blob: ae335423e15952ab3f4a0a4825ccab3c7da97f08 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
|
{ config, pkgs, ... }:
{
security.acme.certs."s3.emile.space" = {
group = "nginx";
domain = "s3.emile.space";
extraDomainNames = [
"*.s3.emile.space"
"*.s3-web.emile.space"
];
};
services.nginx.virtualHosts."s3.emile.space" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://[::1]:${toString config.emile.ports.garage.s3}";
};
};
};
services.nginx.virtualHosts."s3-web.emile.space" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://[::1]:${toString config.emile.ports.garage.web}";
};
};
};
services.garage = {
enable = true;
package = pkgs.garage_1_x;
settings = {
data_dir = [
{ capacity = "50G"; path = "/var/lib/garage/data"; }
];
db_engine = "sqlite";
replication_factor = 3;
s3_api = {
s3_region = "garage";
api_bind_addr = "[::]:${toString config.emile.ports.garage.s3}";
root_domain = "s3.emile.space";
};
s3_web = {
bind_addr = "[::]:${toString config.emile.ports.garage.web}";
root_domain = "s3-web.emile.space";
index = "index.html";
};
admin = {
api_bind_addr = "[::]:${toString config.emile.ports.garage.admin}";
# metrics_token = config.age.secrets.garage_admin_metrics_secret.path;
# admin_token = config.age.secrets.garage_admin_token_secret.path;
};
# rpc_secret_file = config.age.secrets.garage_rpc_secret.path;
rpc_bind_addr = "[::]:${toString config.emile.ports.garage.rpc}";
rpc_bind_outgoing = false;
rpc_public_addr = "[fc00:1::1]:${toString config.emile.ports.garage.rpc}";
};
environmentFile = config.age.secrets.garage_env.path;
};
# metrics_token = config.age.secrets.garage_admin_metrics_secret.path;
# admin_token = config.age.secrets.garage_admin_token_secret.path;
# rpc_secret_file = config.age.secrets.garage_rpc_secret.path;
# nix/hosts/corrino/secrets/garage_admin_metrics_secret.age
# nix/hosts/corrino/secrets/garage_admin_token_secret.age
# nix/hosts/corrino/secrets/garage_admin_token.age
# nix/hosts/corrino/secrets/garage_metrics_token.age
# nix/hosts/corrino/secrets/garage_rpc_secret.age
# services.garage = {
# enable = true;
# package = pkgs.garage_1_x;
# settings = {
# db_engine = "sqlite";
# replication_factor = 2;
# data_dir = [
# { capacity = "50G"; path = dataDir; }
# ];
# compression_level = 1;
# rpc_secret_file = config.age.secrets.garage_rpc_secret.path;
# rpc_bind_addr = "[::]:${toString config.emile.ports.garage.rpc}";
# rpc_bind_outgoing = false;
# rpc_public_addr = "[fc00:1::1]:${toString config.emile.ports.garage.rpc}";
# allow_world_readable_secrets = false;
# s3_api = {
# api_bind_addr = "[::]:${toString config.emile.ports.garage.s3}";
# s3_region = "garage";
# root_domain = "s3.emile.space";
# };
# s3_web = {
# bind_addr = "[::]:${toString config.emile.ports.garage.web}";
# root_domain = "s3-web.emile.space";
# add_host_to_metrics = true;
# };
# admin = {
# api_bind_addr = "[::]:${toString config.emile.ports.garage.admin}";
# metrics_token = config.age.secrets.garage_admin_metrics_secret.path;
# admin_token = config.age.secrets.garage_admin_token_secret.path;
# trace_sink = "http://localhost:4317";
# };
# };
# logLevel = "trace"; # info
# };
}
|
