S3 mount in thor

2023-07-31 23:37:28 +02:00 · 2023-07-31 23:37:28 +02:00 · 33b3defff9
commit 33b3defff9
parent af8390dc1c
5 changed files with 40 additions and 1 deletions
--- a/flake.nix
+++ b/flake.nix
@ -131,6 +131,7 @@
              ./modules/nixos/pentablet.nix
              ./modules/nixos/steam-link.nix
              ./modules/nixos/kdeconnect.nix
+              ./modules/nixos/garage.nix
            ] ++ homeManagerModules ++ [
              { home-manager.users.bertof = import ./instances/thor/hm.nix; }
            ];
--- a/instances/thor/configuration.nix
+++ b/instances/thor/configuration.nix
@ -1,5 +1,10 @@
 { lib, config, pkgs, ... }:
 with lib; {
+
+  age.secrets = {
+    garage_bertof_thor_key = { file = ../../secrets/garage_bertof_thor_key.age; owner = "bertof"; };
+  };
+
  boot = {
    binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
    # kernelPackages = pkgs.linuxPackages_latest;
--- a/instances/thor/hm.nix
+++ b/instances/thor/hm.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ pkgs, nixosConfig, ... }: {
  home = {
    language.base = "it_IT.UTF-8";
    keyboard = {
@ -31,6 +31,27 @@
    };
  };

+  systemd.user.services.garage-home-s3 = {
+    Unit = {
+      After = [ "network.target" "network-online.target" "local-fs.target" ];
+      AssertPathIsDirectory = "/home/bertof/s3";
+      AssertPathIsReadWrite = "/home/bertof/s3";
+      Description = "Mount S3 bucket in bertof's home";
+      StartLimitBurst = 5;
+      StartLimitInterval = 200;
+      Wants = [ "network.target" "network-online.target" ];
+    };
+    Service = {
+      ExecStart = "${pkgs.s3fs}/bin/s3fs -f -d bertof /home/bertof/s3 -o passwd_file=${nixosConfig.age.secrets.garage_bertof_thor_key.path},use_path_request_style,url=http://localhost:3900";
+      Restart = "always";
+      RestartSec = 30;
+      Type = "exec";
+    };
+    Install = {
+      WantedBy = [ "default.target" ];
+    };
+  };
+
  services = { gnome-keyring.enable = true; };

  imports = [
--- a/secrets/garage_bertof_thor_key.age
+++ b/secrets/garage_bertof_thor_key.age
@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 13iwjQ JNIb379d+dNabgVqSpFB294mK8+k7NPKJQX8mKEzuH8
+puKWL9qNMLWZDHrQVmxNZ7YKrRlFlSLnYMXqbERmXi8
+-> ssh-ed25519 7MB20A dklcfIFj3QiG6d+TeEpgzmf2dsieh2cM+tQoJgmbSD4
+O/3nmRW5/lopDhNO5eS/xWRGgr7nhdJLEvNvR+/yPxA
+-> ssh-ed25519 v7O/FA /Mi4MWnUWoe43AGj/68VfeJ1Hk8TyqUgXYNjPNMUeVw
+7HoLZRNO3n+WRVakA+fK/lgu6Ruyg/DOP0S2hEmojo4
+-> 1`R`v4Yb-grease ] ywaX.
+IoF9c6SPwQ
+--- qMFNi8LNUGKx1TeX+h38uM+lSAMskuqF3/Xnfvi5GF0
+BÑÑ—!P0¶8Miž; ˜ò»á®<>tnüÄ&·†;¶Ph·2éþvf`y—›²£ÝÖ¶Ø‘ˆ‘ÓI—ÃÑÆPÆÆÇ·Öãv²²)`ÊBÄ;‚.#5í¶ÿ<C2B6>éŸQW^~eÈ	þìÕîÕóA’7<E28099>˜˜<CB9C>Fµté`–
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -20,6 +20,7 @@ in
  "garage_bertof_freya_key.age".publicKeys = devUsers ++ [ freya ];
  "garage_bertof_loki_key.age".publicKeys = devUsers ++ [ loki ];
  "garage_bertof_odin_key.age".publicKeys = devUsers ++ [ odin ];
+  "garage_bertof_thor_key.age".publicKeys = devUsers ++ [ thor ];
  "garage_tiziano_baldur_key.age".publicKeys = devUsers ++ [ baldur ];
  "garage_tiziano_loki_key.age".publicKeys = devUsers ++ [ loki ];
  "baldur_wg_priv.age".publicKeys = devUsers ++ systems;