about summary refs log tree commit diff
path: root/nix/hosts/corrino/www/s3.emile.space.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nix/hosts/corrino/www/s3.emile.space.nix')
-rw-r--r--nix/hosts/corrino/www/s3.emile.space.nix105
1 files changed, 93 insertions, 12 deletions
diff --git a/nix/hosts/corrino/www/s3.emile.space.nix b/nix/hosts/corrino/www/s3.emile.space.nix
index b4646ad..ae33542 100644
--- a/nix/hosts/corrino/www/s3.emile.space.nix
+++ b/nix/hosts/corrino/www/s3.emile.space.nix
@@ -1,12 +1,21 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 
 {
+  security.acme.certs."s3.emile.space" = {
+    group = "nginx";
+    domain = "s3.emile.space";
+    extraDomainNames = [
+      "*.s3.emile.space"
+      "*.s3-web.emile.space"
+    ];
+  };
+
   services.nginx.virtualHosts."s3.emile.space" = {
     forceSSL = true;
     enableACME = true;
     locations = {
       "/" = {
-        proxyPass = "http://[::1]:${toString config.emile.ports.minio.s3}";
+        proxyPass = "http://[::1]:${toString config.emile.ports.garage.s3}";
       };
     };
   };
@@ -16,24 +25,96 @@
     enableACME = true;
     locations = {
       "/" = {
-        proxyPass = "http://[::1]:${toString config.emile.ports.minio.web}";
+        proxyPass = "http://[::1]:${toString config.emile.ports.garage.web}";
       };
     };
   };
 
-  services.minio = {
+  services.garage = {
     enable = true;
-    region = "eu-north-1-hel-1a"; # corrino is in the helsinki hetzner dc
+    package = pkgs.garage_1_x;
+    settings = {
+      data_dir = [
+        { capacity = "50G"; path = "/var/lib/garage/data"; }
+      ];
 
-    listenAddress = "[::1]:${toString config.emile.ports.minio.s3}";
+      db_engine = "sqlite";
+      replication_factor = 3;
 
-    browser = true;
-    consoleAddress = "[::1]:${toString config.emile.ports.minio.web}";
+      s3_api = {
+        s3_region = "garage";
+        api_bind_addr = "[::]:${toString config.emile.ports.garage.s3}";
+        root_domain = "s3.emile.space";
+      };
+      s3_web = {
+        bind_addr = "[::]:${toString config.emile.ports.garage.web}";
+        root_domain = "s3-web.emile.space";
+        index = "index.html";
+      };
+      admin = {
+        api_bind_addr = "[::]:${toString config.emile.ports.garage.admin}";
+        # metrics_token = config.age.secrets.garage_admin_metrics_secret.path;
+        # admin_token = config.age.secrets.garage_admin_token_secret.path;
+      };
 
-    dataDir = [ "/minio/data" ];
-    configDir = "/minio/config";
+      # rpc_secret_file = config.age.secrets.garage_rpc_secret.path;
+      rpc_bind_addr = "[::]:${toString config.emile.ports.garage.rpc}";
+      rpc_bind_outgoing = false;
+      rpc_public_addr = "[fc00:1::1]:${toString config.emile.ports.garage.rpc}";
+    };
 
-    rootCredentialsFile = config.age.secrets.minio_root_credz.path;
-    # accessKey
+    environmentFile = config.age.secrets.garage_env.path;
   };
+#         metrics_token = config.age.secrets.garage_admin_metrics_secret.path;
+#         admin_token = config.age.secrets.garage_admin_token_secret.path;
+#       rpc_secret_file = config.age.secrets.garage_rpc_secret.path;
+
+# nix/hosts/corrino/secrets/garage_admin_metrics_secret.age
+# nix/hosts/corrino/secrets/garage_admin_token_secret.age  
+# nix/hosts/corrino/secrets/garage_admin_token.age         
+# nix/hosts/corrino/secrets/garage_metrics_token.age       
+# nix/hosts/corrino/secrets/garage_rpc_secret.age
+  
+  # services.garage = {
+  #   enable = true;
+  #   package = pkgs.garage_1_x;
+  #   settings = {
+  #     db_engine = "sqlite";
+  #     replication_factor = 2;
+
+  #     data_dir = [
+  #       { capacity = "50G"; path = dataDir; }
+  #     ];
+
+  #     compression_level = 1;
+
+  #     rpc_secret_file = config.age.secrets.garage_rpc_secret.path;
+  #     rpc_bind_addr = "[::]:${toString config.emile.ports.garage.rpc}";
+  #     rpc_bind_outgoing = false;
+  #     rpc_public_addr = "[fc00:1::1]:${toString config.emile.ports.garage.rpc}";
+
+  #     allow_world_readable_secrets = false;
+
+  #     s3_api = {
+  #       api_bind_addr = "[::]:${toString config.emile.ports.garage.s3}";
+  #       s3_region = "garage";
+  #       root_domain = "s3.emile.space";
+  #     };
+
+  #     s3_web = {
+  #       bind_addr = "[::]:${toString config.emile.ports.garage.web}";
+  #       root_domain = "s3-web.emile.space";
+  #       add_host_to_metrics = true;
+  #     };
+
+  #     admin = {
+  #       api_bind_addr = "[::]:${toString config.emile.ports.garage.admin}";
+  #       metrics_token = config.age.secrets.garage_admin_metrics_secret.path;
+  #       admin_token = config.age.secrets.garage_admin_token_secret.path;
+  #       trace_sink = "http://localhost:4317";
+  #     };
+
+  #   };
+  #   logLevel = "trace"; # info
+  # };
 }
generated by cgit-pink 1.4.1
rss feed of @hanemile@chaos.social mastodon lieu webring search engine XXIIVV webring activitypub