S3 garage cluster

2023-04-10 01:00:13 +02:00 · 2023-04-10 01:00:13 +02:00 · 95911b5e64
commit 95911b5e64
parent 90b6180bc1
4 changed files with 48 additions and 34 deletions
--- a/flake.nix
+++ b/flake.nix
@ -102,7 +102,7 @@
        {
          # age.secrets.oauth_proxy_client_credentials.file = ./secrets/oauth_proxy_client_credentials.age;
          age.secrets.spotify_password = { file = ./secrets/spotify_password.age; owner = "bertof"; };
-          age.secrets.garage_rpc_secret.file = ./secrets/garage_rpc_secret.age;
+          age.secrets.garage_rpc_secret = { file = ./secrets/garage_rpc_secret.age; owner = "garage"; };
        }

        ./nixos_modules/bertof_user.nix
@ -203,6 +203,8 @@
              ({ lib, ... }: {
                boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
              })
+
+              ./nixos_modules/garage.nix
            ];
          };
        };
@ -218,6 +220,8 @@
              "${nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"
              ./nixos_modules/digitalocean.nix
              { home-manager.users.bertof = import ./baldur/hm.nix; }
+
+              ./nixos_modules/garage.nix
            ];
          };
        };
--- a/loki/hardware-configuration.nix
+++ b/loki/hardware-configuration.nix
@ -40,6 +40,12 @@
    options = [ "subvol=@condiviso" "compress=lzo" ];
  };

+  fileSystems."/var/lib/garage/data" = {
+    device = "/dev/disk/by-uuid/2e897ea5-c8f9-4fa8-9cc6-3f5807ba8afc";
+    fsType = "btrfs";
+    options = [ "subvol=@garage" "compress=lzo" ];
+  };
+
  swapDevices = [{
    device = "/swapfile";
    size = 1024 * 4;
--- a/nixos_modules/garage.nix
+++ b/nixos_modules/garage.nix
@ -1,16 +1,22 @@
-{ config, ... }: {
+{ config, pkgs, ... }: {
+  users.groups.garage = { };
+  users.users.garage = {
+    isSystemUser = true;
+    group = "garage";
+  };
+
+  networking.firewall.interfaces."ztmjfdwjkp".allowedTCPPorts = [
+    3901
+  ];
+
  services.garage = {
+    package = pkgs.unstable_pkgs.garage;
    enable = true;
    settings = {
-      db_engine = "lmdb";
      replication_mode = 1;
-      # rpc_secret = "1cd018fba0fe414cc179348ca4ccdda9811ab3ba5dd50bd3ffe31639e3b268d6";
      rpc_secret_file = config.age.secrets.garage_rpc_secret.path;
      rpc_bind_addr = "[::]:3901";
-      bootstrap_peers = [
-        # "<key>@loki.local:3901"
-        # "b84c2bc806c004a6d88b3bec92ce50916f150aa26278317b71bdba5b173a0a58@thor.local:3901"
-      ];
+      bootstrap_peers = [ ];

