started switch to garage

2023-06-02 11:30:48 +02:00 · 2023-06-02 11:30:48 +02:00 · 1b65ed4c30
parent 6fb4627cbd
commit 1b65ed4c30
4 changed files with 40 additions and 30 deletions
--- a/nixos/hosts/hades/dns/configuration.nix
+++ b/nixos/hosts/hades/dns/configuration.nix
@ -21,6 +21,8 @@
  services.unbound.settings.server = {
    local-zone = [
      "xirion.net typetransparent"
+      "o.xirion.net typetransparent"
+      "fedi-media.xirion.net typetransparent"
      "hades.xirion.net typetransparent"
      "requests.xirion.net typetransparent"
      "ha.xirion.net typetransparent"
@ -30,6 +32,8 @@
    local-data = [
      ''"xirion.net A 192.168.0.122"''
      ''"hades.xirion.net A 192.168.0.122"''
+      ''"o.xirion.net A 192.168.0.122"''
+      ''"fedi-media.xirion.net A 192.168.0.122"''
      ''"requests.xirion.net A 192.168.0.122"''
      ''"ha.xirion.net A 192.168.0.122"''
      ''"mail.xirion.net A 192.168.0.122"''
--- a/nixos/hosts/hades/garage/configuration.nix
+++ b/nixos/hosts/hades/garage/configuration.nix
@ -2,11 +2,13 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).

-{ pkgs, ... }:
-
-{
+{ pkgs, config, ... }:
+let vs = config.vault-secrets.secrets;
+in {
  imports = [ ];

+  vault-secrets.secrets.garage = { };
+
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
@ -18,33 +20,35 @@
  # Additional packages
  environment.systemPackages = with pkgs; [ ];

-  networking.firewall.allowedTCPPorts = [ ];
+  networking.firewall.allowedTCPPorts = [ 3900 3901 3902 ];
+
+  # Defines rpc_secret
+  systemd.services.garage.serviceConfig.EnvironmentFile = "${vs.garage}/environment";

  # See also: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests/garage
  services.garage = {
-    enable = false;
+    enable = true;
    package = pkgs.garage_0_8;
    settings = {
-      # rpc_bind_addr = "[::]:3901"
-      # rpc_public_addr = "127.0.0.1:3901"
-      # rpc_secret = "$(openssl rand -hex 32)"
+      db_engine = "lmdb"; # Recommended for mastodon
+      replication_mode = "1";
+      compression_level = 0;

-      # [s3_api]
-      # s3_region = "garage"
-      # api_bind_addr = "[::]:3900"
-      # root_domain = ".s3.garage.localhost"
+      # For inter-node comms
+      rpc_bind_addr = "[::]:3901";
+      rpc_public_addr = "${config.meta.ipv4}:3901";

-      # [s3_web]
-      # bind_addr = "[::]:3902"
-      # root_domain = ".web.garage.localhost"
-      # index = "index.html"
+      # Standard S3 api endpoint
+      s3_api = {
+        s3_region = "hades";
+        api_bind_addr = "[::]:3900";
+      };

-      # [k2v_api]
-      # api_bind_addr = "[::]:3904"
-
-      # [admin]
-      # api_bind_addr = "0.0.0.0:3903"
-      # admin_token = "$(openssl rand -base64 32)"
+      # Static file serve endpoint
+      s3_web = {
+        bind_addr = "[::]:3902";
+        root_domain = "g.xirion.net";
+      };
    };
  };
 }
--- a/nixos/hosts/hades/mastodon/configuration.nix
+++ b/nixos/hosts/hades/mastodon/configuration.nix
@ -24,8 +24,8 @@ in {
  # Append the init-dirs script to add AWS/Minio secrets
  systemd.services.mastodon-init-dirs.script = ''
    cat >> /var/lib/mastodon/.secrets_env <<EOF
-    AWS_ACCESS_KEY_ID="$(cat ${vs.mastodon}/awsAccessKeyId)"
-    AWS_SECRET_ACCESS_KEY="$(cat ${vs.mastodon}/awsSecretAccessKey)"
+    AWS_ACCESS_KEY_ID="$(cat ${vs.mastodon}/garageKeyId)"
+    AWS_SECRET_ACCESS_KEY="$(cat ${vs.mastodon}/garageSecretKey)"
    DEEPL_API_KEY="$(cat ${vs.mastodon}/deeplAPIKey)"
    EOF
  '';
@ -90,10 +90,10 @@ in {
      # https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md;
      # https://shivering-isles.com/Mastodon-and-Amazon-S3
      S3_ENABLED = "true";
+      S3_REGION = "hades";
      S3_BUCKET = "mastodon";
-      S3_PROTOCOL = "https";
-      S3_HOSTNAME = "o.xirion.net";
-      S3_ENDPOINT = "https://o.xirion.net/";
+      S3_ENDPOINT = "http://garage.hades:3900";
+      S3_ALIAS_HOST = "fedi-media.xirion.net";

      DEEPL_PLAN = "free";
    };
--- a/nixos/hosts/hades/nginx/configuration.nix
+++ b/nixos/hosts/hades/nginx/configuration.nix
@ -83,7 +83,6 @@ in {
      forceSSL = true;
      enableACME = true;

-
      extraConfig = ''
        #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
        send_timeout 100m;
@ -129,8 +128,9 @@ in {
      '';
      locations."/" = {

-      proxyWebsockets = true;
-        proxyPass = "http://plex2.hades:32400/"; };
+        proxyWebsockets = true;
+        proxyPass = "http://plex2.hades:32400/";
+      };
    };

    virtualHosts."fedi.xirion.net" = {
@ -162,5 +162,7 @@ in {
        proxyWebsockets = true;
      };
    };
+
+    virtualHosts."fedi-media.xirion.net" = proxy "http://garage.hades:3902";
  };
 }