diff --git a/secrets/OVHCloud.yaml b/secrets/OVHCloud.yaml index be659b5..4514fd4 100644 --- a/secrets/OVHCloud.yaml +++ b/secrets/OVHCloud.yaml @@ -3,6 +3,8 @@ caddy: ovh_application_key: ENC[AES256_GCM,data:48HzVrSa35qUSkLO7sbUwg==,iv:QfTRXsfTlgeoJdRJIph39EBbLynRNxH4DkFuuC06IuE=,tag:m8lJPHEEpK24MKUou0MTpw==,type:str] ovh_application_secret: ENC[AES256_GCM,data:X+grjuPsaIRYUEZZyoL1Tqx55tNYpvovYsXEwB15+K0=,iv:b88NCbfxahkryBp6eey74hc2IBwLTbTBe001uVJHaKw=,tag:HDw8w4g5ZS4m8ePCvvwJqw==,type:str] ovh_consumer_key: ENC[AES256_GCM,data:oFLHB7obwz3F59Vt8LRxpKaHBjEaoYCrKLKPoqVHz4M=,iv:rXxR2Nv3YaT2QubZUqIi60RxaHe9ZaIT9hLiogbPVFw=,tag:5m+xXEUbN+a2fHCf+EXf9A==,type:str] +garage: + rpc_secret: ENC[AES256_GCM,data:xuophXVfHY3Xw+RyDPnZ5LCQXB+cHyRCWvT2l5MiyXGAlP6GSJpewDqJ5xvLclHfHNJP9YKJ3scJV/iX5FE+rw==,iv:wtlrpUUkXa2WYvQS/vfJJBS34V5CIAYQ8oCf/SjHp5k=,tag:r16InXGTKIBPOHjMSYlEog==,type:str] sops: kms: [] gcp_kms: [] @@ -27,8 +29,8 @@ sops: MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-26T14:24:37Z" - mac: ENC[AES256_GCM,data:ZogwRhz1TqI47baW9j6hJwooIfIQtSuAYWAz4gs6a+UocsHLl5+GasLZSOhQvlRsvz8Vcgp5AeLN0ehAOrDItT7SqvepdwelaJo/irS3Wq5MfM+jemZZtOUXzshq8rueffyV9Ra2JiiYqNtZQ2w8GtgjEdpwWgwbIhb0u7fheGM=,iv:X9MB2IQ1LdQNv/ldwbzF1q8LCXArDiWMk5fet1IOzaE=,tag:73JhlFP2gYI5l8Ml5e1maw==,type:str] + lastmodified: "2024-09-27T14:21:34Z" + mac: ENC[AES256_GCM,data:OkF7A/94sqkmHNcBq9uA+tJCJhFiaoZvQRfR1rtLlgmCsusbeF/rSekQaP2WE4K29aGD6mYZxcnvcCewYiEEXA6S6rpwuCOje+ti5dfg8BFaxivWxtRKQjS3az+z/AkLfE7EYBbMwsZX2T52zZaXW6d49u68++Lg8Y+vC/aRGHw=,iv:MoFQEc3C6DIlwM7r16lr9KqA1TZ2Pmk0s+mlSC5+PW8=,tag:RMsodI9Nzt8t2fYXPDTibQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0 diff --git a/services/default.nix b/services/default.nix index ae35c80..066f456 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1,5 +1,6 @@ { imports = [ ./uptime-kuma + ./garage ]; } diff --git a/services/garage/default.nix b/services/garage/default.nix new file mode 100644 index 0000000..1c2277e --- /dev/null +++ b/services/garage/default.nix @@ -0,0 +1,36 @@ +# TODO: Run as different user +{...}: { + sops.secrets."garage/rpc_secret".owner = "root"; + + services.caddy.virtualHosts."*.s3.gasdev.fr".extraConfig = '' + reverse_proxy http://127.0.0.1:3900 + ''; + + services.caddy.virtualHosts."*.s3web.gasdev.fr".extraConfig = '' + reverse_proxy http://127.0.0.1:3902 + ''; + + virtualisation.oci-containers.containers = { + garage = { + image = "docker.io/dxflrs/garage:v1.0.0"; + autoStart = true; + ports = [ + "127.0.0.1:3900:3900" + "127.0.0.1:3901:3901" + "127.0.0.1:3902:3902" + ]; + volumes = [ + "/etc/garage.toml:/etc/garage.toml" + "/var/lib/garage/meta:/var/lib/garage/meta" + "/var/lib/garage/data:/var/lib/garage/data" + "/run/secrets/garage/rpc_secret:/run/secrets/garage/rpc_secret" + ]; + }; + }; + + environment.etc."garage.toml".text = builtins.readFile ./garage.toml; + systemd.tmpfiles.rules = [ + "d /var/lib/garage/meta 0700 root root -" + "d /var/lib/garage/data 0700 root root -" + ]; +} diff --git a/services/garage/garage.toml b/services/garage/garage.toml new file mode 100644 index 0000000..7fc8003 --- /dev/null +++ b/services/garage/garage.toml @@ -0,0 +1,22 @@ +metadata_dir = "/var/lib/garage/meta" +data_dir = "/var/lib/garage/data" +db_engine = "lmdb" +metadata_auto_snapshot_interval = "6h" + +replication_factor = 3 + +compression_level = 2 + +rpc_bind_addr = "[::]:3901" +rpc_public_addr = "gasdev.fr:3901" +rpc_secret_file = "/run/secrets/garage/rpc_secret" + +[s3_api] +s3_region = "garage" +api_bind_addr = "[::]:3900" +root_domain = ".s3.gasdev.fr" + +[s3_web] +bind_addr = "[::]:3902" +root_domain = ".s3web.gasdev.fr" +index = "index.html"