cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

merge into: cy:main
Branches Tags
cy:main
cy:update
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:downgrade-kernel
cy:update_flake_lock_action
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:test
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:temp
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:staging
cy:garage
cy:harmonia
cy:impermanence
...
pull from: cy:garage
Branches Tags
cy:update
cy:main
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:downgrade-kernel
cy:update_flake_lock_action
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:test
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:temp
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:staging
cy:garage
cy:harmonia
cy:impermanence
Sign in to create a new pull request.

1 commit
main ... garage

Author SHA1 Message Date
cy
d0b6b60fb4 init 2025-01-08 17:31:51 -05:00
7 changed files with 90 additions and 3 deletions
Show stats Expand all files Collapse all files

5
.sops.yaml
View file

@ -98,3 +98,8 @@ creation_rules:
- age: - age:
- *chunk - *chunk
- *cy - *cy
- path_regex: secrets/services/garage.yaml
key_groups:
- age:
- *chunk
- *cy

10
hosts/chunk/Caddyfile
View file

@ -65,3 +65,13 @@ cache.cything.io {
import common import common
reverse_proxy localhost:8090 reverse_proxy localhost:8090
} }
s3.cything.io {
import common
reverse_proxy localhost:3900
}
admin.s3.cything.io {
import common
reverse_proxy localhost:3903
}

4
hosts/chunk/default.nix
View file

@ -25,6 +25,7 @@
./immich.nix ./immich.nix
./element.nix ./element.nix
./attic.nix ./attic.nix
./garage.nix
]; ];
sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -85,6 +86,9 @@
"attic/env" = { "attic/env" = {
sopsFile = ../../secrets/services/attic.yaml; sopsFile = ../../secrets/services/attic.yaml;
}; };
"garage/env" = {
sopsFile = ../../secrets/services/garage.yaml;
};
}; };
boot.loader.grub.enable = true; boot.loader.grub.enable = true;

20
hosts/chunk/garage.nix Normal file
View file

@ -0,0 +1,20 @@
{config, pkgs, lib, ...}: {
services.garage = {
enable = true;
package = pkgs.garage;
settings = {
data_dir = "/mnt/garage";
s3_api = {
s3_region = "earth";
api_bind_addr = "[::]:3900";
};
admin.api_bind_addr = "[::]:3903";
rpc_bind_addr = "[::]:3901";
replication_factor = 1;
db_engine = "lmdb";
};
environmentFile = config.sops.secrets."garage/env".path;
};
systemd.services.garage.serviceConfig.DynamicUser = lib.mkForce false;
}

17
hosts/chunk/rclone.nix
View file

@ -38,5 +38,22 @@
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic";
}; };
}; };
systemd.services.garage-mount = {
enable = true;
description = "Mount the garage data remote";
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
requiredBy = [ "garage.service" ];
before = [ "garage.service" ];
serviceConfig = {
Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage";
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
config.sops.secrets."rclone/config".path
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage ";
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
};
};
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
} }

6
secrets/services/attic.yaml
View file

File diff suppressed because one or more lines are too long

31
secrets/services/garage.yaml Normal file
View file

@ -0,0 +1,31 @@
garage:
env: ENC[AES256_GCM,data:miNp4SJ9xuMXSEIJYCZFWM96enAh8uwCxv0ySn2Jbp5V4Iso2uZ2R9dXqSS7y60pRq+bbXPYbBxBnmb+fhjvB7TdCLPom9CKSY8zMI7n/p1IE4qUFvzCG4ejV6BIsh/887BjzAx1UNcRG/9eUNcMfTu58wQwKmIzr1iu5pD+IlLHa+0/orpZKssQ2Ba1hMwLOAXp,iv:zgkGikunB4zQ4CfGgEd1DmLgYpEREJhoX4oT/zK3mI8=,tag:ohpZWF/lPHQc010mteJZDw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIemdMVVE4alZ2MElWeUpj
TjNhL2VYL2dwMmN0VzJxVGwzWHgvbm82QWtjCk1pem5SdzFpR0dRci80emo1VlVu
VWtWMVpoN2M4NUphcTgxeTB6aU83bjAKLS0tIGlJanA1TFBnaE9PTmRnQWVidE53
elRZaFVaZ1VTRU1MbWlqSkJNZG1oRW8K8IupEpJzC0CJGpxSTssiFrQgdHAzCW4I
IlvYdZkUou/6km5OMnsFqhqEqIjAwVuJ08YiNzAv67ZzTG0ThD133A==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiemRZRmF1NWozM1RFS2Z2
bld5V0lTS3V1OW1SU0VaR2IzZjJmbEtJVkhjCnBVKzFYUXYveGdkSTVmbzRldGRo
eVAxWXQ1TzczVjZiQ2NsUEk3YmhGNk0KLS0tIG04d0FDYXF1MU5ab3ZMTmpCUWNa
WTQ3dWs4enQrc2F3K3AvMUQvWEh6RDgKxJl3ftSpIrK+45LzjX9gIy41Lv+bcZsV
7rriUhKAtaCXsQcO6Povif7zJyCROYhC0sgpRhmMKoN76TAH3zxvag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-08T20:44:32Z"
mac: ENC[AES256_GCM,data:rVv9sNYb9Fttm5IjonAZBmcrCqC1cAp2sjMJDZ3JMt+YeyiCUI6jsXSGAc3pgP+7vvaTvDvdNwlAa5axxA72omE4eAK+9me0RLI75vA4UGrh3KiB4qrHK6H6qMUFg92uhKFo+uhtxERIV5/HSwbZPBT2R0pbSSQzTKk5U9UuJsY=,iv:CRSEqphlBsHwPvwXlTQui5U4fsXWgWnZ+8KYFAyVRlg=,tag:82mxRsp5uCo235jzJNK8LQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2