Garage on loki

2023-03-22 10:44:48 +01:00 · 2023-03-22 10:44:48 +01:00 · 90b6180bc1
commit 90b6180bc1
parent d5fbab32bc
11 changed files with 183 additions and 31 deletions
--- a/flake.nix
+++ b/flake.nix
@ -102,6 +102,7 @@
        {
          # age.secrets.oauth_proxy_client_credentials.file = ./secrets/oauth_proxy_client_credentials.age;
          age.secrets.spotify_password = { file = ./secrets/spotify_password.age; owner = "bertof"; };
+          age.secrets.garage_rpc_secret.file = ./secrets/garage_rpc_secret.age;
        }

        ./nixos_modules/bertof_user.nix
@ -235,6 +236,8 @@
                home-manager.users.bertof = import ./loki/hm.nix;
                home-manager.users.tiziano = import ./loki/hm_tiziano.nix;
              }
+
+              ./nixos_modules/garage.nix
            ];
          };
        };
--- a/freya/configuration.nix
+++ b/freya/configuration.nix
@ -19,6 +19,7 @@
  i18n.defaultLocale = "it_IT.UTF-8";

  networking.hostName = "freya";
+  networking.firewall.allowedTCPPorts = [ 80 ];

  programs = {
    dconf.enable = true;
@ -47,11 +48,28 @@
    blueman.enable = true;
    dbus.packages = [ pkgs.dconf ];
    gnome.gnome-keyring.enable = true;
+    # nextcloud = {
+    #   enable = true;
+    #   hostName = "freya.local";
+    #   config.adminpassFile = config.age.secrets.nextcloud_admin_secret.path;
+    #   config.objectstore.s3 = {
+    #     enable = true;
+    #     bucket = "nextcloud-bucket";
+    #     autocreate = false;
+    #     key = "GK42a6b774429bfc254f4a5d36";
+    #     secretFile = config.age.secrets.nextcloud_bucket_secret.path;
+    #     hostname = "localhost";
+    #     port = 3900;
+    #     useSsl = false;
+    #     region = "garage";
+    #     usePathStyle = true;
+    #   };
+    # };
    openssh = { enable = true; openFirewall = true; };
-    xserver = {
-      enable = true;
-      desktopManager.retroarch = { enable = true; package = pkgs.retroarchFull; };
-    };
+    # xserver = {
+    #   enable = true;
+    #   desktopManager.retroarch = { enable = true; package = pkgs.retroarchFull; };
+    # };
  };

