bring back garage #1
8 changed files with 109 additions and 0 deletions
|
|
@ -98,3 +98,8 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *chunk
|
- *chunk
|
||||||
- *cy
|
- *cy
|
||||||
|
- path_regex: secrets/services/garage.yaml
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *chunk
|
||||||
|
- *cy
|
||||||
|
|
|
||||||
17
flake.lock
generated
17
flake.lock
generated
|
|
@ -422,6 +422,22 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-garage": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1736655158,
|
||||||
|
"narHash": "sha256-1ZVtf+4BvqJrGGXBQEjAxjKWSaoySVt46un4pN1zH5g=",
|
||||||
|
"owner": "cything",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"rev": "b7bc158e553db4031ce6242e341e64e1023ec86a",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "cything",
|
||||||
|
"ref": "garage-module",
|
||||||
|
"repo": "nixpkgs",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710695816,
|
"lastModified": 1710695816,
|
||||||
|
|
@ -525,6 +541,7 @@
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-borg": "nixpkgs-borg",
|
"nixpkgs-borg": "nixpkgs-borg",
|
||||||
"nixpkgs-btrbk": "nixpkgs-btrbk",
|
"nixpkgs-btrbk": "nixpkgs-btrbk",
|
||||||
|
"nixpkgs-garage": "nixpkgs-garage",
|
||||||
"nixvim": "nixvim",
|
"nixvim": "nixvim",
|
||||||
"sops-nix": "sops-nix",
|
"sops-nix": "sops-nix",
|
||||||
"treefmt": "treefmt"
|
"treefmt": "treefmt"
|
||||||
|
|
|
||||||
|
|
@ -31,6 +31,7 @@
|
||||||
nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR
|
nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR
|
||||||
nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR
|
nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR
|
||||||
eza.url = "github:nixos/nixpkgs/d722e8ce81cf103280ce1ff65accb3fc25cbd2ba";
|
eza.url = "github:nixos/nixpkgs/d722e8ce81cf103280ce1ff65accb3fc25cbd2ba";
|
||||||
|
nixpkgs-garage.url = "github:cything/nixpkgs/garage-module";
|
||||||
};
|
};
|
||||||
|
|
||||||
nixConfig = {
|
nixConfig = {
|
||||||
|
|
@ -142,10 +143,14 @@
|
||||||
modules = [
|
modules = [
|
||||||
{
|
{
|
||||||
nixpkgs = { inherit pkgs; };
|
nixpkgs = { inherit pkgs; };
|
||||||
|
disabledModules = [
|
||||||
|
"services/web-servers/garage.nix"
|
||||||
|
];
|
||||||
}
|
}
|
||||||
./hosts/chunk
|
./hosts/chunk
|
||||||
inputs.sops-nix.nixosModules.sops
|
inputs.sops-nix.nixosModules.sops
|
||||||
./modules
|
./modules
|
||||||
|
(inputs.nixpkgs-garage + "/nixos/modules/services/web-servers/garage.nix")
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -77,3 +77,13 @@ cache.cything.io {
|
||||||
import common
|
import common
|
||||||
reverse_proxy localhost:8090
|
reverse_proxy localhost:8090
|
||||||
}
|
}
|
||||||
|
|
||||||
|
s3.cy7.sh {
|
||||||
|
import common
|
||||||
|
reverse_proxy localhost:3900
|
||||||
|
}
|
||||||
|
|
||||||
|
admin.s3.cy7.sh {
|
||||||
|
import common
|
||||||
|
reverse_proxy localhost:3903
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,7 @@
|
||||||
./element.nix
|
./element.nix
|
||||||
./attic.nix
|
./attic.nix
|
||||||
./forgejo.nix
|
./forgejo.nix
|
||||||
|
./garage.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
sops.age.keyFile = "/root/.config/sops/age/keys.txt";
|
||||||
|
|
@ -65,6 +66,10 @@
|
||||||
"attic/env" = {
|
"attic/env" = {
|
||||||
sopsFile = ../../secrets/services/attic.yaml;
|
sopsFile = ../../secrets/services/attic.yaml;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"garage/env" = {
