#!/bin/sh
set -e

# Expose API and Gateway inside container. Do NOT publish API outside docker network.
ipfs config Addresses.API /ip4/0.0.0.0/tcp/5001
ipfs config Addresses.Gateway /ip4/0.0.0.0/tcp/8080

# Gateway should not fetch from the wider network; serve only local content
ipfs config --json Gateway.NoFetch true

# DHT client mode with accelerated providing
ipfs config --json Routing '{ "Type": "dhtclient", "AcceleratedDHTClient": true }'

# Reprovider pinned content periodically
ipfs config --json Reprovider '{ "Interval": "22h", "Strategy": "pinned+mfs" }'

# Keep connection manager within reasonable bounds
ipfs config --json Swarm.ConnMgr '{ "Type": "basic", "LowWater": 50, "HighWater": 200, "GracePeriod": "20s" }'

SWARM_KEY_PATH="/data/ipfs/swarm.key"

# Disable AutoConf only when running with a private swarm key
if [ -f "$SWARM_KEY_PATH" ] && [ -s "$SWARM_KEY_PATH" ]; then
  ipfs config --json AutoConf.Enabled false
  ipfs config --json AutoTLS.Enabled false
  ipfs config Bootstrap --json "[]"
  ipfs config --json DNS.Resolvers "{}"
  ipfs config --json Ipns.DelegatedPublishers "[]"
  ipfs config --json Swarm.Transports.Network '{ "TCP": true, "Websocket": false }'
else
  ipfs config --json AutoConf.Enabled true
fi

# CORS for RPC API (visible only in docker network)
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["*"]'
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["PUT","POST","GET"]'

echo "IPFS init script applied"