try out minio

2025-01-12 01:10:12 -05:00
6 changed files with 66 additions and 5 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@ -103,3 +103,8 @@ creation_rules:
      - age:
          - *chunk
          - *cy
  - path_regex: secrets/services/minio.yaml
    key_groups:
      - age:
          - *chunk
          - *cy
--- a/hosts/chunk/Caddyfile
+++ b/hosts/chunk/Caddyfile
@ -80,10 +80,10 @@ cache.cything.io {
 s3.cy7.sh {
  import common
-  reverse_proxy localhost:3900
+  reverse_proxy localhost:9000
 }
 admin.s3.cy7.sh {
  import common
-  reverse_proxy localhost:3903
+  reverse_proxy localhost:9001
 }
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -25,7 +25,7 @@
    ./element.nix
    ./attic.nix
    ./forgejo.nix
-    ./garage.nix
+    ./minio.nix
  ];
  sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -67,8 +67,8 @@
      sopsFile = ../../secrets/services/attic.yaml;
    };
-    "garage/env" = {
+    "minio/env" = {
-      sopsFile = ../../secrets/services/garage.yaml;
+      sopsFile = ../../secrets/services/minio.yaml;
    };
  };
--- a/hosts/chunk/minio.nix
+++ b/hosts/chunk/minio.nix
@ -0,0 +1,8 @@
 {config, ...}: {
  services.minio = {
    enable = true;
    rootCredentialsFile = config.sops.secrets."minio/env".path;
    region = "universe";
    dataDir = ["/mnt/minio"];
  };
 }
--- a/hosts/chunk/rclone.nix
+++ b/hosts/chunk/rclone.nix
@ -56,5 +56,22 @@
    };
  };
  systemd.services.minio-mount = {
    enable = true;
    description = "Mount the minio data remote";
    requires = [ "network-online.target" ];
    after = [ "network-online.target" ];
    requiredBy = [ "minio.service" ];
    before = [ "minio.service" ];
    serviceConfig = {
      Type = "notify";
      ExecStartPre = "/usr/bin/env mkdir -p /mnt/minio";
      ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
        config.sops.secrets."rclone/config".path
      } --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:minio /mnt/minio ";
      ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/minio";
    };
  };
  programs.fuse.userAllowOther = true;
 }
--- a/secrets/services/minio.yaml
+++ b/secrets/services/minio.yaml
@ -0,0 +1,31 @@
 minio:
    env: ENC[AES256_GCM,data:3wb5XH2HxQQEKqvCqdth6vY9P1ByyMKpcq5QDiHq3xLCKOeM2L6K6tmD802R05uxyVVWOJ2RxJhAFc7vHg==,iv:80oTja4e5Ep0oObgWVTViyo3ODgTV/+YOkDHjCmB/Oo=,tag:SNfXXdAsOINE+5FDPUo4CQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
    azure_kv: []
    hc_vault: []
    age:
        - recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBeFA1VjRZSy9IYlVhc3pz
            NWdORnRab0lFSmR4NGJ4UUFxalIweWJ6QUI4ClZQbU5CTGhhZE1TV2R5WERLQ2lJ
            MkJFQnNxbmpUY0FmcXdxaDdkNGhZSjQKLS0tIFBWaENPVU5WUTNNMGdNeStVdEF2
            aUhmZnU4QkwxU2pvNXFveUtEdXp3dkEKbV9CA1D+5r3nKXHDkis6TixV1WALNe+q
            4d1U8M+i6T8SKeWGiW2WgR/2WqrjgaZv22ZSJvORHUFZjCbQLMtjYw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVUUh0eUp0NjJpekk4aFhi
            YXJKazJIdG45cXE4Yy9jdGU0TUl3RitsV2xjCjNYbUdzRHl1TXU1MEpDSHBYMjhs
            cEFjbkJXcTdRdzhyUHprNklJVlZvNGcKLS0tIDFFNDlYTlZMWm5wTHVzdm9BeEt2
            dm9sdzFoTGpaR0ZYVEtFcG4vLzB3VlEKko4/GbpXhhytdOmqLhgPOKKmPFwgNSUv
            EdAf8W3MhirilmuFgrFMO9NA3pNa0Ae4s0ueT4+xJXoOQuHRiucBHw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-01-12T06:07:20Z"
    mac: ENC[AES256_GCM,data:11yN8Tqz/5vnvEhqmABbLcx5RJ9o2IVh1U/DkDPEatKDQOhyaSc2P4Jea4OLFIGvnrDcSeQVPuO1mVNV68wOJtOpAEPzGiEk8nhpKhFfyVl80XGrHZMuR9+TnTv28SlwFS6tuD+LzNhRn3x45VnLlaKOkzWZAk8JUACXjVIUh9Q=,iv:G346D2RuMFTDwdiEtUNLA3AeyGt/9gMZOkLzEUT5Otk=,tag:WrGjiQ4/JlWMowDDZyYB8A==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.9.2