bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

S3 garage cluster

Browse source
This commit is contained in:
Filippo Berto 2023-04-10 01:00:13 +02:00
parent 90b6180bc1
commit 95911b5e64
No known key found for this signature in database
GPG key ID: FE98AE5EC52B1056
4 changed files with 48 additions and 34 deletions
Download patch file Download diff file Expand all files Collapse all files

6
flake.nix
View file

@ -102,7 +102,7 @@
{ {
# age.secrets.oauth_proxy_client_credentials.file = ./secrets/oauth_proxy_client_credentials.age; # age.secrets.oauth_proxy_client_credentials.file = ./secrets/oauth_proxy_client_credentials.age;
age.secrets.spotify_password = { file = ./secrets/spotify_password.age; owner = "bertof"; }; age.secrets.spotify_password = { file = ./secrets/spotify_password.age; owner = "bertof"; };
age.secrets.garage_rpc_secret.file = ./secrets/garage_rpc_secret.age; age.secrets.garage_rpc_secret = { file = ./secrets/garage_rpc_secret.age; owner = "garage"; };
} }
./nixos_modules/bertof_user.nix ./nixos_modules/bertof_user.nix
@ -203,6 +203,8 @@
({ lib, ... }: { ({ lib, ... }: {
boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
}) })
./nixos_modules/garage.nix
]; ];
}; };
}; };
@ -218,6 +220,8 @@
"${nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix" "${nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"
./nixos_modules/digitalocean.nix ./nixos_modules/digitalocean.nix
{ home-manager.users.bertof = import ./baldur/hm.nix; } { home-manager.users.bertof = import ./baldur/hm.nix; }
./nixos_modules/garage.nix
]; ];
}; };
}; };

6
loki/hardware-configuration.nix
View file

@ -40,6 +40,12 @@
options = [ "subvol=@condiviso" "compress=lzo" ]; options = [ "subvol=@condiviso" "compress=lzo" ];
}; };
fileSystems."/var/lib/garage/data" = {
device = "/dev/disk/by-uuid/2e897ea5-c8f9-4fa8-9cc6-3f5807ba8afc";
fsType = "btrfs";
options = [ "subvol=@garage" "compress=lzo" ];
};
swapDevices = [{ swapDevices = [{
device = "/swapfile"; device = "/swapfile";
size = 1024 * 4; size = 1024 * 4;

20
nixos_modules/garage.nix
View file

@ -1,16 +1,22 @@
{ config, ... }: { { config, pkgs, ... }: {
users.groups.garage = { };
users.users.garage = {
isSystemUser = true;
group = "garage";
};
networking.firewall.interfaces."ztmjfdwjkp".allowedTCPPorts = [
3901
];
services.garage = { services.garage = {
package = pkgs.unstable_pkgs.garage;
enable = true; enable = true;
settings = { settings = {
db_engine = "lmdb";
replication_mode = 1; replication_mode = 1;
# rpc_secret = "1cd018fba0fe414cc179348ca4ccdda9811ab3ba5dd50bd3ffe31639e3b268d6";
rpc_secret_file = config.age.secrets.garage_rpc_secret.path; rpc_secret_file = config.age.secrets.garage_rpc_secret.path;
rpc_bind_addr = "[::]:3901"; rpc_bind_addr = "[::]:3901";
bootstrap_peers = [ bootstrap_peers = [ ];
# "<key>@loki.local:3901"
# "b84c2bc806c004a6d88b3bec92ce50916f150aa26278317b71bdba5b173a0a58@thor.local:3901"
];
s3_api = { s3_api = {
api_bind_addr = "[::]:3900"; api_bind_addr = "[::]:3900";

50
secrets/garage_rpc_secret.age
View file

@ -1,27 +1,25 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 lC44xg ybzKpXRQo23+PTg7AY9PIxHBP7FPTo6Gx12jXVjbVhY -> ssh-ed25519 lC44xg nIpxUyy08MuFJ9cc/XeqAEMblNelJQbkAWVdL8c++FM
Ai6OPVbreRuACiHp/jEHX1YmPV8jqdIYj7JvooOlyrA /yPhZvJzqLyWHD/dVrpy/qciYpVP/DA5DIEP5eNSSsc
-> ssh-ed25519 2L7QNA /si6fQPefUzyHV3yu+RvQvLx2VzNgv8pQxVAOZ+G5Cw -> ssh-ed25519 2L7QNA WpL8lmto07hSXOpZ44htAIIUxFHwOIs8XaZXt56Jlko
WrHI3JWqwzjPhLJBiqWt7SCfTkEEqw7bhAzI4qmZMoQ C2xSQ1S3h3Om02BhXQDtJwveG1mLAoHPgiFMsILO2eI
-> ssh-ed25519 sNAOqA 4zQM/QURU60hX8XVHx7uTjyntsQiee4ziaY4wSxvRl0 -> ssh-ed25519 sNAOqA exocgvIDQZUjlq9guDryMjVJjkMdy/SbmDZQBJ20oTc
ZhBAILCX+LH7n7mDxpBsF8Y0T992pdoKH+ftkl15WcA w+dEIv6Z9he0WWYJY9PdXFNivn6VtH0l6/Kpbyex84o
-> ssh-ed25519 13iwjQ GSe5Da1jwgU7StVtp+tEJkJYRh1+pBu38PP4deKTrxs -> ssh-ed25519 13iwjQ ON58UJSTkJTsuotpTIp1/Q8reyRutHWSrEupYomLpBw
UNcze1Eysj9gm8Mu6CeL4fa+NM+IInIZRpLI8XoS64E OKrm8MTNISXd01ACeUj1OMcbAWzneLFpHm7Ms8tzjPA
-> ssh-ed25519 7MB20A 2gSqbzohCNga1Q03Iavj/Ei3H7pdC8sGs/fTY8mV9Ts -> ssh-ed25519 7MB20A hmw7MJSSbSHwckx9Tk/9x+SsyHNvBPamu1f6LsVmUyQ
HwWXSlwEk8ZoYc6J8TXs3X9PpA60EnmgxyFgQe4PHSk qcgCkK1uc5HaYHfTOxRRW773PpEW3c/gvEu094ng9YE
-> ssh-ed25519 IvyYug fUL/Cx1zW488tiD2rqawc4MEqAhANtIEr0NcHFJ06W0 -> ssh-ed25519 IvyYug SJ8Z0/kjxdNjC/InqU8wmhqintT7DdXqVhHmc1ovFyo
k8dCZcfalLHMw81WJHE1qrJWtu0UiTaHILkVVhmtv0g VRD3zDh6AMwtVA24yYC1KEUgPZ7baXpFBswK7DqlFdk
-> ssh-ed25519 v7O/FA w4UdgXrSVbzlzfFe8S2md4Tjwj48Q9VV7isdqTBWrTs -> ssh-ed25519 v7O/FA Isf2m+rRPd7/7OkpzYiSTdDZ7Bz+V5wWyAtkqZhHoGw
HxogK5ulsVSsSVH61+k2FI+nOpcfdB7xBUT6AZQ46cE oxC5o0vOOkuMXnslIRwzPNSPLPUg6olwG04CNsA15CQ
-> ssh-ed25519 Wzv8ew 9uX05RmANJBqZVNU74XZoqokPY7lc72zvWBGdErucVU -> ssh-ed25519 Wzv8ew 36WVtLCWVXltOp0DOI+13wIHyFyNipYrABQammeawB0
r3cRa6Dow6eWUtw1uZAkiMz3dWrJxXiZWKUxUHQYdI4 2HH2ww2uVX4jzlXzJoHYP9W/VBGcpw8YpTw/Awn6DP0
-> ssh-ed25519 XgC3XA nc+heMkkM6ZMFnsbt51n5hwMNX3fLFuQApLzS1tJFSM -> ssh-ed25519 XgC3XA DQDnMKY8jDaVlUxFpxSVG5bhqmhHYQh4VimWyEFGtR0
z1Hezf+UWHbQV97K+M0sz1dQNsuSJkA9lzKT+48QOX8 E0zQkRMYFNWGD1f5+DZcZRAKLdPLl4I9GpHAnMTVPR0
-> ssh-ed25519 l795CA iEOWKA2NACCN9nAawcQIYUp58k3qIFKyq8owlYKVs20 -> ssh-ed25519 l795CA /aSwyb+iwzAs7JFbkUCEG63TNa9TvecOd2fFIHflu3Y
Xn7hLdvyoRbJR/rtMe7XypyzarGTJZfc/QnzIWxgmWw hgSpkb8OyDecZQdSYElSYGHC+GBA0mgHuZeho7Swa+4
-> +-grease E(q -> hVA;w-grease 9%;0zs-E m{dqZB
3syIk/GAKbMdZwddJkiAyEYEcvjBkkq9cCDr46+8Uyc/yL6gGwA22Vk//WBPtedJ IpdT0UCfKNEd3kpgCGZVBeQ/kvqDVV4pnLI
ay9NA7gENiUlUFkhakjYYPMqPJVFj2OhHIEIZLnwH5cyEYaOAw33 --- pnNXlufoQU1IL3aOlDJ3yTiI5eItMPa/fyohWFp9wGE
--- BSVN4bd8Ya+YbvF/3ClvOxLvjY3nbVeHj139z/L0auM sUô¡ÑM€Î=¸òïõn¡(lYuÔhM…<4D>ÅþQü¤b¡ïSåŸ8ËrÆä ³ž!3$ŸÙÀ/TÏÀØÜý¸!îØ\G×U(Xœèæßv³ñ|;4(¾†So¡l
˜»ò0óyEPãd<EFBFBD>läjß`Ôà6^u?Κ Rûë?lî#ZŸ“<C5B8>þV1d¶FîÿÝ•
ãIÉU Û úz¿!ëƒ(3Äy—zM{<7B>%<25>±ˆDè;<3B> å{uû