v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions 1

started switch to garage

Browse source
This commit is contained in:
Vivian 2023-06-02 11:30:48 +02:00
parent 6fb4627cbd
commit 1b65ed4c30
4 changed files with 40 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
nixos/hosts/hades/dns/configuration.nix
View file

@ -21,6 +21,8 @@
services.unbound.settings.server = { services.unbound.settings.server = {
local-zone = [ local-zone = [
"xirion.net typetransparent" "xirion.net typetransparent"
"o.xirion.net typetransparent"
"fedi-media.xirion.net typetransparent"
"hades.xirion.net typetransparent" "hades.xirion.net typetransparent"
"requests.xirion.net typetransparent" "requests.xirion.net typetransparent"
"ha.xirion.net typetransparent" "ha.xirion.net typetransparent"
@ -30,6 +32,8 @@
local-data = [ local-data = [
''"xirion.net A 192.168.0.122"'' ''"xirion.net A 192.168.0.122"''
''"hades.xirion.net A 192.168.0.122"'' ''"hades.xirion.net A 192.168.0.122"''
''"o.xirion.net A 192.168.0.122"''
''"fedi-media.xirion.net A 192.168.0.122"''
''"requests.xirion.net A 192.168.0.122"'' ''"requests.xirion.net A 192.168.0.122"''
''"ha.xirion.net A 192.168.0.122"'' ''"ha.xirion.net A 192.168.0.122"''
''"mail.xirion.net A 192.168.0.122"'' ''"mail.xirion.net A 192.168.0.122"''

48
nixos/hosts/hades/garage/configuration.nix
View file

@ -2,11 +2,13 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ pkgs, ... }: { pkgs, config, ... }:
let vs = config.vault-secrets.secrets;
{ in {
imports = [ ]; imports = [ ];
vault-secrets.secrets.garage = { };
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave
@ -18,33 +20,35 @@
# Additional packages # Additional packages
environment.systemPackages = with pkgs; [ ]; environment.systemPackages = with pkgs; [ ];
networking.firewall.allowedTCPPorts = [ ]; networking.firewall.allowedTCPPorts = [ 3900 3901 3902 ];
# Defines rpc_secret
systemd.services.garage.serviceConfig.EnvironmentFile = "${vs.garage}/environment";
# See also: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests/garage # See also: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests/garage
services.garage = { services.garage = {
enable = false; enable = true;
package = pkgs.garage_0_8; package = pkgs.garage_0_8;
settings = { settings = {
# rpc_bind_addr = "[::]:3901" db_engine = "lmdb"; # Recommended for mastodon
# rpc_public_addr = "127.0.0.1:3901" replication_mode = "1";
# rpc_secret = "$(openssl rand -hex 32)" compression_level = 0;
# [s3_api] # For inter-node comms
# s3_region = "garage" rpc_bind_addr = "[::]:3901";
# api_bind_addr = "[::]:3900" rpc_public_addr = "${config.meta.ipv4}:3901";
# root_domain = ".s3.garage.localhost"
# [s3_web] # Standard S3 api endpoint
# bind_addr = "[::]:3902" s3_api = {
# root_domain = ".web.garage.localhost" s3_region = "hades";
# index = "index.html" api_bind_addr = "[::]:3900";
};
# [k2v_api] # Static file serve endpoint
# api_bind_addr = "[::]:3904" s3_web = {
bind_addr = "[::]:3902";
# [admin] root_domain = "g.xirion.net";
# api_bind_addr = "0.0.0.0:3903" };
# admin_token = "$(openssl rand -base64 32)"
}; };
}; };
} }

10
nixos/hosts/hades/mastodon/configuration.nix
View file

@ -24,8 +24,8 @@ in {
# Append the init-dirs script to add AWS/Minio secrets # Append the init-dirs script to add AWS/Minio secrets
systemd.services.mastodon-init-dirs.script = '' systemd.services.mastodon-init-dirs.script = ''
cat >> /var/lib/mastodon/.secrets_env <<EOF cat >> /var/lib/mastodon/.secrets_env <<EOF
AWS_ACCESS_KEY_ID="$(cat ${vs.mastodon}/awsAccessKeyId)" AWS_ACCESS_KEY_ID="$(cat ${vs.mastodon}/garageKeyId)"
AWS_SECRET_ACCESS_KEY="$(cat ${vs.mastodon}/awsSecretAccessKey)" AWS_SECRET_ACCESS_KEY="$(cat ${vs.mastodon}/garageSecretKey)"
DEEPL_API_KEY="$(cat ${vs.mastodon}/deeplAPIKey)" DEEPL_API_KEY="$(cat ${vs.mastodon}/deeplAPIKey)"
EOF EOF
''; '';
@ -90,10 +90,10 @@ in {
# https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md; # https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md;
# https://shivering-isles.com/Mastodon-and-Amazon-S3 # https://shivering-isles.com/Mastodon-and-Amazon-S3
S3_ENABLED = "true"; S3_ENABLED = "true";
S3_REGION = "hades";
S3_BUCKET = "mastodon"; S3_BUCKET = "mastodon";
S3_PROTOCOL = "https"; S3_ENDPOINT = "http://garage.hades:3900";
S3_HOSTNAME = "o.xirion.net"; S3_ALIAS_HOST = "fedi-media.xirion.net";
S3_ENDPOINT = "https://o.xirion.net/";
DEEPL_PLAN = "free"; DEEPL_PLAN = "free";
}; };

8
nixos/hosts/hades/nginx/configuration.nix
View file

@ -83,7 +83,6 @@ in {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = '' extraConfig = ''
#Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
send_timeout 100m; send_timeout 100m;
@ -129,8 +128,9 @@ in {
''; '';
locations."/" = { locations."/" = {
proxyWebsockets = true; proxyWebsockets = true;
proxyPass = "http://plex2.hades:32400/"; }; proxyPass = "http://plex2.hades:32400/";
};
}; };
virtualHosts."fedi.xirion.net" = { virtualHosts."fedi.xirion.net" = {
@ -162,5 +162,7 @@ in {
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
virtualHosts."fedi-media.xirion.net" = proxy "http://garage.hades:3902";
}; };
} }