cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

try out minio

Browse source
This commit is contained in:
cy 2025-01-12 01:10:12 -05:00
parent 40bc68df75
commit b34c4da3b2
6 changed files with 66 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.sops.yaml
View file

@ -103,3 +103,8 @@ creation_rules:
- age: - age:
- *chunk - *chunk
- *cy - *cy
- path_regex: secrets/services/minio.yaml
key_groups:
- age:
- *chunk
- *cy

4
hosts/chunk/Caddyfile
View file

@ -80,10 +80,10 @@ cache.cything.io {
s3.cy7.sh { s3.cy7.sh {
import common import common
reverse_proxy localhost:3900 reverse_proxy localhost:9000
} }
admin.s3.cy7.sh { admin.s3.cy7.sh {
import common import common
reverse_proxy localhost:3903 reverse_proxy localhost:9001
} }

6
hosts/chunk/default.nix
View file

@ -25,7 +25,7 @@
./element.nix ./element.nix
./attic.nix ./attic.nix
./forgejo.nix ./forgejo.nix
./garage.nix ./minio.nix
]; ];
sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -67,8 +67,8 @@
sopsFile = ../../secrets/services/attic.yaml; sopsFile = ../../secrets/services/attic.yaml;
}; };
"garage/env" = { "minio/env" = {
sopsFile = ../../secrets/services/garage.yaml; sopsFile = ../../secrets/services/minio.yaml;
}; };
}; };

8
hosts/chunk/minio.nix Normal file
View file

@ -0,0 +1,8 @@
{config, ...}: {
services.minio = {
enable = true;
rootCredentialsFile = config.sops.secrets."minio/env".path;
region = "universe";
dataDir = ["/mnt/minio"];
};
}

17
hosts/chunk/rclone.nix
View file

@ -56,5 +56,22 @@
}; };
}; };
systemd.services.minio-mount = {
enable = true;
description = "Mount the minio data remote";
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
requiredBy = [ "minio.service" ];
before = [ "minio.service" ];
serviceConfig = {
Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/minio";
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
config.sops.secrets."rclone/config".path
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:minio /mnt/minio ";
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/minio";
};
};
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
} }

31
secrets/services/minio.yaml Normal file
View file

@ -0,0 +1,31 @@
minio:
env: ENC[AES256_GCM,data:3wb5XH2HxQQEKqvCqdth6vY9P1ByyMKpcq5QDiHq3xLCKOeM2L6K6tmD802R05uxyVVWOJ2RxJhAFc7vHg==,iv:80oTja4e5Ep0oObgWVTViyo3ODgTV/+YOkDHjCmB/Oo=,tag:SNfXXdAsOINE+5FDPUo4CQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBeFA1VjRZSy9IYlVhc3pz
NWdORnRab0lFSmR4NGJ4UUFxalIweWJ6QUI4ClZQbU5CTGhhZE1TV2R5WERLQ2lJ
MkJFQnNxbmpUY0FmcXdxaDdkNGhZSjQKLS0tIFBWaENPVU5WUTNNMGdNeStVdEF2
aUhmZnU4QkwxU2pvNXFveUtEdXp3dkEKbV9CA1D+5r3nKXHDkis6TixV1WALNe+q
4d1U8M+i6T8SKeWGiW2WgR/2WqrjgaZv22ZSJvORHUFZjCbQLMtjYw==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVUUh0eUp0NjJpekk4aFhi
YXJKazJIdG45cXE4Yy9jdGU0TUl3RitsV2xjCjNYbUdzRHl1TXU1MEpDSHBYMjhs
cEFjbkJXcTdRdzhyUHprNklJVlZvNGcKLS0tIDFFNDlYTlZMWm5wTHVzdm9BeEt2
dm9sdzFoTGpaR0ZYVEtFcG4vLzB3VlEKko4/GbpXhhytdOmqLhgPOKKmPFwgNSUv
EdAf8W3MhirilmuFgrFMO9NA3pNa0Ae4s0ueT4+xJXoOQuHRiucBHw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-12T06:07:20Z"
mac: ENC[AES256_GCM,data:11yN8Tqz/5vnvEhqmABbLcx5RJ9o2IVh1U/DkDPEatKDQOhyaSc2P4Jea4OLFIGvnrDcSeQVPuO1mVNV68wOJtOpAEPzGiEk8nhpKhFfyVl80XGrHZMuR9+TnTv28SlwFS6tuD+LzNhRn3x45VnLlaKOkzWZAk8JUACXjVIUh9Q=,iv:G346D2RuMFTDwdiEtUNLA3AeyGt/9gMZOkLzEUT5Otk=,tag:WrGjiQ4/JlWMowDDZyYB8A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2