.${APP_DOMAIN}"]
diff --git a/stack/ipfs/ipfs.yml b/stack/ipfs/ipfs.yml
index 3e8807d..e26d49c 100644
--- a/stack/ipfs/ipfs.yml
+++ b/stack/ipfs/ipfs.yml
@@ -40,6 +40,7 @@ services:
     - IPFS_IPNS_RECORDLIFETIME=${IPFS_IPNS_RECORDLIFETIME:-}
     - IPFS_IPNS_USEPUBSUB=${IPFS_IPNS_USEPUBSUB:-}
     - IPFS_LOGGING=${IPFS_LOGGING:-}
+    - IPFS_NETWORK=${IPFS_NETWORK:-}
     - IPFS_PROFILE=${IPFS_PROFILE:-}
     - IPFS_PUBSUB_ENABLE=${IPFS_PUBSUB_ENABLE:-}
     - IPFS_PUBSUB_ROUTER=${IPFS_PUBSUB_ROUTER:-}
@@ -58,8 +59,11 @@ services:
     labels:
     - SERVICE_4001_CHECK_TCP=true
     - SERVICE_4001_NAME=${COMPOSE_SERVICE_NAME}-ipfs-4001
+    - SERVICE_5001_CHECK_HTTP=${IPFS_SERVICE_5001_CHECK_HTTP}
+    - SERVICE_5001_CHECK_HTTP_METHOD=POST
     - SERVICE_5001_NAME=${COMPOSE_SERVICE_NAME}-ipfs-5001
-    - SERVICE_8080_CHECK_HTTP=${IPFS_SERVICE_8080_CHECK_TCP}
+    - SERVICE_5001_TAGS=${IPFS_SERVICE_5001_TAGS}
+    - SERVICE_8080_CHECK_HTTP=${IPFS_SERVICE_8080_CHECK_HTTP}
     - SERVICE_8080_NAME=${COMPOSE_SERVICE_NAME}-ipfs-8080
     - SERVICE_8080_TAGS=${IPFS_SERVICE_8080_TAGS}
     - SERVICE_8081_IGNORE=true
diff --git a/stack/node/ipfs/.env.dist b/stack/node/ipfs/.env.dist
index c587b37..7100d26 100644
--- a/stack/node/ipfs/.env.dist
+++ b/stack/node/ipfs/.env.dist
@@ -1,10 +1,19 @@
 NODE_IPFS_ADDRESSES_API_DOMAIN=${DOCKER_NETWORK_PUBLIC}
 NODE_IPFS_ADDRESSES_GATEWAY_INET4=0.0.0.0
+NODE_IPFS_DAEMON_ARGS=--migrate
 NODE_IPFS_IPNS_USEPUBSUB=true
 NODE_IPFS_LOGGING=error
+NODE_IPFS_NETWORK=public
+NODE_IPFS_PROFILE=${IPFS_PROFILE}
 NODE_IPFS_PUBSUB_ENABLE=true
 NODE_IPFS_PUBSUB_ROUTER=gossipsub
 NODE_IPFS_ROUTING_TYPE=dht
+NODE_IPFS_SERVICE_5001_CHECK_HTTP=/api/v0/diag/sys
+NODE_IPFS_SERVICE_5001_TAGS=urlprefix-ipfs.${DOMAIN}/api
 NODE_IPFS_SERVICE_8080_CHECK_HTTP=/ipfs/QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme
-NODE_IPFS_SERVICE_8080_TAGS=urlprefix-ipfs.${DOMAIN}/
+NODE_IPFS_SERVICE_8080_TAGS=urlprefix-ipfs.${DOMAIN}/,urlprefix-*.ipfs.${DOMAIN}/,urlprefix-ipns.${DOMAIN}/,urlprefix-*.ipns.${DOMAIN}/
+NODE_IPFS_API_HTTPHEADERS_ACA_CREDENTIALS=["true"]
+NODE_IPFS_API_HTTPHEADERS_ACA_HEADERS=["X-Requested-With", "Range", "User-Agent"]
+NODE_IPFS_API_HTTPHEADERS_ACA_METHODS=["OPTIONS", "POST"]
+NODE_IPFS_API_HTTPHEADERS_ACA_ORIGIN=["https://ipfs.${DOMAIN}", "http://ipfs.${DOMAIN}", "http://ipfs.localhost:8080"]
 UFW_DOCKER_node-ipfs=4001/tcp 4001/udp 8080
diff --git a/stack/node/ipfs/ipfs.yml b/stack/node/ipfs/ipfs.yml
index 31361d5..be75fd0 100644
--- a/stack/node/ipfs/ipfs.yml
+++ b/stack/node/ipfs/ipfs.yml
@@ -8,7 +8,7 @@ services:
       - IPFS_VERSION=${IPFS_VERSION}
       context: ../..
       dockerfile: docker/ipfs/Dockerfile
-    command: daemon --agent-version-suffix=${NODE_COMPOSE_PROJECT_NAME} ${IPFS_DAEMON_ARGS}
+    command: daemon --agent-version-suffix=${NODE_COMPOSE_PROJECT_NAME} ${NODE_IPFS_DAEMON_ARGS}
     container_name: ${NODE_COMPOSE_PROJECT_NAME}-ipfs
     cpus: 0.5
     environment:
@@ -40,7 +40,8 @@ services:
     - IPFS_IPNS_RECORDLIFETIME=${NODE_IPFS_IPNS_RECORDLIFETIME:-}
     - IPFS_IPNS_USEPUBSUB=${NODE_IPFS_IPNS_USEPUBSUB:-}
     - IPFS_LOGGING=${NODE_IPFS_LOGGING:-}
-    - IPFS_PROFILE=${IPFS_PROFILE:-}
+    - IPFS_NETWORK=${NODE_IPFS_NETWORK:-}
+    - IPFS_PROFILE=${NODE_IPFS_PROFILE:-}
     - IPFS_PUBSUB_ENABLE=${NODE_IPFS_PUBSUB_ENABLE:-}
     - IPFS_PUBSUB_ROUTER=${NODE_IPFS_PUBSUB_ROUTER:-}
     - IPFS_ROUTING_TYPE=${NODE_IPFS_ROUTING_TYPE:-}
@@ -58,8 +59,10 @@ services:
     labels:
     - SERVICE_4001_CHECK_TCP=true
     - SERVICE_4001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-4001
-    - SERVICE_5001_CHECK_TCP=true
+    - SERVICE_5001_CHECK_HTTP=${NODE_IPFS_SERVICE_5001_CHECK_HTTP}
+    - SERVICE_5001_CHECK_HTTP_METHOD=POST
     - SERVICE_5001_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-5001
+    - SERVICE_5001_TAGS=${NODE_IPFS_SERVICE_5001_TAGS}
     - SERVICE_8080_CHECK_HTTP=${NODE_IPFS_SERVICE_8080_CHECK_HTTP}
     - SERVICE_8080_NAME=${NODE_COMPOSE_SERVICE_NAME}-ipfs-8080
     - SERVICE_8080_TAGS=${NODE_IPFS_SERVICE_8080_TAGS}