  time.timeZone = "Europe/Rome";
--- a/hm_modules/zellij.nix.orig
+++ b/hm_modules/zellij.nix.orig
@ -0,0 +1,66 @@
+<<<<<<< HEAD
+{ pkgs, ... }:
+let
+  strPalette = pkgs.lib.nix-rice.palette.toRgbHex pkgs.rice.colorPalette;
+in
+{
+  programs.zellij.enable = true;
+
+  home.shellAliases."ze" = "zellij";
+
+  xdg.configFile."zellij/config.kdl".text = ''
+    theme "nix-rice"
+    pane_frames false
+  '';
+
+  xdg.configFile."zellij/themes/nix-rice.kdl".text = ''
+    themes {
+      nix-rice {
+        bg "${strPalette.primary.foreground}"
+        fg "${strPalette.primary.background}"
+        red "${strPalette.normal.red}"
+        black "${strPalette.normal.black}"
+        green "${strPalette.normal.green}"
+        yellow "${strPalette.normal.yellow}"
+        blue "${strPalette.normal.blue}"
+        magenta "${strPalette.normal.magenta}"
+        cyan "${strPalette.normal.cyan}"
+        white "${strPalette.normal.white}"
+        orange "${strPalette.bright.red}"
+      }
+    }
+  '';
+}
+||||||| parent of 6c85a84 (Zellij)
+=======
+{ pkgs, ... }:
+let
+  strPalette = pkgs.lib.nix-rice.palette.toRgbHex pkgs.rice.colorPalette;
+in
+{
+  programs.zellij.enable = true;
+
+  xdg.configFile."zellij/config.kdl".text = ''
+    theme "nix-rice"
+    pane_frames false
+  '';
+
+  xdg.configFile."zellij/themes/nix-rice.kdl".text = ''
+    themes {
+      nix-rice {
+        bg "${strPalette.primary.foreground}"
+        fg "${strPalette.primary.background}"
+        red "${strPalette.normal.red}"
+        black "${strPalette.normal.black}"
+        green "${strPalette.normal.green}"
+        yellow "${strPalette.normal.yellow}"
+        blue "${strPalette.normal.blue}"
+        magenta "${strPalette.normal.magenta}"
+        cyan "${strPalette.normal.cyan}"
+        white "${strPalette.normal.white}"
+        orange "${strPalette.bright.red}"
+      }
+    }
+  '';
+}
+>>>>>>> 6c85a84 (Zellij)
--- a/nixos_modules/garage.nix
+++ b/nixos_modules/garage.nix
@ -0,0 +1,34 @@
+{ config, ... }: {
+  services.garage = {
+    enable = true;
+    settings = {
+      db_engine = "lmdb";
+      replication_mode = 1;
+      # rpc_secret = "1cd018fba0fe414cc179348ca4ccdda9811ab3ba5dd50bd3ffe31639e3b268d6";
+      rpc_secret_file = config.age.secrets.garage_rpc_secret.path;
+      rpc_bind_addr = "[::]:3901";
+      bootstrap_peers = [
+        # "<key>@loki.local:3901"
+        # "b84c2bc806c004a6d88b3bec92ce50916f150aa26278317b71bdba5b173a0a58@thor.local:3901"
+      ];
+
+      s3_api = {
+        api_bind_addr = "[::]:3900";
+        s3_region = "garage";
+        root_domain = ".s3.bertof.net";
+      };
+
+      s3_web = {
+        bind_addr = "[::]:3902";
+        root_domain = ".web.bertof.net";
+      };
+
+      admin = {
+        api_bind_addr = "0.0.0.0:3903";
+        # metrics_token = "72ad105afc44f30c189b2505f5583d3ea9be26a3e0a4730d48381b1ae4b70074";
+        # admin_token = "05bf164fe1ce3ecc1dff8fb1e5b237331d24b109792be714738fa92b2d14213d";
+        # trace_sink = "http://localhost:4317";
+      };
+    };
+  };
+}
--- a/odin/hm.nix
+++ b/odin/hm.nix
@ -118,6 +118,7 @@
    ../hm_modules/webapp.nix
    ../hm_modules/xidlehook.nix
    ../hm_modules/zathura.nix
+    ../hm_modules/zellij.nix
  ];

