notohh/snowflake
notohh/snowflake
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity

sora: init attic w/ minio

Browse source
This commit is contained in:
notohh 2024-01-04 14:41:38 -05:00
parent febe5c7671
commit 322aaad770
Signed by: notohh
GPG key ID: BD47506D475EE86D
6 changed files with 123 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hosts/sora/hardware.nix
View file

@ -5,10 +5,12 @@
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
device = "nodev"; device = "nodev";
}; };
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B793-1B2C"; device = "/dev/disk/by-uuid/B793-1B2C";
fsType = "vfat"; fsType = "vfat";
}; };
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
boot.initrd.kernelModules = ["nvme"]; boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = { fileSystems."/" = {

44
hosts/sora/services/attic.nix Normal file
View file

@ -0,0 +1,44 @@
{
config,
pkgs,
...
}: {
sops.secrets.attic = {};
environment.systemPackages = [pkgs.attic];
services.atticd = {
enable = true;
credentialsFile = config.sops.secrets.attic.path;
settings = {
listen = "[::]:8200";
allowed-hosts = ["cache.flake.sh"];
database.url = "postgres://attic:attic@100.94.214.100:5432/attic";
api-endpoint = "https://cache.flake.sh";
require-proof-of-possession = false;
chunking = {
nar-size-threshold = 0;
min-size = 16 * 1024; # 16 KiB
avg-size = 64 * 1024; # 64 KiB
max-size = 256 * 1024; # 256 KiB
};
garbage-collection = {
interval = "12 hours";
default-retention-period = "4 weeks";
};
compression = {
type = "zstd";
level = 9;
};
storage = {
type = "s3";
region = "us-east-1";
bucket = "flakesh-binary-cache";
endpoint = "https://s3.flake.sh/";
};
};
};
}

20
hosts/sora/services/davfs.nix Normal file
View file

@ -0,0 +1,20 @@
{pkgs, ...}: {
environment.systemPackages = [pkgs.davfs2];
users.users.davfs2 = {
group = "davfs2";
isSystemUser = true;
};
users.groups.davfs2 = {};
sops.secrets.davfs2 = {
owner = "root";
group = "root";
mode = "0600";
path = "/etc/davfs2/secrets";
};
fileSystems."/var/lib/mounted" = {
device = "https://u384391.your-storagebox.de";
fsType = "davfs";
options = ["rw,file_mode=0660,dir_mode=0755" "0" "0"];
};
}

2
hosts/sora/services/default.nix
View file

@ -5,6 +5,8 @@
./uptimekuma.nix ./uptimekuma.nix
./ntfy-sh.nix ./ntfy-sh.nix
./tailscale.nix ./tailscale.nix
./attic.nix
./minio.nix
./factorio.nix ./factorio.nix
# ./minecraft.nix # ./minecraft.nix
# ./foundryvtt.nix # ./foundryvtt.nix

25
hosts/sora/services/minio.nix Normal file
View file

@ -0,0 +1,25 @@
{
config,
pkgs,
...
}: {
imports = [
./davfs.nix
];
environment.systemPackages = [pkgs.minio-client];
sops.secrets.minio = {
owner = "minio";
group = "minio";
mode = "0600";
restartUnits = ["minio.service"];
};
services.minio = {
enable = true;
region = "us-east-1";
consoleAddress = "100.104.42.96:9006";
listenAddress = "100.104.42.96:9005";
rootCredentialsFile = config.sops.secrets.minio.path;
dataDir = ["/var/lib/mounted/minio/data"];
configDir = "/var/lib/mounted/minio/config";
};
}

30
hosts/sora/services/traefik.nix
View file

@ -41,6 +41,11 @@
accessControlAllowOriginList = "https://daphbot.notohh.dev"; accessControlAllowOriginList = "https://daphbot.notohh.dev";
}; };
}; };
cors-allow-all = {
headers = {
accessControlAllowOriginList = "*";
};
};
}; };
routers = { routers = {
api = { api = {
@ -133,6 +138,28 @@
tls.domains = [{main = "*.flake.sh";}]; tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production"; tls.certresolver = "production";
}; };
attic = {
rule = "Host(`cache.flake.sh`)";
entrypoints = ["websecure"];
service = "attic";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
};
minio = {
rule = "Host(`s3.flake.sh`)";
entrypoints = ["websecure"];
service = "minio";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
middlewares = "cors-allow-all";
};
minio-web = {
rule = "Host(`minio.flake.sh`)";
entrypoints = ["websecure"];
service = "minioadmin";
tls.domains = [{main = "*.flake.sh";}];
tls.certresolver = "production";
};
}; };
services = { services = {
forgejo.loadBalancer = { forgejo.loadBalancer = {
@ -151,6 +178,9 @@
neko.loadBalancer.servers = [{url = "http://100.104.42.96:8085";}]; neko.loadBalancer.servers = [{url = "http://100.104.42.96:8085";}];
justlog.loadBalancer.servers = [{url = "http://100.121.201.47:8025";}]; justlog.loadBalancer.servers = [{url = "http://100.121.201.47:8025";}];
ntfy-sh.loadBalancer.servers = [{url = "http://100.104.42.96:8090";}]; ntfy-sh.loadBalancer.servers = [{url = "http://100.104.42.96:8090";}];
attic.loadBalancer.servers = [{url = "http://100.104.42.96:8200";}];
minio.loadBalancer.servers = [{url = "http://100.104.42.96:9005";}];
minio-web.loadBalancer.servers = [{url = "http://100.104.42.96:9006";}];
}; };
}; };
}; };