From 80a229ecf0d529031679e4c55d888edb4ccc0f00 Mon Sep 17 00:00:00 2001
From: Filippo Berto <berto.f@protonmail.com>
Date: Mon, 14 Jul 2025 18:19:38 +0200
Subject: [PATCH] Heimdall: add garage

--wip-- [skip ci]
---
 flake.nix                |  1 +
 modules/nixos/garage.nix | 42 +++++++++++++++++++++-------------------
 2 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/flake.nix b/flake.nix
index 7bb0071..86e48a8 100644
--- a/flake.nix
+++ b/flake.nix
@@ -400,6 +400,7 @@
               ./modules/nixos/torrentbox.nix
               ./modules/nixos/minio_server.nix
               ./modules/nixos/nextcloud.nix
+              ./modules/nixos/garage.nix
               # ./modules/nixos/ntfy.nix
               # S3 cache read
               # ./modules/nixos/s3_cache_read.nix
diff --git a/modules/nixos/garage.nix b/modules/nixos/garage.nix
index 93d52ec..99604ae 100644
--- a/modules/nixos/garage.nix
+++ b/modules/nixos/garage.nix
@@ -1,33 +1,31 @@
-{ config
-, lib
-, ...
-}:
-{
-  users.groups.garage = { };
-  users.users.garage = {
-    isSystemUser = true;
-    group = "garage";
-  };
+{ pkgs, config, ... }: {
+  # users.groups.garage = { };
+  # users.users.garage = {
+  #   isSystemUser = true;
+  #   group = "garage";
+  # };
   age.secrets.garage_rpc_secret = {
     file = ../../secrets/garage_rpc_secret.age;
     owner = "garage";
   };
 
-  networking.firewall.allowedTCPPorts = [
-    3900
-    3901
-  ];
+  # networking.firewall.allowedTCPPorts = [
+  #   3900
+  #   3901
+  # ];
 
-  # Not correctly passing mount bindings
-  systemd.services.garage.serviceConfig = {
-    ProtectHome = lib.mkForce false;
-    DynamicUser = false;
-  };
+  # # Not correctly passing mount bindings
+  # systemd.services.garage.serviceConfig = {
+  #   ProtectHome = lib.mkForce false;
+  #   DynamicUser = false;
+  # };
 
   services.garage = {
     enable = true;
+    package = pkgs.garage_2;
     settings = {
-      replication_mode = 1;
+      data_dir = "/mnt/raid/garage/";
+      replication_factor = 1;
       rpc_secret_file = config.age.secrets.garage_rpc_secret.path;
       rpc_bind_addr = "0.0.0.0:3901";
       bootstrap_peers = [ ];
@@ -43,6 +41,10 @@
         root_domain = ".web.bertof.net";
       };
 
+      k2v_api = {
+        api_bind_addr = "[::]:3904";
+      };
+
       admin = {
         api_bind_addr = "0.0.0.0:3903";
         # metrics_token = "72ad105afc44f30c189b2505f5583d3ea9be26a3e0a4730d48381b1ae4b70074";