Compare commits
4 commits
9338a7d2ef
...
8da4050d77
Author | SHA1 | Date | |
---|---|---|---|
|
8da4050d77 | ||
|
1f9f05fa9a | ||
|
028e4725b9 | ||
|
fecfce7ad9 |
6 changed files with 72 additions and 5 deletions
|
@ -30,8 +30,14 @@
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = inputs.caddy.packages.${pkgs.system}.caddy;
|
package = inputs.caddy.packages.${pkgs.system}.caddy;
|
||||||
virtualHosts."siuu.gasdev.fr".extraConfig = ''
|
|
||||||
respond "Hello, world!"
|
globalConfig = ''
|
||||||
|
acme_dns ovh {
|
||||||
|
endpoint {$OVH_ENDPOINT}
|
||||||
|
application_key {$OVH_APPLICATION_KEY}
|
||||||
|
application_secret {$OVH_APPLICATION_SECRET}
|
||||||
|
consumer_key {$OVH_CONSUMER_KEY}
|
||||||
|
}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
systemd.services.caddy = {
|
systemd.services.caddy = {
|
||||||
|
|
|
@ -3,6 +3,8 @@ caddy:
|
||||||
ovh_application_key: ENC[AES256_GCM,data:48HzVrSa35qUSkLO7sbUwg==,iv:QfTRXsfTlgeoJdRJIph39EBbLynRNxH4DkFuuC06IuE=,tag:m8lJPHEEpK24MKUou0MTpw==,type:str]
|
ovh_application_key: ENC[AES256_GCM,data:48HzVrSa35qUSkLO7sbUwg==,iv:QfTRXsfTlgeoJdRJIph39EBbLynRNxH4DkFuuC06IuE=,tag:m8lJPHEEpK24MKUou0MTpw==,type:str]
|
||||||
ovh_application_secret: ENC[AES256_GCM,data:X+grjuPsaIRYUEZZyoL1Tqx55tNYpvovYsXEwB15+K0=,iv:b88NCbfxahkryBp6eey74hc2IBwLTbTBe001uVJHaKw=,tag:HDw8w4g5ZS4m8ePCvvwJqw==,type:str]
|
ovh_application_secret: ENC[AES256_GCM,data:X+grjuPsaIRYUEZZyoL1Tqx55tNYpvovYsXEwB15+K0=,iv:b88NCbfxahkryBp6eey74hc2IBwLTbTBe001uVJHaKw=,tag:HDw8w4g5ZS4m8ePCvvwJqw==,type:str]
|
||||||
ovh_consumer_key: ENC[AES256_GCM,data:oFLHB7obwz3F59Vt8LRxpKaHBjEaoYCrKLKPoqVHz4M=,iv:rXxR2Nv3YaT2QubZUqIi60RxaHe9ZaIT9hLiogbPVFw=,tag:5m+xXEUbN+a2fHCf+EXf9A==,type:str]
|
ovh_consumer_key: ENC[AES256_GCM,data:oFLHB7obwz3F59Vt8LRxpKaHBjEaoYCrKLKPoqVHz4M=,iv:rXxR2Nv3YaT2QubZUqIi60RxaHe9ZaIT9hLiogbPVFw=,tag:5m+xXEUbN+a2fHCf+EXf9A==,type:str]
|
||||||
|
garage:
|
||||||
|
rpc_secret: ENC[AES256_GCM,data:xuophXVfHY3Xw+RyDPnZ5LCQXB+cHyRCWvT2l5MiyXGAlP6GSJpewDqJ5xvLclHfHNJP9YKJ3scJV/iX5FE+rw==,iv:wtlrpUUkXa2WYvQS/vfJJBS34V5CIAYQ8oCf/SjHp5k=,tag:r16InXGTKIBPOHjMSYlEog==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -27,8 +29,8 @@ sops:
|
||||||
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
|
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
|
||||||
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
|
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-26T14:24:37Z"
|
lastmodified: "2024-09-27T14:21:34Z"
|
||||||
mac: ENC[AES256_GCM,data:ZogwRhz1TqI47baW9j6hJwooIfIQtSuAYWAz4gs6a+UocsHLl5+GasLZSOhQvlRsvz8Vcgp5AeLN0ehAOrDItT7SqvepdwelaJo/irS3Wq5MfM+jemZZtOUXzshq8rueffyV9Ra2JiiYqNtZQ2w8GtgjEdpwWgwbIhb0u7fheGM=,iv:X9MB2IQ1LdQNv/ldwbzF1q8LCXArDiWMk5fet1IOzaE=,tag:73JhlFP2gYI5l8Ml5e1maw==,type:str]
|
mac: ENC[AES256_GCM,data:OkF7A/94sqkmHNcBq9uA+tJCJhFiaoZvQRfR1rtLlgmCsusbeF/rSekQaP2WE4K29aGD6mYZxcnvcCewYiEEXA6S6rpwuCOje+ti5dfg8BFaxivWxtRKQjS3az+z/AkLfE7EYBbMwsZX2T52zZaXW6d49u68++Lg8Y+vC/aRGHw=,iv:MoFQEc3C6DIlwM7r16lr9KqA1TZ2Pmk0s+mlSC5+PW8=,tag:RMsodI9Nzt8t2fYXPDTibQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.0
