Heimdall: add garage

--wip-- [skip ci]

modules/nixos/garage.nix

@@ -1,33 +1,31 @@
-{ config
-, lib
-, ...
-}:
-{
-  users.groups.garage = { };
-  users.users.garage = {
-    isSystemUser = true;
-    group = "garage";
-  };
+{ pkgs, config, ... }: {
+  # users.groups.garage = { };
+  # users.users.garage = {
+  #   isSystemUser = true;
+  #   group = "garage";
+  # };
   age.secrets.garage_rpc_secret = {
     file = ../../secrets/garage_rpc_secret.age;
     owner = "garage";
   };
 
-  networking.firewall.allowedTCPPorts = [
-    3900
-    3901
-  ];
+  # networking.firewall.allowedTCPPorts = [
+  #   3900
+  #   3901
+  # ];
 
-  # Not correctly passing mount bindings
-  systemd.services.garage.serviceConfig = {
-    ProtectHome = lib.mkForce false;
-    DynamicUser = false;
-  };
+  # # Not correctly passing mount bindings
+  # systemd.services.garage.serviceConfig = {
+  #   ProtectHome = lib.mkForce false;
+  #   DynamicUser = false;
+  # };
 
   services.garage = {
     enable = true;
+    package = pkgs.garage_2;
     settings = {
-      replication_mode = 1;
+      data_dir = "/mnt/raid/garage/";
+      replication_factor = 1;
       rpc_secret_file = config.age.secrets.garage_rpc_secret.path;
       rpc_bind_addr = "0.0.0.0:3901";
       bootstrap_peers = [ ];
@@ -43,6 +41,10 @@
         root_domain = ".web.bertof.net";
       };
 
+      k2v_api = {
+        api_bind_addr = "[::]:3904";
+      };
+
       admin = {
         api_bind_addr = "0.0.0.0:3903";
         # metrics_token = "72ad105afc44f30c189b2505f5583d3ea9be26a3e0a4730d48381b1ae4b70074";