From 33b3defff90f644b9fcf077e9f1ba74ee49991b4 Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Mon, 31 Jul 2023 23:37:28 +0200 Subject: [PATCH] S3 mount in thor --- flake.nix | 1 + instances/thor/configuration.nix | 5 +++++ instances/thor/hm.nix | 23 ++++++++++++++++++++++- secrets/garage_bertof_thor_key.age | 11 +++++++++++ secrets/secrets.nix | 1 + 5 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 secrets/garage_bertof_thor_key.age diff --git a/flake.nix b/flake.nix index 745d5a0..a92eefc 100644 --- a/flake.nix +++ b/flake.nix @@ -131,6 +131,7 @@ ./modules/nixos/pentablet.nix ./modules/nixos/steam-link.nix ./modules/nixos/kdeconnect.nix + ./modules/nixos/garage.nix ] ++ homeManagerModules ++ [ { home-manager.users.bertof = import ./instances/thor/hm.nix; } ]; diff --git a/instances/thor/configuration.nix b/instances/thor/configuration.nix index 68f42e6..53a36bf 100644 --- a/instances/thor/configuration.nix +++ b/instances/thor/configuration.nix @@ -1,5 +1,10 @@ { lib, config, pkgs, ... }: with lib; { + + age.secrets = { + garage_bertof_thor_key = { file = ../../secrets/garage_bertof_thor_key.age; owner = "bertof"; }; + }; + boot = { binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ]; # kernelPackages = pkgs.linuxPackages_latest; diff --git a/instances/thor/hm.nix b/instances/thor/hm.nix index 41fa8f5..6861718 100644 --- a/instances/thor/hm.nix +++ b/instances/thor/hm.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: { +{ pkgs, nixosConfig, ... }: { home = { language.base = "it_IT.UTF-8"; keyboard = { @@ -31,6 +31,27 @@ }; }; + systemd.user.services.garage-home-s3 = { + Unit = { + After = [ "network.target" "network-online.target" "local-fs.target" ]; + AssertPathIsDirectory = "/home/bertof/s3"; + AssertPathIsReadWrite = "/home/bertof/s3"; + Description = "Mount S3 bucket in bertof's home"; + StartLimitBurst = 5; + StartLimitInterval = 200; + Wants = [ "network.target" "network-online.target" ]; + }; + Service = { + ExecStart = "${pkgs.s3fs}/bin/s3fs -f -d bertof /home/bertof/s3 -o passwd_file=${nixosConfig.age.secrets.garage_bertof_thor_key.path},use_path_request_style,url=http://localhost:3900"; + Restart = "always"; + RestartSec = 30; + Type = "exec"; + }; + Install = { + WantedBy = [ "default.target" ]; + }; + }; + services = { gnome-keyring.enable = true; }; imports = [ diff --git a/secrets/garage_bertof_thor_key.age b/secrets/garage_bertof_thor_key.age new file mode 100644 index 0000000..0035da9 --- /dev/null +++ b/secrets/garage_bertof_thor_key.age @@ -0,0 +1,11 @@ +age-encryption.org/v1 +-> ssh-ed25519 13iwjQ JNIb379d+dNabgVqSpFB294mK8+k7NPKJQX8mKEzuH8 +puKWL9qNMLWZDHrQVmxNZ7YKrRlFlSLnYMXqbERmXi8 +-> ssh-ed25519 7MB20A dklcfIFj3QiG6d+TeEpgzmf2dsieh2cM+tQoJgmbSD4 +O/3nmRW5/lopDhNO5eS/xWRGgr7nhdJLEvNvR+/yPxA +-> ssh-ed25519 v7O/FA /Mi4MWnUWoe43AGj/68VfeJ1Hk8TyqUgXYNjPNMUeVw +7HoLZRNO3n+WRVakA+fK/lgu6Ruyg/DOP0S2hEmojo4 +-> 1`R`v4Yb-grease ] ywaX. +IoF9c6SPwQ +--- qMFNi8LNUGKx1TeX+h38uM+lSAMskuqF3/Xnfvi5GF0 +B!P08Mi;tn&;Ph2vf`yֶؑIPǷv)`B;.#5QW^~e A7Ft` \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index ed7e3b2..a55020c 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -20,6 +20,7 @@ in "garage_bertof_freya_key.age".publicKeys = devUsers ++ [ freya ]; "garage_bertof_loki_key.age".publicKeys = devUsers ++ [ loki ]; "garage_bertof_odin_key.age".publicKeys = devUsers ++ [ odin ]; + "garage_bertof_thor_key.age".publicKeys = devUsers ++ [ thor ]; "garage_tiziano_baldur_key.age".publicKeys = devUsers ++ [ baldur ]; "garage_tiziano_loki_key.age".publicKeys = devUsers ++ [ loki ]; "baldur_wg_priv.age".publicKeys = devUsers ++ systems;