started switch to garage
This commit is contained in:
parent
6fb4627cbd
commit
1b65ed4c30
4 changed files with 40 additions and 30 deletions
|
@ -21,6 +21,8 @@
|
||||||
services.unbound.settings.server = {
|
services.unbound.settings.server = {
|
||||||
local-zone = [
|
local-zone = [
|
||||||
"xirion.net typetransparent"
|
"xirion.net typetransparent"
|
||||||
|
"o.xirion.net typetransparent"
|
||||||
|
"fedi-media.xirion.net typetransparent"
|
||||||
"hades.xirion.net typetransparent"
|
"hades.xirion.net typetransparent"
|
||||||
"requests.xirion.net typetransparent"
|
"requests.xirion.net typetransparent"
|
||||||
"ha.xirion.net typetransparent"
|
"ha.xirion.net typetransparent"
|
||||||
|
@ -30,6 +32,8 @@
|
||||||
local-data = [
|
local-data = [
|
||||||
''"xirion.net A 192.168.0.122"''
|
''"xirion.net A 192.168.0.122"''
|
||||||
''"hades.xirion.net A 192.168.0.122"''
|
''"hades.xirion.net A 192.168.0.122"''
|
||||||
|
''"o.xirion.net A 192.168.0.122"''
|
||||||
|
''"fedi-media.xirion.net A 192.168.0.122"''
|
||||||
''"requests.xirion.net A 192.168.0.122"''
|
''"requests.xirion.net A 192.168.0.122"''
|
||||||
''"ha.xirion.net A 192.168.0.122"''
|
''"ha.xirion.net A 192.168.0.122"''
|
||||||
''"mail.xirion.net A 192.168.0.122"''
|
''"mail.xirion.net A 192.168.0.122"''
|
||||||
|
|
|
@ -2,11 +2,13 @@
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||||
|
|
||||||
{ pkgs, ... }:
|
{ pkgs, config, ... }:
|
||||||
|
let vs = config.vault-secrets.secrets;
|
||||||
{
|
in {
|
||||||
imports = [ ];
|
imports = [ ];
|
||||||
|
|
||||||
|
vault-secrets.secrets.garage = { };
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
# This value determines the NixOS release from which the default
|
||||||
# settings for stateful data, like file locations and database versions
|
# settings for stateful data, like file locations and database versions
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
@ -18,33 +20,35 @@
|
||||||
# Additional packages
|
# Additional packages
|
||||||
environment.systemPackages = with pkgs; [ ];
|
environment.systemPackages = with pkgs; [ ];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ ];
|
networking.firewall.allowedTCPPorts = [ 3900 3901 3902 ];
|
||||||
|
|
||||||
|
# Defines rpc_secret
|
||||||
|
systemd.services.garage.serviceConfig.EnvironmentFile = "${vs.garage}/environment";
|
||||||
|
|
||||||
# See also: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests/garage
|
# See also: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests/garage
|
||||||
services.garage = {
|
services.garage = {
|
||||||
enable = false;
|
enable = true;
|
||||||
package = pkgs.garage_0_8;
|
package = pkgs.garage_0_8;
|
||||||
settings = {
|
settings = {
|
||||||
# rpc_bind_addr = "[::]:3901"
|
db_engine = "lmdb"; # Recommended for mastodon
|
||||||
# rpc_public_addr = "127.0.0.1:3901"
|
replication_mode = "1";
|
||||||
# rpc_secret = "$(openssl rand -hex 32)"
|
compression_level = 0;
|
||||||
|
|
||||||
# [s3_api]
|
# For inter-node comms
|
||||||
# s3_region = "garage"
|
rpc_bind_addr = "[::]:3901";
|
||||||
# api_bind_addr = "[::]:3900"
|
rpc_public_addr = "${config.meta.ipv4}:3901";
|
||||||
# root_domain = ".s3.garage.localhost"
|
|
||||||
|
|
||||||
# [s3_web]
|
# Standard S3 api endpoint
|
||||||
# bind_addr = "[::]:3902"
|
s3_api = {
|
||||||
# root_domain = ".web.garage.localhost"
|
s3_region = "hades";
|
||||||
# index = "index.html"
|
api_bind_addr = "[::]:3900";
|
||||||
|
};
|
||||||
|
|
||||||
# [k2v_api]
|
# Static file serve endpoint
|
||||||
# api_bind_addr = "[::]:3904"
|
s3_web = {
|
||||||
|
bind_addr = "[::]:3902";
|
||||||
# [admin]
|
root_domain = "g.xirion.net";
|
||||||
# api_bind_addr = "0.0.0.0:3903"
|
};
|
||||||
# admin_token = "$(openssl rand -base64 32)"
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -24,8 +24,8 @@ in {
|
||||||
# Append the init-dirs script to add AWS/Minio secrets
|
# Append the init-dirs script to add AWS/Minio secrets
|
||||||
systemd.services.mastodon-init-dirs.script = ''
|
systemd.services.mastodon-init-dirs.script = ''
|
||||||
cat >> /var/lib/mastodon/.secrets_env <<EOF
|
cat >> /var/lib/mastodon/.secrets_env <<EOF
|
||||||
AWS_ACCESS_KEY_ID="$(cat ${vs.mastodon}/awsAccessKeyId)"
|
AWS_ACCESS_KEY_ID="$(cat ${vs.mastodon}/garageKeyId)"
|
||||||
AWS_SECRET_ACCESS_KEY="$(cat ${vs.mastodon}/awsSecretAccessKey)"
|
AWS_SECRET_ACCESS_KEY="$(cat ${vs.mastodon}/garageSecretKey)"
|
||||||
DEEPL_API_KEY="$(cat ${vs.mastodon}/deeplAPIKey)"
|
DEEPL_API_KEY="$(cat ${vs.mastodon}/deeplAPIKey)"
|
||||||
EOF
|
EOF
|
||||||
'';
|
'';
|
||||||
|
@ -90,10 +90,10 @@ in {
|
||||||
# https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md;
|
# https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md;
|
||||||
# https://shivering-isles.com/Mastodon-and-Amazon-S3
|
# https://shivering-isles.com/Mastodon-and-Amazon-S3
|
||||||
S3_ENABLED = "true";
|
S3_ENABLED = "true";
|
||||||
|
S3_REGION = "hades";
|
||||||
S3_BUCKET = "mastodon";
|
S3_BUCKET = "mastodon";
|
||||||
S3_PROTOCOL = "https";
|
S3_ENDPOINT = "http://garage.hades:3900";
|
||||||
S3_HOSTNAME = "o.xirion.net";
|
S3_ALIAS_HOST = "fedi-media.xirion.net";
|
||||||
S3_ENDPOINT = "https://o.xirion.net/";
|
|
||||||
|
|
||||||
DEEPL_PLAN = "free";
|
DEEPL_PLAN = "free";
|
||||||
};
|
};
|
||||||
|
|
|
@ -83,7 +83,6 @@ in {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
|
|
||||||
|
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
#Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
|
#Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
|
||||||
send_timeout 100m;
|
send_timeout 100m;
|
||||||
|
@ -130,7 +129,8 @@ in {
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
|
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
proxyPass = "http://plex2.hades:32400/"; };
|
proxyPass = "http://plex2.hades:32400/";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualHosts."fedi.xirion.net" = {
|
virtualHosts."fedi.xirion.net" = {
|
||||||
|
@ -162,5 +162,7 @@ in {
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
virtualHosts."fedi-media.xirion.net" = proxy "http://garage.hades:3902";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue