started switch to garage
This commit is contained in:
parent
6fb4627cbd
commit
1b65ed4c30
4 changed files with 40 additions and 30 deletions
|
@ -21,6 +21,8 @@
|
|||
services.unbound.settings.server = {
|
||||
local-zone = [
|
||||
"xirion.net typetransparent"
|
||||
"o.xirion.net typetransparent"
|
||||
"fedi-media.xirion.net typetransparent"
|
||||
"hades.xirion.net typetransparent"
|
||||
"requests.xirion.net typetransparent"
|
||||
"ha.xirion.net typetransparent"
|
||||
|
@ -30,6 +32,8 @@
|
|||
local-data = [
|
||||
''"xirion.net A 192.168.0.122"''
|
||||
''"hades.xirion.net A 192.168.0.122"''
|
||||
''"o.xirion.net A 192.168.0.122"''
|
||||
''"fedi-media.xirion.net A 192.168.0.122"''
|
||||
''"requests.xirion.net A 192.168.0.122"''
|
||||
''"ha.xirion.net A 192.168.0.122"''
|
||||
''"mail.xirion.net A 192.168.0.122"''
|
||||
|
|
|
@ -2,11 +2,13 @@
|
|||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
{ pkgs, config, ... }:
|
||||
let vs = config.vault-secrets.secrets;
|
||||
in {
|
||||
imports = [ ];
|
||||
|
||||
vault-secrets.secrets.garage = { };
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
|
@ -18,33 +20,35 @@
|
|||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [ ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ ];
|
||||
networking.firewall.allowedTCPPorts = [ 3900 3901 3902 ];
|
||||
|
||||
# Defines rpc_secret
|
||||
systemd.services.garage.serviceConfig.EnvironmentFile = "${vs.garage}/environment";
|
||||
|
||||
# See also: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests/garage
|
||||
services.garage = {
|
||||
enable = false;
|
||||
enable = true;
|
||||
package = pkgs.garage_0_8;
|
||||
settings = {
|
||||
# rpc_bind_addr = "[::]:3901"
|
||||
# rpc_public_addr = "127.0.0.1:3901"
|
||||
# rpc_secret = "$(openssl rand -hex 32)"
|
||||
db_engine = "lmdb"; # Recommended for mastodon
|
||||
replication_mode = "1";
|
||||
compression_level = 0;
|
||||
|
||||
# [s3_api]
|
||||
# s3_region = "garage"
|
||||
# api_bind_addr = "[::]:3900"
|
||||
# root_domain = ".s3.garage.localhost"
|
||||
# For inter-node comms
|
||||
rpc_bind_addr = "[::]:3901";
|
||||
rpc_public_addr = "${config.meta.ipv4}:3901";
|
||||
|
||||
# [s3_web]
|
||||
# bind_addr = "[::]:3902"
|
||||
# root_domain = ".web.garage.localhost"
|
||||
# index = "index.html"
|
||||
# Standard S3 api endpoint
|
||||
s3_api = {
|
||||
s3_region = "hades";
|
||||
api_bind_addr = "[::]:3900";
|
||||
};
|
||||
|
||||
# [k2v_api]
|
||||
# api_bind_addr = "[::]:3904"
|
||||
|
||||
# [admin]
|
||||
# api_bind_addr = "0.0.0.0:3903"
|
||||
# admin_token = "$(openssl rand -base64 32)"
|
||||
# Static file serve endpoint
|
||||
s3_web = {
|
||||
bind_addr = "[::]:3902";
|
||||
root_domain = "g.xirion.net";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -24,8 +24,8 @@ in {
|
|||
# Append the init-dirs script to add AWS/Minio secrets
|
||||
systemd.services.mastodon-init-dirs.script = ''
|
||||
cat >> /var/lib/mastodon/.secrets_env <<EOF
|
||||
AWS_ACCESS_KEY_ID="$(cat ${vs.mastodon}/awsAccessKeyId)"
|
||||
AWS_SECRET_ACCESS_KEY="$(cat ${vs.mastodon}/awsSecretAccessKey)"
|
||||
AWS_ACCESS_KEY_ID="$(cat ${vs.mastodon}/garageKeyId)"
|
||||
AWS_SECRET_ACCESS_KEY="$(cat ${vs.mastodon}/garageSecretKey)"
|
||||
DEEPL_API_KEY="$(cat ${vs.mastodon}/deeplAPIKey)"
|
||||
EOF
|
||||
'';
|
||||
|
@ -90,10 +90,10 @@ in {
|
|||
# https://github.com/cybrespace/cybrespace-meta/blob/master/s3.md;
|
||||
# https://shivering-isles.com/Mastodon-and-Amazon-S3
|
||||
S3_ENABLED = "true";
|
||||
S3_REGION = "hades";
|
||||
S3_BUCKET = "mastodon";
|
||||
S3_PROTOCOL = "https";
|
||||
S3_HOSTNAME = "o.xirion.net";
|
||||
S3_ENDPOINT = "https://o.xirion.net/";
|
||||
S3_ENDPOINT = "http://garage.hades:3900";
|
||||
S3_ALIAS_HOST = "fedi-media.xirion.net";
|
||||
|
||||
DEEPL_PLAN = "free";
|
||||
};
|
||||
|
|
|
@ -83,7 +83,6 @@ in {
|
|||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
|
||||
extraConfig = ''
|
||||
#Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
|
||||
send_timeout 100m;
|
||||
|
@ -130,7 +129,8 @@ in {
|
|||
locations."/" = {
|
||||
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "http://plex2.hades:32400/"; };
|
||||
proxyPass = "http://plex2.hades:32400/";
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."fedi.xirion.net" = {
|
||||
|
@ -162,5 +162,7 @@ in {
|
|||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
virtualHosts."fedi-media.xirion.net" = proxy "http://garage.hades:3902";
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue