From dcfc18774fe2d4207c2996b2d16ea67499b70228 Mon Sep 17 00:00:00 2001 From: Emile Date: Sat, 3 Aug 2024 13:33:52 +0200 Subject: (corrino): s3.emile.space init --- nix/hosts/corrino/configuration.nix | 1 + nix/hosts/corrino/ports.nix | 4 +++ nix/hosts/corrino/secrets/minio_root_credz.age | 7 +++++ nix/hosts/corrino/www/s3.emile.space.nix | 39 ++++++++++++++++++++++++++ 4 files changed, 51 insertions(+) create mode 100644 nix/hosts/corrino/secrets/minio_root_credz.age create mode 100644 nix/hosts/corrino/www/s3.emile.space.nix (limited to 'nix/hosts') diff --git a/nix/hosts/corrino/configuration.nix b/nix/hosts/corrino/configuration.nix index f6dc404..d23b6bf 100644 --- a/nix/hosts/corrino/configuration.nix +++ b/nix/hosts/corrino/configuration.nix @@ -32,6 +32,7 @@ in { ./www/md.emile.space.nix ./www/social.emile.space.nix ./www/sso.emile.space.nix + ./www/s3.emile.space.nix ./www/ctf.emile.space.nix # ./www/magic-hash.emile.space.nix diff --git a/nix/hosts/corrino/ports.nix b/nix/hosts/corrino/ports.nix index 3dcf72a..6be514d 100644 --- a/nix/hosts/corrino/ports.nix +++ b/nix/hosts/corrino/ports.nix @@ -15,6 +15,10 @@ magic-hash = 8339; tickets = 8349; talks = 8350; + minio = { + s3 = 9000; + web = 9001; + }; authelia = 9091; prometheus = 9003; gitDaemon = 9418; diff --git a/nix/hosts/corrino/secrets/minio_root_credz.age b/nix/hosts/corrino/secrets/minio_root_credz.age new file mode 100644 index 0000000..3e0e4ad --- /dev/null +++ b/nix/hosts/corrino/secrets/minio_root_credz.age @@ -0,0 +1,7 @@ +age-encryption.org/v1 +-> ssh-ed25519 gvwQ2Q 005KgOqy4V/8DaENCRb0dcyzQPdF9RPuKLh0K/qlVwo +BaHM2MxYXr+23dqGDtn4ozSLUy9PEfWSsZWB5x7ryJU +-> ssh-ed25519 m8VklA ax7m3QQEK6oJ+md8yEhlGOrcviitxGZDdXuHBQGKqwQ +bmc1WeVILBXko8dwrjTWlEr8H0YnTo7TXWxc+q/N9QU +--- 0hc9UBB5gmaV+QXetWAbkqLbd7oRrvgi5oct6AqT540 +.PCښz_]ە[E{:{WPkkLD;gI7LI嗄)rrN]xcL= 8tؗÒbס[k \ No newline at end of file diff --git a/nix/hosts/corrino/www/s3.emile.space.nix b/nix/hosts/corrino/www/s3.emile.space.nix new file mode 100644 index 0000000..f1300f7 --- /dev/null +++ b/nix/hosts/corrino/www/s3.emile.space.nix @@ -0,0 +1,39 @@ +{ config, ... }: + +{ + services.nginx.virtualHosts."s3.emile.space" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://[::1]:${toString config.emile.ports.minio.s3}"; + }; + }; + }; + + services.nginx.virtualHosts."s3-web.emile.space" = { + forceSSL = true; + enableACME = true; + locations = { + "/" = { + proxyPass = "http://[::1]:${toString config.emile.ports.minio.web}"; + }; + }; + }; + + services.minio = { + enable = true; + region = "eu-north-1-hel-1a"; # corrino is in the helsinki hetzner dc + + listenAddress = "[::1]:${toString config.emile.ports.minio.s3}"; + + browser = true; + consoleAddress = "[::1]:${toString config.emile.ports.minio.web}"; + + dataDir = [ "/minio/data" ]; + configDir = "/minio/config"; + + rootCredentialsFile = config.age.secrets.minio_root_credz.path; + # accessKey + }; +} -- cgit 1.4.1