  home.stateVersion = "22.05";
--- a/secrets/garage_rpc_secret.age
+++ b/secrets/garage_rpc_secret.age
@ -0,0 +1,27 @@
+age-encryption.org/v1
+-> ssh-ed25519 lC44xg ybzKpXRQo23+PTg7AY9PIxHBP7FPTo6Gx12jXVjbVhY
+Ai6OPVbreRuACiHp/jEHX1YmPV8jqdIYj7JvooOlyrA
+-> ssh-ed25519 2L7QNA /si6fQPefUzyHV3yu+RvQvLx2VzNgv8pQxVAOZ+G5Cw
+WrHI3JWqwzjPhLJBiqWt7SCfTkEEqw7bhAzI4qmZMoQ
+-> ssh-ed25519 sNAOqA 4zQM/QURU60hX8XVHx7uTjyntsQiee4ziaY4wSxvRl0
+ZhBAILCX+LH7n7mDxpBsF8Y0T992pdoKH+ftkl15WcA
+-> ssh-ed25519 13iwjQ GSe5Da1jwgU7StVtp+tEJkJYRh1+pBu38PP4deKTrxs
+UNcze1Eysj9gm8Mu6CeL4fa+NM+IInIZRpLI8XoS64E
+-> ssh-ed25519 7MB20A 2gSqbzohCNga1Q03Iavj/Ei3H7pdC8sGs/fTY8mV9Ts
+HwWXSlwEk8ZoYc6J8TXs3X9PpA60EnmgxyFgQe4PHSk
+-> ssh-ed25519 IvyYug fUL/Cx1zW488tiD2rqawc4MEqAhANtIEr0NcHFJ06W0
+k8dCZcfalLHMw81WJHE1qrJWtu0UiTaHILkVVhmtv0g
+-> ssh-ed25519 v7O/FA w4UdgXrSVbzlzfFe8S2md4Tjwj48Q9VV7isdqTBWrTs
+HxogK5ulsVSsSVH61+k2FI+nOpcfdB7xBUT6AZQ46cE
+-> ssh-ed25519 Wzv8ew 9uX05RmANJBqZVNU74XZoqokPY7lc72zvWBGdErucVU
+r3cRa6Dow6eWUtw1uZAkiMz3dWrJxXiZWKUxUHQYdI4
+-> ssh-ed25519 XgC3XA nc+heMkkM6ZMFnsbt51n5hwMNX3fLFuQApLzS1tJFSM
+z1Hezf+UWHbQV97K+M0sz1dQNsuSJkA9lzKT+48QOX8
+-> ssh-ed25519 l795CA iEOWKA2NACCN9nAawcQIYUp58k3qIFKyq8owlYKVs20
+Xn7hLdvyoRbJR/rtMe7XypyzarGTJZfc/QnzIWxgmWw
+-> +-grease E(q
+3syIk/GAKbMdZwddJkiAyEYEcvjBkkq9cCDr46+8Uyc/yL6gGwA22Vk//WBPtedJ
+ay9NA7gENiUlUFkhakjYYPMqPJVFj2OhHIEIZLnwH5cyEYaOAw33
+--- BSVN4bd8Ya+YbvF/3ClvOxLvjY3nbVeHj139z/L0auM
+uÍ˜»ò0óyEPãd<EFBFBD>läjß`Ôà6^u?ÎšyúRûë?–l–î#ZŸ“<C5B8>þV1d¶FîÿÝ•
+ãIÉU
Û úz¿!ëƒ(3Äy—zM{<7B>%<25>±ˆDè;<3B>
 å{uû
--- a/secrets/nextcloud_admin_secret.age
+++ b/secrets/nextcloud_admin_secret.age
--- a/secrets/nextcloud_bucket_secret.age
+++ b/secrets/nextcloud_bucket_secret.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -4,7 +4,7 @@ let
  bertof_freya =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAg2XYk1zynb713ky1JRcmXMCbuEt41AoIEemtmvgV7p";
  bertof_loki =
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK13mAQgkc8oTXj5VbGrwAJ3ragiZIG/WuVUdnVOnsu1";
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF4R5yaOKWlmbnufhAeY8NronqGkwc253mstjPt44heM bertof@loki";
  bertof_odin =
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhxOjo9Ac9hVd3eOR56F6sClUMUh1m7VpcmzA18dslj";
  bertof_thor =
@ -26,4 +26,7 @@ in
 {
  # "oauth_proxy_client_credentials.age".publicKeys = users ++ systems;
  "spotify_password.age".publicKeys = users ++ systems;
+  "garage_rpc_secret.age".publicKeys = users ++ systems;
+  "nextcloud_admin_secret.age".publicKeys = users ++ systems;
+  "nextcloud_bucket_secret.age".publicKeys = users ++ systems;
 }
--- a/secrets/spotify_password.age
+++ b/secrets/spotify_password.age
@ -1,27 +1,26 @@
 age-encryption.org/v1
-> ssh-ed25519 lC44xg +5dYF6Tqqo+U547RevPMoife9Vkh0djnmIhpMkAwJH8
