From 1b65ed4c305946295f891bba4ba2c11fbeef7fd9 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Fri, 2 Jun 2023 11:30:48 +0200
Subject: [PATCH] started switch to garage

---
 nixos/hosts/hades/dns/configuration.nix      |  4 ++
 nixos/hosts/hades/garage/configuration.nix   | 48 +++++++++++---------
 nixos/hosts/hades/mastodon/configuration.nix | 10 ++--
 nixos/hosts/hades/nginx/configuration.nix    |  8 ++--
 4 files changed, 40 insertions(+), 30 deletions(-)

diff --git a/nixos/hosts/hades/dns/configuration.nix b/nixos/hosts/hades/dns/configuration.nix
index 3e7e897..84fb9e1 100644
--- a/nixos/hosts/hades/dns/configuration.nix
+++ b/nixos/hosts/hades/dns/configuration.nix
@@ -21,6 +21,8 @@
   services.unbound.settings.server = {
     local-zone = [
       "xirion.net typetransparent"
+      "o.xirion.net typetransparent"
+      "fedi-media.xirion.net typetransparent"
       "hades.xirion.net typetransparent"
       "requests.xirion.net typetransparent"
       "ha.xirion.net typetransparent"
@@ -30,6 +32,8 @@
     local-data = [
       ''"xirion.net A 192.168.0.122"''
       ''"hades.xirion.net A 192.168.0.122"''
+      ''"o.xirion.net A 192.168.0.122"''
+      ''"fedi-media.xirion.net A 192.168.0.122"''
       ''"requests.xirion.net A 192.168.0.122"''
       ''"ha.xirion.net A 192.168.0.122"''
       ''"mail.xirion.net A 192.168.0.122"''
diff --git a/nixos/hosts/hades/garage/configuration.nix b/nixos/hosts/hades/garage/configuration.nix
index 2a7bd6b..00047f9 100644
--- a/nixos/hosts/hades/garage/configuration.nix
+++ b/nixos/hosts/hades/garage/configuration.nix
@@ -2,11 +2,13 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 
-{ pkgs, ... }:
-
-{
+{ pkgs, config, ... }:
+let vs = config.vault-secrets.secrets;
+in {
   imports = [ ];
 
+  vault-secrets.secrets.garage = { };
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave
@@ -18,33 +20,35 @@
   # Additional packages
   environment.systemPackages = with pkgs; [ ];
 
-  networking.firewall.allowedTCPPorts = [ ];
+  networking.firewall.allowedTCPPorts = [ 3900 3901 3902 ];
+
+  # Defines rpc_secret
+  systemd.services.garage.serviceConfig.EnvironmentFile = "${vs.garage}/environment";
 
   # See also: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests/garage
   services.garage = {
-    enable = false;
+    enable = true;
     package = pkgs.garage_0_8;
     settings = {
-      # rpc_bind_addr = "[::]:3901"
-      # rpc_public_addr = "127.0.0.1:3901"
-      # rpc_secret = "$(openssl rand -hex 32)"
+      db_engine = "lmdb"; # Recommended for mastodon
+      replication_mode = "1";
+      compression_level = 0;
 
-      # [s3_api]
-      # s3_region = "garage"
-      # api_bind_addr = "[::]:3900"
-      # root_domain = ".s3.garage.localhost"
+      # For inter-node comms
+      rpc_bind_addr = "[::]:3901";
+      rpc_public_addr = "${config.meta.ipv4}:3901";
 
-      # [s3_web]
-      # bind_addr = "[::]:3902"
-      # root_domain = ".web.garage.localhost"
-      # index = "index.html"
+      # Standard S3 api endpoint
+      s3_api = {
+        s3_region = "hades";
+        api_bind_addr = "[::]:3900";
+      };
 
-      # [k2v_api]
-      # api_bind_addr = "[::]:3904"
-
-      # [admin]
-      # api_bind_addr = "0.0.0.0:3903"
-      # admin_token = "$(openssl rand -base64 32)"
+      # Static file serve endpoint
+      s3_web = {
+        bind_addr = "[::]:3902";
+        root_domain = "g.xirion.net";
+      };
     };
   };
 }
diff --git a/nixos/hosts/hades/mastodon/configuration.nix b/nixos/hosts/hades/mastodon/configuration.nix
index 822d671..4f37f9a 100644
--- a/nixos/hosts/hades/mastodon/configuration.nix
+++ b/nixos/hosts/hades/mastodon/configuration.nix
@@ -24,8 +24,8 @@ in {
   # Append the init-dirs script to add AWS/Minio secrets
   systemd.services.mastodon-init-dirs.script = ''
     cat >> /var/lib/mastodon/.secrets_env <<EOF
-    AWS_ACCESS_KEY_ID="$(cat ${vs.mastodon}/awsAccessKeyId)"
-    AWS_SECRET_ACCESS_KEY="$(cat ${vs.mastodon}/awsSecretAccessKey)"
+    AWS_ACCESS_KEY_ID="$(cat ${vs.mastodon}/garageKeyId)"
+    AWS_SECRET_ACCESS_KEY="$(cat ${vs.mastodon}/garageSecretKey)"
     DEEPL_API_KEY="$(cat ${vs.mastodon}/deeplAPIKey)"
     EOF
   '';
@@ -90,10 +90,10 @@ in {
       # https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md;
       # https://shivering-isles.com/Mastodon-and-Amazon-S3
       S3_ENABLED = "true";
+      S3_REGION = "hades";
       S3_BUCKET = "mastodon";
-      S3_PROTOCOL = "https";
-      S3_HOSTNAME = "o.xirion.net";
-      S3_ENDPOINT = "https://o.xirion.net/";
+      S3_ENDPOINT = "http://garage.hades:3900";
+      S3_ALIAS_HOST = "fedi-media.xirion.net";
 
       DEEPL_PLAN = "free";
     };
diff --git a/nixos/hosts/hades/nginx/configuration.nix b/nixos/hosts/hades/nginx/configuration.nix
index 3f53adc..7b9ce1a 100644
--- a/nixos/hosts/hades/nginx/configuration.nix
+++ b/nixos/hosts/hades/nginx/configuration.nix
@@ -83,7 +83,6 @@ in {
       forceSSL = true;
       enableACME = true;
 
-
       extraConfig = ''
         #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
         send_timeout 100m;
@@ -129,8 +128,9 @@ in {
       '';
       locations."/" = {
 
-      proxyWebsockets = true;
-        proxyPass = "http://plex2.hades:32400/"; };
+        proxyWebsockets = true;
+        proxyPass = "http://plex2.hades:32400/";
+      };
     };
 
     virtualHosts."fedi.xirion.net" = {
@@ -162,5 +162,7 @@ in {
         proxyWebsockets = true;
       };
     };
+
+    virtualHosts."fedi-media.xirion.net" = proxy "http://garage.hades:3902";
   };
 }