From 95911b5e64034468f5e1cb52d3b0649d093ac763 Mon Sep 17 00:00:00 2001 From: Filippo Berto Date: Mon, 10 Apr 2023 01:00:13 +0200 Subject: [PATCH] S3 garage cluster --- flake.nix | 6 +++- loki/hardware-configuration.nix | 6 ++++ nixos_modules/garage.nix | 20 ++++++++----- secrets/garage_rpc_secret.age | 50 ++++++++++++++++----------------- 4 files changed, 48 insertions(+), 34 deletions(-) diff --git a/flake.nix b/flake.nix index 7cb8229..0c0a54b 100644 --- a/flake.nix +++ b/flake.nix @@ -102,7 +102,7 @@ { # age.secrets.oauth_proxy_client_credentials.file = ./secrets/oauth_proxy_client_credentials.age; age.secrets.spotify_password = { file = ./secrets/spotify_password.age; owner = "bertof"; }; - age.secrets.garage_rpc_secret.file = ./secrets/garage_rpc_secret.age; + age.secrets.garage_rpc_secret = { file = ./secrets/garage_rpc_secret.age; owner = "garage"; }; } ./nixos_modules/bertof_user.nix @@ -203,6 +203,8 @@ ({ lib, ... }: { boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; }) + + ./nixos_modules/garage.nix ]; }; }; @@ -218,6 +220,8 @@ "${nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix" ./nixos_modules/digitalocean.nix { home-manager.users.bertof = import ./baldur/hm.nix; } + + ./nixos_modules/garage.nix ]; }; }; diff --git a/loki/hardware-configuration.nix b/loki/hardware-configuration.nix index 20c9b02..6681ac3 100644 --- a/loki/hardware-configuration.nix +++ b/loki/hardware-configuration.nix @@ -40,6 +40,12 @@ options = [ "subvol=@condiviso" "compress=lzo" ]; }; + fileSystems."/var/lib/garage/data" = { + device = "/dev/disk/by-uuid/2e897ea5-c8f9-4fa8-9cc6-3f5807ba8afc"; + fsType = "btrfs"; + options = [ "subvol=@garage" "compress=lzo" ]; + }; + swapDevices = [{ device = "/swapfile"; size = 1024 * 4; diff --git a/nixos_modules/garage.nix b/nixos_modules/garage.nix index 19b124c..e59b51e 100644 --- a/nixos_modules/garage.nix +++ b/nixos_modules/garage.nix @@ -1,16 +1,22 @@ -{ config, ... }: { +{ config, pkgs, ... }: { + users.groups.garage = { }; + users.users.garage = { + isSystemUser = true; + group = "garage"; + }; + + networking.firewall.interfaces."ztmjfdwjkp".allowedTCPPorts = [ + 3901 + ]; + services.garage = { + package = pkgs.unstable_pkgs.garage; enable = true; settings = { - db_engine = "lmdb"; replication_mode = 1; - # rpc_secret = "1cd018fba0fe414cc179348ca4ccdda9811ab3ba5dd50bd3ffe31639e3b268d6"; rpc_secret_file = config.age.secrets.garage_rpc_secret.path; rpc_bind_addr = "[::]:3901"; - bootstrap_peers = [ - # "@loki.local:3901" - # "b84c2bc806c004a6d88b3bec92ce50916f150aa26278317b71bdba5b173a0a58@thor.local:3901" - ]; + bootstrap_peers = [ ]; s3_api = { api_bind_addr = "[::]:3900"; diff --git a/secrets/garage_rpc_secret.age b/secrets/garage_rpc_secret.age index a64cefa..39bacfd 100644 --- a/secrets/garage_rpc_secret.age +++ b/secrets/garage_rpc_secret.age @@ -1,27 +1,25 @@ age-encryption.org/v1 --> ssh-ed25519 lC44xg ybzKpXRQo23+PTg7AY9PIxHBP7FPTo6Gx12jXVjbVhY -Ai6OPVbreRuACiHp/jEHX1YmPV8jqdIYj7JvooOlyrA --> ssh-ed25519 2L7QNA /si6fQPefUzyHV3yu+RvQvLx2VzNgv8pQxVAOZ+G5Cw -WrHI3JWqwzjPhLJBiqWt7SCfTkEEqw7bhAzI4qmZMoQ --> ssh-ed25519 sNAOqA 4zQM/QURU60hX8XVHx7uTjyntsQiee4ziaY4wSxvRl0 -ZhBAILCX+LH7n7mDxpBsF8Y0T992pdoKH+ftkl15WcA --> ssh-ed25519 13iwjQ GSe5Da1jwgU7StVtp+tEJkJYRh1+pBu38PP4deKTrxs -UNcze1Eysj9gm8Mu6CeL4fa+NM+IInIZRpLI8XoS64E --> ssh-ed25519 7MB20A 2gSqbzohCNga1Q03Iavj/Ei3H7pdC8sGs/fTY8mV9Ts -HwWXSlwEk8ZoYc6J8TXs3X9PpA60EnmgxyFgQe4PHSk --> ssh-ed25519 IvyYug fUL/Cx1zW488tiD2rqawc4MEqAhANtIEr0NcHFJ06W0 -k8dCZcfalLHMw81WJHE1qrJWtu0UiTaHILkVVhmtv0g --> ssh-ed25519 v7O/FA w4UdgXrSVbzlzfFe8S2md4Tjwj48Q9VV7isdqTBWrTs -HxogK5ulsVSsSVH61+k2FI+nOpcfdB7xBUT6AZQ46cE --> ssh-ed25519 Wzv8ew 9uX05RmANJBqZVNU74XZoqokPY7lc72zvWBGdErucVU -r3cRa6Dow6eWUtw1uZAkiMz3dWrJxXiZWKUxUHQYdI4 --> ssh-ed25519 XgC3XA nc+heMkkM6ZMFnsbt51n5hwMNX3fLFuQApLzS1tJFSM -z1Hezf+UWHbQV97K+M0sz1dQNsuSJkA9lzKT+48QOX8 --> ssh-ed25519 l795CA iEOWKA2NACCN9nAawcQIYUp58k3qIFKyq8owlYKVs20 -Xn7hLdvyoRbJR/rtMe7XypyzarGTJZfc/QnzIWxgmWw --> +-grease E(q -3syIk/GAKbMdZwddJkiAyEYEcvjBkkq9cCDr46+8Uyc/yL6gGwA22Vk//WBPtedJ -ay9NA7gENiUlUFkhakjYYPMqPJVFj2OhHIEIZLnwH5cyEYaOAw33 ---- BSVN4bd8Ya+YbvF/3ClvOxLvjY3nbVeHj139z/L0auM -u͘0yEPdlj`6^u? yR?l#ZV1dFݕ -IU z!(3yzM{%D; {u \ No newline at end of file +-> ssh-ed25519 lC44xg nIpxUyy08MuFJ9cc/XeqAEMblNelJQbkAWVdL8c++FM +/yPhZvJzqLyWHD/dVrpy/qciYpVP/DA5DIEP5eNSSsc +-> ssh-ed25519 2L7QNA WpL8lmto07hSXOpZ44htAIIUxFHwOIs8XaZXt56Jlko +C2xSQ1S3h3Om02BhXQDtJwveG1mLAoHPgiFMsILO2eI +-> ssh-ed25519 sNAOqA exocgvIDQZUjlq9guDryMjVJjkMdy/SbmDZQBJ20oTc +w+dEIv6Z9he0WWYJY9PdXFNivn6VtH0l6/Kpbyex84o +-> ssh-ed25519 13iwjQ ON58UJSTkJTsuotpTIp1/Q8reyRutHWSrEupYomLpBw +OKrm8MTNISXd01ACeUj1OMcbAWzneLFpHm7Ms8tzjPA +-> ssh-ed25519 7MB20A hmw7MJSSbSHwckx9Tk/9x+SsyHNvBPamu1f6LsVmUyQ +qcgCkK1uc5HaYHfTOxRRW773PpEW3c/gvEu094ng9YE +-> ssh-ed25519 IvyYug SJ8Z0/kjxdNjC/InqU8wmhqintT7DdXqVhHmc1ovFyo +VRD3zDh6AMwtVA24yYC1KEUgPZ7baXpFBswK7DqlFdk +-> ssh-ed25519 v7O/FA Isf2m+rRPd7/7OkpzYiSTdDZ7Bz+V5wWyAtkqZhHoGw +oxC5o0vOOkuMXnslIRwzPNSPLPUg6olwG04CNsA15CQ +-> ssh-ed25519 Wzv8ew 36WVtLCWVXltOp0DOI+13wIHyFyNipYrABQammeawB0 +2HH2ww2uVX4jzlXzJoHYP9W/VBGcpw8YpTw/Awn6DP0 +-> ssh-ed25519 XgC3XA DQDnMKY8jDaVlUxFpxSVG5bhqmhHYQh4VimWyEFGtR0 +E0zQkRMYFNWGD1f5+DZcZRAKLdPLl4I9GpHAnMTVPR0 +-> ssh-ed25519 l795CA /aSwyb+iwzAs7JFbkUCEG63TNa9TvecOd2fFIHflu3Y +hgSpkb8OyDecZQdSYElSYGHC+GBA0mgHuZeho7Swa+4 +-> hVA;w-grease 9%;0zs-E m{dqZB +IpdT0UCfKNEd3kpgCGZVBeQ/kvqDVV4pnLI +--- pnNXlufoQU1IL3aOlDJ3yTiI5eItMPa/fyohWFp9wGE +sUM=n(lYuhMQbS8r !3$/T!\GU(Xv|;4(Sol \ No newline at end of file