-8bz5Cx5WpNUnS4MQeSg6/zZrmrMknKDkRWULSjjdY4w
-> ssh-ed25519 2L7QNA rtT/Li8vXcAwXDgDstIHuf1TyxcFnbq/grYGlurPaGs
-UUsj46M35WK4gpDHcXABp2XZEUv/hmTVZ6gkhC6H9JM
-> ssh-ed25519 cNZgxQ uDTG0JhJq9I8R2eykXwvAWHbTXwJDYekdqIVM4xu0lI
-2FKO53M05T7b/qSsgLC9u7H2s591XbOi6Sw53NUXDgA
-> ssh-ed25519 13iwjQ 8Ksy+jkRPFvdpzoNZQfFWefOoS+zZeMGQXA2AHpsZws
-V2pp6PYuMvANXPYdF2rdPRNuMcoOL9jKNFMKx8dDP0A
-> ssh-ed25519 7MB20A VXr5bxIiz5b77QgCMiFBWRD9BoXMcG8OTtiowHNGCXE
-q3J8OpqA2hG3fBQNQgVRX0EpbqBF4vXD5mWEFIC0VWI
-> ssh-ed25519 IvyYug Aggq9sBm+WXcGrnOTpXcyMboU0bOKqWWKOV+vnKiEW8
-27bVXEyUu+6K+q+uOK7Kst1Ap/sHngRjzdtIQJppwas
-> ssh-ed25519 v7O/FA fyhjCEqvPevtNCakMZC3b+sC1tqKHb8DN4EX6kkW6EU
-97mOdPqoqgsoLDCb4TS58iQl11mhWBdMLhv2KrU5lJg
-> ssh-ed25519 Wzv8ew 8HwTlkcVQllpuQ2IOJEXm7ULskzru6QYKxtI2uzPjmg
-BjHxuCDORfI1CLVl/bwavFiktcORfl5Y/U7zmd6/Gck
-> ssh-ed25519 XgC3XA bv3KpMp0WdpiIAQf1ZtyR5YcM8BG2DPJq5aBvw/V72Q
-MeSg/SJqOgQwAypfErX7bDUnkOS+j4qnjwztchoYLJE
-> ssh-ed25519 l795CA 4w9zFHlFers1yB/ZIAaK4p6Fa/I/6xQcnt+zfgE2Pgg
-6HetmoUXTRLBcWPis6NZQW2bpH8/TE2FpDBQWWwANEs
-> GP7-grease lH1)!] >|, ry DLD*$c<
-+jaIgDL4jtbrtjMtaQWOlfTwdMQwVeWBO1sEkoRP
--- Z7fL3vF48UW9qXbomtkBhI2CZUg2u2Fa43DptEci3i0
-ÌHí¢¾WÄ˜
'
-/íVi¬
-ðòœ|ÿU<C3BF>¶=RÃ)r‘G·’@I.æ>{6€(
+-> ssh-ed25519 lC44xg Gu2a4bBme7wzv8OHEIyRmvyZ0QHLPEHXuf58YGrDsDM
+LiIN1QNhgUuPexUUcuZjUHTRUHL+2no7SkYp5+UgIDI
+-> ssh-ed25519 2L7QNA pCkz1K5J48W9spryk7R10Czq13C9y0nXSr1sqqmKsU8
+mCVZWpAMKh07YdrBDlti0z4Gl7ciphUn7izbzvqAV0I
+-> ssh-ed25519 sNAOqA LT2C3WVmw22wFWKv9Q+JKtoEn51uNfbcfbjHSpTXjRs
+OhQv/ssw88QbasdvinuOM7xVmYtFFm3dDKND5oJW9ic
+-> ssh-ed25519 13iwjQ vjvgYAeMOSrXHF792LAN2vgHnNchWSfl3dgntFB77Bc
+NLp2HNMl8YMNzKCpMAf5R6+yskq+YEyB+z57kECZkcI
+-> ssh-ed25519 7MB20A 9Y8MaGIHSjuY/wgyENMtcm1mm+7ykvJXfbZuhdbADV8
+rkj2t4HaUltGvg5t2lwoxj43FqkhVAd2O7FNub8ReOU
+-> ssh-ed25519 IvyYug vXETZBXjzQHgP3R4O3CyetLWCGlc+vaD6mmuvAfq5D0
+vbVvSvQwDJ/+IyPX/IY67DjYZ7mQboK3gpnsid0LYKA
+-> ssh-ed25519 v7O/FA R4Ruac52xVswdW+kDauFeWq9k88N3o5Rop9HT62/SkY
+2HbAe6y0/b78TDtO1LmN5Sjx5jx7BOLJzuGwtS8MdeQ
+-> ssh-ed25519 Wzv8ew nVmadpPRxk99IZK7ZgzJgWOFXKnp3uIqbIa/JF0PAm4
+FrNKzTxR1QQQaZF8jIe4ZVscEQ50I4ZKKPEWDKJXSL8
+-> ssh-ed25519 XgC3XA XP3+BgBK2X0AVNkJR1Dof3dZJxpeYm8X6aeCbqVofEY
+L1De6mLmlB+00XIhrsVKU1CDiAuPgo1VRp/VPodzF8o
+-> ssh-ed25519 l795CA bG/zMcTC7s9QEu/M/eFh9ZNlUO1rs/M9Vo03NrIhYXY
+71XRh4maIrge6IqLqk3bD2Pa5yzOnZLLg1q8cyzU4To
+-> WPjB}A-grease 7 '}kH |)<kmJ
+/KeHzYvRjk+XmivEEgtIVB7kV5uCcy9nBmUuTo8ZE/ZPorgFubFwxx/tKEuiDl0q
+hYzlt8x86Yxrkh8SpGDZ+Ao
+--- 97AkDjKnyXZt/9F9OfqNLQn5mJE4np9JMgXrKMwbwK4
+žúã,<2C>…*,q>ú¹%1ŠìÐátç‹ðw1¸qA'<27>ÉüßÎùü»‡|Ž60¼
--- a/thor/hm.nix
+++ b/thor/hm.nix
@ -107,6 +107,7 @@
    ../hm_modules/webapp.nix
    ../hm_modules/xidlehook.nix
    ../hm_modules/zathura.nix
+    ../hm_modules/zellij.nix
  ];

  home.stateVersion = "22.11";