|
||||||
|
sopsFile = ../../secrets/services/garage.yaml;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.loader.grub.enable = true;
|
boot.loader.grub.enable = true;
|
||||||
|
|
|
||||||
18
hosts/chunk/garage.nix
Normal file
18
hosts/chunk/garage.nix
Normal file
|
|
@ -0,0 +1,18 @@
|
||||||
|
{config, pkgs, ...}: {
|
||||||
|
services.garage = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.garage;
|
||||||
|
settings = {
|
||||||
|
data_dir = "/mnt/garage";
|
||||||
|
s3_api = {
|
||||||
|
s3_region = "earth";
|
||||||
|
api_bind_addr = "[::]:3900";
|
||||||
|
};
|
||||||
|
admin.api_bind_addr = "[::]:3903";
|
||||||
|
rpc_bind_addr = "[::]:3901";
|
||||||
|
replication_factor = 1;
|
||||||
|
db_engine = "lmdb";
|
||||||
|
};
|
||||||
|
environmentFile = config.sops.secrets."garage/env".path;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -38,5 +38,23 @@
|
||||||
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic";
|
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.garage-mount = {
|
||||||
|
enable = true;
|
||||||
|
description = "Mount the garage data remote";
|
||||||
|
requires = [ "network-online.target" ];
|
||||||
|
after = [ "network-online.target" ];
|
||||||
|
requiredBy = [ "garage.service" ];
|
||||||
|
before = [ "garage.service" ];
|
||||||
|
serviceConfig = {
|
||||||
|
Type = "notify";
|
||||||
|
ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage";
|
||||||
|
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
|
||||||
|
config.sops.secrets."rclone/config".path
|
||||||
|
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage ";
|
||||||
|
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
programs.fuse.userAllowOther = true;
|
programs.fuse.userAllowOther = true;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
31
secrets/services/garage.yaml
Normal file
31
secrets/services/garage.yaml
Normal file
|
|
@ -0,0 +1,31 @@
|
||||||
|
garage:
|
||||||
|
env: ENC[AES256_GCM,data:miNp4SJ9xuMXSEIJYCZFWM96enAh8uwCxv0ySn2Jbp5V4Iso2uZ2R9dXqSS7y60pRq+bbXPYbBxBnmb+fhjvB7TdCLPom9CKSY8zMI7n/p1IE4qUFvzCG4ejV6BIsh/887BjzAx1UNcRG/9eUNcMfTu58wQwKmIzr1iu5pD+IlLHa+0/orpZKssQ2Ba1hMwLOAXp,iv:zgkGikunB4zQ4CfGgEd1DmLgYpEREJhoX4oT/zK3mI8=,tag:ohpZWF/lPHQc010mteJZDw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIemdMVVE4alZ2MElWeUpj
|
||||||
|
TjNhL2VYL2dwMmN0VzJxVGwzWHgvbm82QWtjCk1pem5SdzFpR0dRci80emo1VlVu
|
||||||
|
VWtWMVpoN2M4NUphcTgxeTB6aU83bjAKLS0tIGlJanA1TFBnaE9PTmRnQWVidE53
|
||||||
|
elRZaFVaZ1VTRU1MbWlqSkJNZG1oRW8K8IupEpJzC0CJGpxSTssiFrQgdHAzCW4I
|
||||||
|
IlvYdZkUou/6km5OMnsFqhqEqIjAwVuJ08YiNzAv67ZzTG0ThD133A==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiemRZRmF1NWozM1RFS2Z2
|
||||||
|
bld5V0lTS3V1OW1SU0VaR2IzZjJmbEtJVkhjCnBVKzFYUXYveGdkSTVmbzRldGRo
|
||||||
|
eVAxWXQ1TzczVjZiQ2NsUEk3YmhGNk0KLS0tIG04d0FDYXF1MU5ab3ZMTmpCUWNa
|
||||||
|
WTQ3dWs4enQrc2F3K3AvMUQvWEh6RDgKxJl3ftSpIrK+45LzjX9gIy41Lv+bcZsV
|
||||||
|
7rriUhKAtaCXsQcO6Povif7zJyCROYhC0sgpRhmMKoN76TAH3zxvag==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2025-01-08T20:44:32Z"
|
||||||
|
mac: ENC[AES256_GCM,data:rVv9sNYb9Fttm5IjonAZBmcrCqC1cAp2sjMJDZ3JMt+YeyiCUI6jsXSGAc3pgP+7vvaTvDvdNwlAa5axxA72omE4eAK+9me0RLI75vA4UGrh3KiB4qrHK6H6qMUFg92uhKFo+uhtxERIV5/HSwbZPBT2R0pbSSQzTKk5U9UuJsY=,iv:CRSEqphlBsHwPvwXlTQui5U4fsXWgWnZ+8KYFAyVRlg=,tag:82mxRsp5uCo235jzJNK8LQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.9.2
|
||||||
Loading…
Add table
Reference in a new issue