      s3_api = {
        api_bind_addr = "[::]:3900";
--- a/secrets/garage_rpc_secret.age
+++ b/secrets/garage_rpc_secret.age
@ -1,27 +1,25 @@
 age-encryption.org/v1
-> ssh-ed25519 lC44xg ybzKpXRQo23+PTg7AY9PIxHBP7FPTo6Gx12jXVjbVhY
-Ai6OPVbreRuACiHp/jEHX1YmPV8jqdIYj7JvooOlyrA
-> ssh-ed25519 2L7QNA /si6fQPefUzyHV3yu+RvQvLx2VzNgv8pQxVAOZ+G5Cw
-WrHI3JWqwzjPhLJBiqWt7SCfTkEEqw7bhAzI4qmZMoQ
-> ssh-ed25519 sNAOqA 4zQM/QURU60hX8XVHx7uTjyntsQiee4ziaY4wSxvRl0
-ZhBAILCX+LH7n7mDxpBsF8Y0T992pdoKH+ftkl15WcA
-> ssh-ed25519 13iwjQ GSe5Da1jwgU7StVtp+tEJkJYRh1+pBu38PP4deKTrxs
-UNcze1Eysj9gm8Mu6CeL4fa+NM+IInIZRpLI8XoS64E
-> ssh-ed25519 7MB20A 2gSqbzohCNga1Q03Iavj/Ei3H7pdC8sGs/fTY8mV9Ts
-HwWXSlwEk8ZoYc6J8TXs3X9PpA60EnmgxyFgQe4PHSk
-> ssh-ed25519 IvyYug fUL/Cx1zW488tiD2rqawc4MEqAhANtIEr0NcHFJ06W0
-k8dCZcfalLHMw81WJHE1qrJWtu0UiTaHILkVVhmtv0g
-> ssh-ed25519 v7O/FA w4UdgXrSVbzlzfFe8S2md4Tjwj48Q9VV7isdqTBWrTs
-HxogK5ulsVSsSVH61+k2FI+nOpcfdB7xBUT6AZQ46cE
-> ssh-ed25519 Wzv8ew 9uX05RmANJBqZVNU74XZoqokPY7lc72zvWBGdErucVU
-r3cRa6Dow6eWUtw1uZAkiMz3dWrJxXiZWKUxUHQYdI4
-> ssh-ed25519 XgC3XA nc+heMkkM6ZMFnsbt51n5hwMNX3fLFuQApLzS1tJFSM
-z1Hezf+UWHbQV97K+M0sz1dQNsuSJkA9lzKT+48QOX8
-> ssh-ed25519 l795CA iEOWKA2NACCN9nAawcQIYUp58k3qIFKyq8owlYKVs20
-Xn7hLdvyoRbJR/rtMe7XypyzarGTJZfc/QnzIWxgmWw
-> +-grease E(q
-3syIk/GAKbMdZwddJkiAyEYEcvjBkkq9cCDr46+8Uyc/yL6gGwA22Vk//WBPtedJ
-ay9NA7gENiUlUFkhakjYYPMqPJVFj2OhHIEIZLnwH5cyEYaOAw33
--- BSVN4bd8Ya+YbvF/3ClvOxLvjY3nbVeHj139z/L0auM
-uÍ˜»ò0óyEPãd<EFBFBD>läjß`Ôà6^u?ÎšyúRûë?–l–î#ZŸ“<C5B8>þV1d¶FîÿÝ•
-ãIÉU
Û úz¿!ëƒ(3Äy—zM{<7B>%<25>±ˆDè;<3B>
 å{uû
+-> ssh-ed25519 lC44xg nIpxUyy08MuFJ9cc/XeqAEMblNelJQbkAWVdL8c++FM
+/yPhZvJzqLyWHD/dVrpy/qciYpVP/DA5DIEP5eNSSsc
+-> ssh-ed25519 2L7QNA WpL8lmto07hSXOpZ44htAIIUxFHwOIs8XaZXt56Jlko
+C2xSQ1S3h3Om02BhXQDtJwveG1mLAoHPgiFMsILO2eI
+-> ssh-ed25519 sNAOqA exocgvIDQZUjlq9guDryMjVJjkMdy/SbmDZQBJ20oTc
+w+dEIv6Z9he0WWYJY9PdXFNivn6VtH0l6/Kpbyex84o
+-> ssh-ed25519 13iwjQ ON58UJSTkJTsuotpTIp1/Q8reyRutHWSrEupYomLpBw
+OKrm8MTNISXd01ACeUj1OMcbAWzneLFpHm7Ms8tzjPA
+-> ssh-ed25519 7MB20A hmw7MJSSbSHwckx9Tk/9x+SsyHNvBPamu1f6LsVmUyQ
+qcgCkK1uc5HaYHfTOxRRW773PpEW3c/gvEu094ng9YE
+-> ssh-ed25519 IvyYug SJ8Z0/kjxdNjC/InqU8wmhqintT7DdXqVhHmc1ovFyo
+VRD3zDh6AMwtVA24yYC1KEUgPZ7baXpFBswK7DqlFdk
+-> ssh-ed25519 v7O/FA Isf2m+rRPd7/7OkpzYiSTdDZ7Bz+V5wWyAtkqZhHoGw
+oxC5o0vOOkuMXnslIRwzPNSPLPUg6olwG04CNsA15CQ
+-> ssh-ed25519 Wzv8ew 36WVtLCWVXltOp0DOI+13wIHyFyNipYrABQammeawB0
+2HH2ww2uVX4jzlXzJoHYP9W/VBGcpw8YpTw/Awn6DP0
+-> ssh-ed25519 XgC3XA DQDnMKY8jDaVlUxFpxSVG5bhqmhHYQh4VimWyEFGtR0
+E0zQkRMYFNWGD1f5+DZcZRAKLdPLl4I9GpHAnMTVPR0
+-> ssh-ed25519 l795CA /aSwyb+iwzAs7JFbkUCEG63TNa9TvecOd2fFIHflu3Y
+hgSpkb8OyDecZQdSYElSYGHC+GBA0mgHuZeho7Swa+4
+-> hVA;w-grease 9%;0zs-E m{dqZB
+IpdT0UCfKNEd3kpgCGZVBeQ/kvqDVV4pnLI
+--- pnNXlufoQU1IL3aOlDJ3yTiI5eItMPa/fyohWFp9wGE
+sUô¡ÑM€Î=¸òïõn¡(lYuÔhM…<4D>ÅþQü¤b¡ïSåŸ8ËrÆä	³ž!3$ŸÙÀ/TÏÀØÜý¸!îØ\‹G×U(Xœèæßv³ñ|;4(‘¾†S‹o¡l