sora: init attic w/ minio
This commit is contained in:
parent
febe5c7671
commit
322aaad770
6 changed files with 123 additions and 0 deletions
|
@ -5,10 +5,12 @@
|
|||
efiInstallAsRemovable = true;
|
||||
device = "nodev";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/B793-1B2C";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
|
||||
boot.initrd.kernelModules = ["nvme"];
|
||||
fileSystems."/" = {
|
||||
|
|
44
hosts/sora/services/attic.nix
Normal file
44
hosts/sora/services/attic.nix
Normal file
|
@ -0,0 +1,44 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
sops.secrets.attic = {};
|
||||
|
||||
environment.systemPackages = [pkgs.attic];
|
||||
|
||||
services.atticd = {
|
||||
enable = true;
|
||||
credentialsFile = config.sops.secrets.attic.path;
|
||||
settings = {
|
||||
listen = "[::]:8200";
|
||||
allowed-hosts = ["cache.flake.sh"];
|
||||
database.url = "postgres://attic:attic@100.94.214.100:5432/attic";
|
||||
api-endpoint = "https://cache.flake.sh";
|
||||
require-proof-of-possession = false;
|
||||
chunking = {
|
||||
nar-size-threshold = 0;
|
||||
|
||||
min-size = 16 * 1024; # 16 KiB
|
||||
|
||||
avg-size = 64 * 1024; # 64 KiB
|
||||
|
||||
max-size = 256 * 1024; # 256 KiB
|
||||
};
|
||||
garbage-collection = {
|
||||
interval = "12 hours";
|
||||
default-retention-period = "4 weeks";
|
||||
};
|
||||
compression = {
|
||||
type = "zstd";
|
||||
level = 9;
|
||||
};
|
||||
storage = {
|
||||
type = "s3";
|
||||
region = "us-east-1";
|
||||
bucket = "flakesh-binary-cache";
|
||||
endpoint = "https://s3.flake.sh/";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
20
hosts/sora/services/davfs.nix
Normal file
20
hosts/sora/services/davfs.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{pkgs, ...}: {
|
||||
environment.systemPackages = [pkgs.davfs2];
|
||||
users.users.davfs2 = {
|
||||
group = "davfs2";
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.davfs2 = {};
|
||||
sops.secrets.davfs2 = {
|
||||
owner = "root";
|
||||
group = "root";
|
||||
mode = "0600";
|
||||
path = "/etc/davfs2/secrets";
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/mounted" = {
|
||||
device = "https://u384391.your-storagebox.de";
|
||||
fsType = "davfs";
|
||||
options = ["rw,file_mode=0660,dir_mode=0755" "0" "0"];
|
||||
};
|
||||
}
|
|
@ -5,6 +5,8 @@
|
|||
./uptimekuma.nix
|
||||
./ntfy-sh.nix
|
||||
./tailscale.nix
|
||||
./attic.nix
|
||||
./minio.nix
|
||||
./factorio.nix
|
||||
# ./minecraft.nix
|
||||
# ./foundryvtt.nix
|
||||
|
|
25
hosts/sora/services/minio.nix
Normal file
25
hosts/sora/services/minio.nix
Normal file
|
@ -0,0 +1,25 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./davfs.nix
|
||||
];
|
||||
environment.systemPackages = [pkgs.minio-client];
|
||||
sops.secrets.minio = {
|
||||
owner = "minio";
|
||||
group = "minio";
|
||||
mode = "0600";
|
||||
restartUnits = ["minio.service"];
|
||||
};
|
||||
services.minio = {
|
||||
enable = true;
|
||||
region = "us-east-1";
|
||||
consoleAddress = "100.104.42.96:9006";
|
||||
listenAddress = "100.104.42.96:9005";
|
||||
rootCredentialsFile = config.sops.secrets.minio.path;
|
||||
dataDir = ["/var/lib/mounted/minio/data"];
|
||||
configDir = "/var/lib/mounted/minio/config";
|
||||
};
|
||||
}
|
|
@ -41,6 +41,11 @@
|
|||
accessControlAllowOriginList = "https://daphbot.notohh.dev";
|
||||
};
|
||||
};
|
||||
cors-allow-all = {
|
||||
headers = {
|
||||
accessControlAllowOriginList = "*";
|
||||
};
|
||||
};
|
||||
};
|
||||
routers = {
|
||||
api = {
|
||||
|
@ -133,6 +138,28 @@
|
|||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
attic = {
|
||||
rule = "Host(`cache.flake.sh`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "attic";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
minio = {
|
||||
rule = "Host(`s3.flake.sh`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "minio";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.certresolver = "production";
|
||||
middlewares = "cors-allow-all";
|
||||
};
|
||||
minio-web = {
|
||||
rule = "Host(`minio.flake.sh`)";
|
||||
entrypoints = ["websecure"];
|
||||
service = "minioadmin";
|
||||
tls.domains = [{main = "*.flake.sh";}];
|
||||
tls.certresolver = "production";
|
||||
};
|
||||
};
|
||||
services = {
|
||||
forgejo.loadBalancer = {
|
||||
|
@ -151,6 +178,9 @@
|
|||
neko.loadBalancer.servers = [{url = "http://100.104.42.96:8085";}];
|
||||
justlog.loadBalancer.servers = [{url = "http://100.121.201.47:8025";}];
|
||||
ntfy-sh.loadBalancer.servers = [{url = "http://100.104.42.96:8090";}];
|
||||
attic.loadBalancer.servers = [{url = "http://100.104.42.96:8200";}];
|
||||
minio.loadBalancer.servers = [{url = "http://100.104.42.96:9005";}];
|
||||
minio-web.loadBalancer.servers = [{url = "http://100.104.42.96:9006";}];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue