From fbc936d604da379d50bd50726866dde492b836ba Mon Sep 17 00:00:00 2001
From: Filippo Berto <berto.f@protonmail.com>
Date: Sat, 18 May 2024 15:26:31 +0200
Subject: [PATCH] fixup! WIP - Freya: MinIO

---
 flake.nix                         |  1 +
 instances/freya/configuration.nix | 12 ------------
 modules/nixos/minio.nix           | 19 +++++++++++--------
 3 files changed, 12 insertions(+), 20 deletions(-)

diff --git a/flake.nix b/flake.nix
index b31e1e5..70c8aa6 100644
--- a/flake.nix
+++ b/flake.nix
@@ -220,6 +220,7 @@
               ./modules/nixos/users/tiziano.nix
 
               ./modules/nixos/torrentbox.nix
+              ./modules/nixos/minio.nix
               ./modules/nixos/nextcloud.nix
               ./modules/nixos/ntfy.nix
             ] ++ homeManagerModules ++ [
diff --git a/instances/freya/configuration.nix b/instances/freya/configuration.nix
index bc85dd8..d4e1787 100644
--- a/instances/freya/configuration.nix
+++ b/instances/freya/configuration.nix
@@ -6,7 +6,6 @@ in
 
   age.secrets = {
     ntfy-freya = { file = ../../secrets/ntfy-freya.age; owner = "bertof"; };
-    minio = { file = ../../secrets/minio.age; owner = "minio"; };
   };
 
   console = { font = "Lat2-Terminus16"; keyMap = "it"; };
@@ -84,17 +83,6 @@ in
     #   desktopManager.retroarch = { enable = true; package = pkgs.retroarchFull; };
     # };
 
-
-    minio = {
-      enable = true;
-      dataDir = [
-        # "/var/lib/minio/data"
-        "/mnt/raid/minio/data"
-      ];
-      rootCredentialsFile = config.age.secrets.minio.path;
-    };
-
-
     fail2ban = { enable = true; bantime-increment.enable = true; };
     plex = { enable = true; openFirewall = true; group = "users"; };
     jellyfin = { enable = true; openFirewall = true; group = "users"; };
diff --git a/modules/nixos/minio.nix b/modules/nixos/minio.nix
index 8a48b14..78a6c96 100644
--- a/modules/nixos/minio.nix
+++ b/modules/nixos/minio.nix
@@ -1,13 +1,16 @@
-{
-  networking.firewall.allowedTCPPorts = [
-    9000
-    9001
-  ];
+{ config, lib, ... }: {
+  age.secrets.minio = { file = ../../secrets/minio.age; owner = "minio"; };
 
   services.minio = {
     enable = true;
-    browser = true;
-    listenAddress = "0.0.0.0:9000";
-    consoleAddress = "0.0.0.0:9001";
+    dataDir = [
+      # "/var/lib/minio/data"
+      "/mnt/raid/minio/data/"
+    ];
+    rootCredentialsFile = config.age.secrets.minio.path;
   };
+
+  systemd.services.minio.serviceConfig.ExecStart =
+    let cfg = config.services.minio; in
+    lib.mkForce "${cfg.package}/bin/minio server --json --address ${cfg.listenAddress} --console-address ${cfg.consoleAddress} ${toString cfg.dataDir}";
 }