diff --git a/roles/ipfs/defaults/main.yml b/roles/ipfs/defaults/main.yml index 5306a67..c05e71e 100644 --- a/roles/ipfs/defaults/main.yml +++ b/roles/ipfs/defaults/main.yml @@ -3,6 +3,8 @@ binary_url: "https://dist.ipfs.io/go-ipfs/v0.4.23/go-ipfs_v0.4.23_linux-amd64.ta binary_sha512: "5eebebd4d4628a01c3b6615d96123a5c744f64da18fc0950e00d99a36abb02eee694c1bb67549341a645ebb99f30de9198c33b556cdee2609013409a510d1d2b" ipfs_path: "/var/lib/ipfs" ipfs_binary: "/usr/local/bin/ipfs" +ipfs_user: "ipfs" +ipfs_group: "ipfs" peer_id: "QmfPZcnVAEjXABiA7StETRUKkS8FzNt968Z8HynbJR7oci" peer_key: "CAASpwkwggSjAgEAAoIBAQDg1RDX3n2YAzPV228d9g43LfKtBxsJQhA253xCCqz+iWDGxJIdum9+vhVnG8KK567yP06M5t9Gn8UvEO/qWk0USpGyjJupPzodK7aRnGK4AyZ5toXaS4Q6A6e3lvJPrXDADsbzgyjn2H9WOOV5pRqKSWQ6FZ+NThvZM/d7Kd4d/s/R6Qj6K1IcNnGtCAAev0VWvj/ysE8q07J9nnBsYJ+QgPe52UzcaewNPQ8/Ip2DZDap+jjdW9DxfpRDjuBo32l3jH0RVlAw5dt5Pvoq5N/KmpcTh4O9tavgY0R1uZ4dITe8gfaT+7J9Ikvdf+P1l30jUyecJ+ZOxVxPdnZhKZwDAgMBAAECggEAKU37ci0l1a+A7mEJ4O87XVfLpY4QoXrJj8ynP1rGvVxvsxSZ42xE33v8Ypzu+KXntgl7XNdtXYQsraDm8p70Wi345lx+nHFJM+K7/7RDTpsFjobBwIDvIdlaDphkm865UA9m7YXDFhToD+cUAW0bmxwwlZszXLpk01qAtNfUPp4hV0/IeUWFY6TvRvGf4bxCelN5fPyyRB+lQpGBZ0NcrjJUM1Om70CVxYjnOAId+6qwz0bKixjkXdTwkExSiSY4ekl9lJnzCx4DFcGVDWL8mY48O97W+dSjucsDECpA2kZ5VuaSpmAErnJuIX42Hc5zXBsyDmTmRIiITlJv+gYUgQKBgQDsu6qPbvH40aWvA5ddqbOAuOXRu4VE5c0sg+I5hTh7gsyFCpaYcdH4q31NH0GtqKnOx5tsPCNsD719ucWJ2tPLIcNo7RXb1XXYLVKk4ZahMZiSwiHVCXJGY4XJh2yNLUObiUS4B4uhkx/ZZ5GXoJBshJixFS9o/DFXO7JCeEK2ywKBgQDzIXJcGBvzNOnUnCctL+W/CIqdJzeks+PLKLV/AkV79kCPJB9Go+1nbgY/o4Hk2FUZ79ERT1RNQ9+9dvi8VAZ7HRm1b8k44nloFecAFp13/qrNgEeDp5lZRh6x+cE4+/UBzjOvj0XQ/T/tBORw0XGFw6u0EctQYsNf706HrI7QqQKBgQCsiXadBXpcI8hCzzZB8I5AcgImIyrVdTtdh12ZGKx68HDJQldSEhq7x5kSXYaL4BKq/7YaY5ZZivtLp9r+Rzv3n8sBLVKyH1i9TwMd4sDbCP+vbsgjsbfU73Ix2H7YQjY1JQ2tpuowv78Fv8NQJJk+TkHPRqaAONZpQrwAUBAnkwKBgDKe2x2bk24urSSsImgBGfeNQrb3rFkpbxskba10/pyRp91lqvFdPheTy89CLtBDzmwpB0FwX9/6asIa3Czx3auSYoDpNl8WoCpwrPjSvJR4PH2u4LTjl0UEGW36zyUbKGbo1NAPp3yczct+gkWPBfDQzZYfQlKJTZ5Sx+ntnoqJAoGAZSvZdmUTp4Ld/Jr8d2g1Aayj62JBwg/b3QrX8igq9R+8CBFBc8fI2+HCEigdiVf70nUvAXGlChZ2+PaPph+7tkKd+5Eu7uDkeVJnYAl5mucd4TFvCggHTR8boxL48Pxj6/5GdgHHy+CscXaFNAFC9dGREpegVOOoHHnOAOwWMZk=" ipfs_memlimit: 2G diff --git a/roles/ipfs/tasks/main.yml b/roles/ipfs/tasks/main.yml index 452338e..c7a687e 100644 --- a/roles/ipfs/tasks/main.yml +++ b/roles/ipfs/tasks/main.yml @@ -21,7 +21,7 @@ environment: IPFS_PATH: "{{ ipfs_path }}" become: true - become_user: ipfs + become_user: "{{ ipfs_user }}" # TODO: SECURITY: This requires that we trust ipify to provide the correct public IP. We could run our own ipify server. - name: Get my public IP from ipify.org ipify_facts: @@ -33,4 +33,11 @@ - name: Enable IPFS service systemd: name=ipfs daemon_reload=yes state=started enabled=yes - name: Enable IPFS garbage collection - cron: name="ipfs collect garbage" cron_file=/etc/crontab minute="*/9" hour="*" backup="yes" user=ipfs job="env IPFS_PATH=/var/lib/ipfs ipfs repo gc > /dev/null" + cron: + name: "ipfs collect garbage" + cron_file: /etc/crontab + minute: "*/9" + hour: "*" + backup: "yes" + user: "{{ ipfs_user }}" + job: "env IPFS_PATH={{ ipfs_path }} ipfs repo gc > /dev/null" diff --git a/roles/ipfs/templates/ipfs.service b/roles/ipfs/templates/ipfs.service index 890f1c6..693ae3d 100644 --- a/roles/ipfs/templates/ipfs.service +++ b/roles/ipfs/templates/ipfs.service @@ -6,8 +6,8 @@ ExecStart={{ ipfs_binary }} daemon --manage-fdlimit --migrate PermissionsStartOnly=true ExecStartPost=/bin/bash -c "echo 0 > /sys/fs/cgroup/memory/system.slice/ipfs.service/memory.swappiness" Restart=on-failure -User=ipfs -Group=ipfs +User={{ ipfs_user }} +Group={{ ipfs_group }} Environment="IPFS_PATH={{ ipfs_path }}" DevicePolicy=closed DeviceAllow=/dev/fuse