diff --git a/hosts/sora/hardware.nix b/hosts/sora/hardware.nix index 04bc863..df001ef 100644 --- a/hosts/sora/hardware.nix +++ b/hosts/sora/hardware.nix @@ -5,10 +5,12 @@ efiInstallAsRemovable = true; device = "nodev"; }; + fileSystems."/boot" = { device = "/dev/disk/by-uuid/B793-1B2C"; fsType = "vfat"; }; + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; boot.initrd.kernelModules = ["nvme"]; fileSystems."/" = { diff --git a/hosts/sora/services/attic.nix b/hosts/sora/services/attic.nix new file mode 100644 index 0000000..df4034c --- /dev/null +++ b/hosts/sora/services/attic.nix @@ -0,0 +1,44 @@ +{ + config, + pkgs, + ... +}: { + sops.secrets.attic = {}; + + environment.systemPackages = [pkgs.attic]; + + services.atticd = { + enable = true; + credentialsFile = config.sops.secrets.attic.path; + settings = { + listen = "[::]:8200"; + allowed-hosts = ["cache.flake.sh"]; + database.url = "postgres://attic:attic@100.94.214.100:5432/attic"; + api-endpoint = "https://cache.flake.sh"; + require-proof-of-possession = false; + chunking = { + nar-size-threshold = 0; + + min-size = 16 * 1024; # 16 KiB + + avg-size = 64 * 1024; # 64 KiB + + max-size = 256 * 1024; # 256 KiB + }; + garbage-collection = { + interval = "12 hours"; + default-retention-period = "4 weeks"; + }; + compression = { + type = "zstd"; + level = 9; + }; + storage = { + type = "s3"; + region = "us-east-1"; + bucket = "flakesh-binary-cache"; + endpoint = "https://s3.flake.sh/"; + }; + }; + }; +} diff --git a/hosts/sora/services/davfs.nix b/hosts/sora/services/davfs.nix new file mode 100644 index 0000000..14c1d20 --- /dev/null +++ b/hosts/sora/services/davfs.nix @@ -0,0 +1,20 @@ +{pkgs, ...}: { + environment.systemPackages = [pkgs.davfs2]; + users.users.davfs2 = { + group = "davfs2"; + isSystemUser = true; + }; + users.groups.davfs2 = {}; + sops.secrets.davfs2 = { + owner = "root"; + group = "root"; + mode = "0600"; + path = "/etc/davfs2/secrets"; + }; + + fileSystems."/var/lib/mounted" = { + device = "https://u384391.your-storagebox.de"; + fsType = "davfs"; + options = ["rw,file_mode=0660,dir_mode=0755" "0" "0"]; + }; +} diff --git a/hosts/sora/services/default.nix b/hosts/sora/services/default.nix index 314e881..f751df5 100644 --- a/hosts/sora/services/default.nix +++ b/hosts/sora/services/default.nix @@ -5,6 +5,8 @@ ./uptimekuma.nix ./ntfy-sh.nix ./tailscale.nix + ./attic.nix + ./minio.nix ./factorio.nix # ./minecraft.nix # ./foundryvtt.nix diff --git a/hosts/sora/services/minio.nix b/hosts/sora/services/minio.nix new file mode 100644 index 0000000..341f8ff --- /dev/null +++ b/hosts/sora/services/minio.nix @@ -0,0 +1,25 @@ +{ + config, + pkgs, + ... +}: { + imports = [ + ./davfs.nix + ]; + environment.systemPackages = [pkgs.minio-client]; + sops.secrets.minio = { + owner = "minio"; + group = "minio"; + mode = "0600"; + restartUnits = ["minio.service"]; + }; + services.minio = { + enable = true; + region = "us-east-1"; + consoleAddress = "100.104.42.96:9006"; + listenAddress = "100.104.42.96:9005"; + rootCredentialsFile = config.sops.secrets.minio.path; + dataDir = ["/var/lib/mounted/minio/data"]; + configDir = "/var/lib/mounted/minio/config"; + }; +} diff --git a/hosts/sora/services/traefik.nix b/hosts/sora/services/traefik.nix index 22ec9d3..28391a6 100644 --- a/hosts/sora/services/traefik.nix +++ b/hosts/sora/services/traefik.nix @@ -41,6 +41,11 @@ accessControlAllowOriginList = "https://daphbot.notohh.dev"; }; }; + cors-allow-all = { + headers = { + accessControlAllowOriginList = "*"; + }; + }; }; routers = { api = { @@ -133,6 +138,28 @@ tls.domains = [{main = "*.flake.sh";}]; tls.certresolver = "production"; }; + attic = { + rule = "Host(`cache.flake.sh`)"; + entrypoints = ["websecure"]; + service = "attic"; + tls.domains = [{main = "*.flake.sh";}]; + tls.certresolver = "production"; + }; + minio = { + rule = "Host(`s3.flake.sh`)"; + entrypoints = ["websecure"]; + service = "minio"; + tls.domains = [{main = "*.flake.sh";}]; + tls.certresolver = "production"; + middlewares = "cors-allow-all"; + }; + minio-web = { + rule = "Host(`minio.flake.sh`)"; + entrypoints = ["websecure"]; + service = "minioadmin"; + tls.domains = [{main = "*.flake.sh";}]; + tls.certresolver = "production"; + }; }; services = { forgejo.loadBalancer = { @@ -151,6 +178,9 @@ neko.loadBalancer.servers = [{url = "http://100.104.42.96:8085";}]; justlog.loadBalancer.servers = [{url = "http://100.121.201.47:8025";}]; ntfy-sh.loadBalancer.servers = [{url = "http://100.104.42.96:8090";}]; + attic.loadBalancer.servers = [{url = "http://100.104.42.96:8200";}]; + minio.loadBalancer.servers = [{url = "http://100.104.42.96:9005";}]; + minio-web.loadBalancer.servers = [{url = "http://100.104.42.96:9006";}]; }; }; };