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./uptime-kuma
|
./uptime-kuma
|
||||||
|
./garage
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
36
services/garage/default.nix
Normal file
36
services/garage/default.nix
Normal file
|
@ -0,0 +1,36 @@
|
||||||
|
# TODO: Run as different user
|
||||||
|
{...}: {
|
||||||
|
sops.secrets."garage/rpc_secret".owner = "root";
|
||||||
|
|
||||||
|
services.caddy.virtualHosts."*.s3.gasdev.fr".extraConfig = ''
|
||||||
|
reverse_proxy http://127.0.0.1:3900
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.caddy.virtualHosts."*.s3web.gasdev.fr".extraConfig = ''
|
||||||
|
reverse_proxy http://127.0.0.1:3902
|
||||||
|
'';
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
garage = {
|
||||||
|
image = "docker.io/dxflrs/garage:v1.0.0";
|
||||||
|
autoStart = true;
|
||||||
|
ports = [
|
||||||
|
"127.0.0.1:3900:3900"
|
||||||
|
"127.0.0.1:3901:3901"
|
||||||
|
"127.0.0.1:3902:3902"
|
||||||
|
];
|
||||||
|
volumes = [
|
||||||
|
"/etc/garage.toml:/etc/garage.toml"
|
||||||
|
"/var/lib/garage/meta:/var/lib/garage/meta"
|
||||||
|
"/var/lib/garage/data:/var/lib/garage/data"
|
||||||
|
"/run/secrets/garage/rpc_secret:/run/secrets/garage/rpc_secret"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.etc."garage.toml".text = builtins.readFile ./garage.toml;
|
||||||
|
systemd.tmpfiles.rules = [
|
||||||
|
"d /var/lib/garage/meta 0700 root root -"
|
||||||
|
"d /var/lib/garage/data 0700 root root -"
|
||||||
|
];
|
||||||
|
}
|
22
services/garage/garage.toml
Normal file
22
services/garage/garage.toml
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
metadata_dir = "/var/lib/garage/meta"
|
||||||
|
data_dir = "/var/lib/garage/data"
|
||||||
|
db_engine = "lmdb"
|
||||||
|
metadata_auto_snapshot_interval = "6h"
|
||||||
|
|
||||||
|
replication_factor = 3
|
||||||
|
|
||||||
|
compression_level = 2
|
||||||
|
|
||||||
|
rpc_bind_addr = "[::]:3901"
|
||||||
|
rpc_public_addr = "gasdev.fr:3901"
|
||||||
|
rpc_secret_file = "/run/secrets/garage/rpc_secret"
|
||||||
|
|
||||||
|
[s3_api]
|
||||||
|
s3_region = "garage"
|
||||||
|
api_bind_addr = "[::]:3900"
|
||||||
|
root_domain = ".s3.gasdev.fr"
|
||||||
|
|
||||||
|
[s3_web]
|
||||||
|
bind_addr = "[::]:3902"
|
||||||
|
root_domain = ".s3web.gasdev.fr"
|
||||||
|
index = "index.html"
|
|
@ -4,7 +4,7 @@
|
||||||
'';
|
'';
|
||||||
|
|
||||||
virtualisation.oci-containers.containers = {
|
virtualisation.oci-containers.containers = {
|
||||||
container-name = {
|
uptime-kuma = {
|
||||||
image = "docker.io/louislam/uptime-kuma:1";
|
image = "docker.io/louislam/uptime-kuma:1";
|
||||||
autoStart = true;
|
autoStart = true;
|
||||||
ports = ["127.0.0.1:3001:3001"];
|
ports = ["127.0.0.1:3001:3001"];
|
||||||
|
|
Loading…
Reference in a new issue