Skip to content

Data mesher

services.data-mesher.enable

Whether to enable Data Mesher, data syncing daemon.

Type: boolean

Default:

1
false

Example:

1
true

Declared by: - nix/nixosModules/data-mesher/module.nix

services.data-mesher.package

The Data Mesher package to use.

Type: package

Default:

1
<derivation data-mesher-0.1.0>

Declared by: - nix/nixosModules/data-mesher/module.nix

services.data-mesher.group

User group under which data-mesher runs.

Type: string

Default:

1
"data-mesher"

Declared by: - nix/nixosModules/data-mesher/module.nix

services.data-mesher.openFirewall

Whether to enable Open ports in firewall.

Type: boolean

Default:

1
false

Example:

1
true

Declared by: - nix/nixosModules/data-mesher/module.nix

services.data-mesher.pluginDirectories

List of subdirectories to create under each network’s files directory on startup. These are intended for plugins that need to BindReadOnlyPath into the file tree. Plugin services should use After=data-mesher.service to ensure directories exist.

Type: list of string

Default:

1
[ ]

Example:

1
2
3
4
[
  "dns"
  "nss"
]

Declared by: - nix/nixosModules/data-mesher/module.nix

services.data-mesher.settings

Data Mesher settings, which correspond to the contents of the dm.toml file

Type: open submodule of (TOML value)

Default:

1
{ }

Declared by: - nix/nixosModules/data-mesher/module.nix

services.data-mesher.settings.clock_skew_tolerance

Tolerance applied when rejecting already-expired remote signatures during gossip. A remote signature is rejected only if its effective expiry (signed_at + valid_for) is more than this far in the past relative to the local clock. A Golang time.Duration string.

Type: string

Default:

1
"2m"

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.cluster.auth_timeout

Auth exchange timeout duration

Type: string

Default:

1
"30s"

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.cluster.bootstrap_peers

A list of libp2p multiaddresses (including peer ID) to connect to when joining the cluster. Example: /ip4/192.168.1.1/tcp/7946/p2p/12D3KooW…

Type: list of string

Default:

1
[ ]

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.cluster.identity_cert

Path to the node identity certificate file (CA-signed)

Type: null or string

Default:

1
null

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.cluster.identity_key

Path to the libp2p identity key file (base64-encoded ED25519 private key). If null, a key will be auto-generated on first start.

Type: null or string

Default:

1
null

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.cluster.interfaces

Network interfaces to listen on for cluster connections. If empty, listens on all interfaces.

Type: list of string

Default:

1
[ ]

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.cluster.port

TCP port to listen on for libp2p cluster communication

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default:

1
7946

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.cluster.push_pull_interval

An interval, in the form of a Golang time.Duration, which controls how frequently a node will perform a push/pull sync with another random node

Type: string

Default:

1
"30s"

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.extra_networks

Additional networks to participate in beyond the home network. Each entry maps a name to a network configuration with its own ID, files, and optional export restrictions.

Type: attribute set of (submodule)

Default:

1
{ }

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.extra_networks.\.files

A mapping of file names to lists of authorized signer public keys for this network.

Type: attribute set of list of string

Default:

1
{ }

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.extra_networks.\.id

Path to the network ID public key file, or a base64-encoded ED25519 public key.

Type: string

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.extra_networks.\.namespaces

List of namespace names for certificate-based file authorization on this network.

Type: list of string

Default:

1
[ ]

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.http.interface

Interface to listen on for http requests

Type: string

Default:

1
"lo"

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.http.port

Port to listen on for http requests

Type: 16 bit unsigned integer; between 0 and 65535 (both inclusive)

Default:

1
7331

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.log_level

Log level

Type: one of “fatal”, “error”, “warn”, “info”, “debug”

Default:

1
"info"

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.network.files

A mapping of file names to lists of base64-encoded ED25519 public keys. Only files listed here can be uploaded or imported from other nodes, and they must be signed by one of the configured public keys. The network ID is automatically added as an implicit signer for all files.

Type: attribute set of list of string

Default:

1
{ }

Example:

1
2
3
4
5
6
7
8
9
{
  "dns:sol" = [
    "P6AE0lukf9/qmVglYrGPNYo5ZnpFrnqLeAzlCZF0lTk="
  ];
  "dns:vulcan" = [
    "ZasdhiAVJTa5b2qG8ynWvdHqALUxC6Eg8pdn6RVXuQE="
    "1ru2QQ1eWV7yDlyfTTDEml3xTiacASYn0KprzknN8Pc="
  ];
}

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.network.id

Path to the network ID public key file, or a base64-encoded ED25519 public key. This identifies the network and is used to derive CA authorities for peer communication.

Type: string

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.network.namespaces

List of namespace names for certificate-based file authorization. When configured, files named {namespace}/{signer_public_key_url_encoded} are permitted from any peer with a valid certificate signed by this network.

Type: list of string

Default:

1
[ ]

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.plugin_directories

List of plugin subdirectories to create under each network’s files directory on startup.

Type: list of string

Default:

1
[ ]

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.settings.sweep_interval

How often the background sweeper walks the signature store to remove files whose valid_for TTL has elapsed. A Golang time.Duration string (e.g. “30s”, “5m”). Set to a smaller value if you publish files with very short TTLs.

Type: string

Default:

1
"1m"

Declared by: - nix/nixosModules/data-mesher/settings.nix

services.data-mesher.user

User account under which data-mesher runs.

Type: string

Default:

1
"data-mesher"

Declared by: - nix/nixosModules/data-mesher/module.nix