diff options
| author | Emile <git@emile.space> | 2025-07-27 11:11:14 +0200 |
|---|---|---|
| committer | Emile <git@emile.space> | 2025-07-27 11:11:14 +0200 |
| commit | f1e3d3074c6f62b0991af3655ace2c06dabeb9c0 (patch) | |
| tree | 2a4e441d7f1065dfaa236d0521c7d46789c406e3 /nix/hosts/corrino/www/s3.emile.space.nix | |
| parent | e1503afe5b1b3c08c0673be5d987accb21cf435f (diff) | |
a small commit for mankind, nah, a big one!
- moved the oidc client secrets into age secrets (and rotated them) - changed stuff™
Diffstat (limited to 'nix/hosts/corrino/www/s3.emile.space.nix')
| -rw-r--r-- | nix/hosts/corrino/www/s3.emile.space.nix | 105 |
1 files changed, 93 insertions, 12 deletions
diff --git a/nix/hosts/corrino/www/s3.emile.space.nix b/nix/hosts/corrino/www/s3.emile.space.nix index b4646ad..ae33542 100644 --- a/nix/hosts/corrino/www/s3.emile.space.nix +++ b/nix/hosts/corrino/www/s3.emile.space.nix @@ -1,12 +1,21 @@ -{ config, ... }: +{ config, pkgs, ... }: { + security.acme.certs."s3.emile.space" = { + group = "nginx"; + domain = "s3.emile.space"; + extraDomainNames = [ + "*.s3.emile.space" + "*.s3-web.emile.space" + ]; + }; + services.nginx.virtualHosts."s3.emile.space" = { forceSSL = true; enableACME = true; locations = { "/" = { - proxyPass = "http://[::1]:${toString config.emile.ports.minio.s3}"; + proxyPass = "http://[::1]:${toString config.emile.ports.garage.s3}"; }; }; }; @@ -16,24 +25,96 @@ enableACME = true; locations = { "/" = { - proxyPass = "http://[::1]:${toString config.emile.ports.minio.web}"; + proxyPass = "http://[::1]:${toString config.emile.ports.garage.web}"; }; }; }; - services.minio = { + services.garage = { enable = true; - region = "eu-north-1-hel-1a"; # corrino is in the helsinki hetzner dc + package = pkgs.garage_1_x; + settings = { + data_dir = [ + { capacity = "50G"; path = "/var/lib/garage/data"; } + ]; - listenAddress = "[::1]:${toString config.emile.ports.minio.s3}"; + db_engine = "sqlite"; + replication_factor = 3; - browser = true; - consoleAddress = "[::1]:${toString config.emile.ports.minio.web}"; + s3_api = { + s3_region = "garage"; + api_bind_addr = "[::]:${toString config.emile.ports.garage.s3}"; + root_domain = "s3.emile.space"; + }; + s3_web = { + bind_addr = "[::]:${toString config.emile.ports.garage.web}"; + root_domain = "s3-web.emile.space"; + index = "index.html"; + }; + admin = { + api_bind_addr = "[::]:${toString config.emile.ports.garage.admin}"; + # metrics_token = config.age.secrets.garage_admin_metrics_secret.path; + # admin_token = config.age.secrets.garage_admin_token_secret.path; + }; - dataDir = [ "/minio/data" ]; - configDir = "/minio/config"; + # rpc_secret_file = config.age.secrets.garage_rpc_secret.path; + rpc_bind_addr = "[::]:${toString config.emile.ports.garage.rpc}"; + rpc_bind_outgoing = false; + rpc_public_addr = "[fc00:1::1]:${toString config.emile.ports.garage.rpc}"; + }; - rootCredentialsFile = config.age.secrets.minio_root_credz.path; - # accessKey + environmentFile = config.age.secrets.garage_env.path; }; +# metrics_token = config.age.secrets.garage_admin_metrics_secret.path; +# admin_token = config.age.secrets.garage_admin_token_secret.path; +# rpc_secret_file = config.age.secrets.garage_rpc_secret.path; + +# nix/hosts/corrino/secrets/garage_admin_metrics_secret.age +# nix/hosts/corrino/secrets/garage_admin_token_secret.age +# nix/hosts/corrino/secrets/garage_admin_token.age +# nix/hosts/corrino/secrets/garage_metrics_token.age +# nix/hosts/corrino/secrets/garage_rpc_secret.age + + # services.garage = { + # enable = true; + # package = pkgs.garage_1_x; + # settings = { + # db_engine = "sqlite"; + # replication_factor = 2; + + # data_dir = [ + # { capacity = "50G"; path = dataDir; } + # ]; + + # compression_level = 1; + + # rpc_secret_file = config.age.secrets.garage_rpc_secret.path; + # rpc_bind_addr = "[::]:${toString config.emile.ports.garage.rpc}"; + # rpc_bind_outgoing = false; + # rpc_public_addr = "[fc00:1::1]:${toString config.emile.ports.garage.rpc}"; + + # allow_world_readable_secrets = false; + + # s3_api = { + # api_bind_addr = "[::]:${toString config.emile.ports.garage.s3}"; + # s3_region = "garage"; + # root_domain = "s3.emile.space"; + # }; + + # s3_web = { + # bind_addr = "[::]:${toString config.emile.ports.garage.web}"; + # root_domain = "s3-web.emile.space"; + # add_host_to_metrics = true; + # }; + + # admin = { + # api_bind_addr = "[::]:${toString config.emile.ports.garage.admin}"; + # metrics_token = config.age.secrets.garage_admin_metrics_secret.path; + # admin_token = config.age.secrets.garage_admin_token_secret.path; + # trace_sink = "http://localhost:4317"; + # }; + + # }; + # logLevel = "trace"; # info + # }; } |
