capytal/garage.nix

{
  config,
  lib,
  pkgs,
  ...
}: let
  secrets = config.spacestation-secrets.lesser;
  garageCfg = secrets.capytal.services.garage;
in {
  imports = [];

  services.garage.enable = true;
  services.garage.package = pkgs.garage_1_x;
  services.garage.settings = {
    db_engine = "sqlite";

    replication_factor = 1;

    rpc_bind_addr = "[::]:${toString garageCfg.rpc.port}";
    rpc_public_addr = "127.0.0.1:${toString garageCfg.rpc.port}";
    rpc_secret = garageCfg.rpc.token;

    s3_api = {
      s3_region = "garage";
      api_bind_addr = "[::]:${toString garageCfg.api.port}";
      root_domain = ".s3.garage.localhost";
    };

    s3_web = {
      bind_addr = "[::]:${toString garageCfg.web.port}";
      root_domain = ".web.garage.localhost";
      index = "index.html";
    };

    k2v_api = {
      api_bind_addr = "[::]:${toString garageCfg.k2v.port}";
    };

    admin = {
      api_bind_addr = "[::]:${toString garageCfg.admin.port}";
      admin_token = garageCfg.admin.token;
      metrics_token = garageCfg.admin.metrics_token;
    };
  };

  networking.firewall.allowedTCPPorts = [
    garageCfg.rpc.port
    garageCfg.api.port
    garageCfg.web.port
    garageCfg.k2v.port
    garageCfg.admin.port
  ];

  environment.systemPackages = with pkgs; [awscli2];
}
feat: garage configuration 2024-09-18 09:58:27 -03:00			`{`
			`config,`
			`lib,`
			`pkgs,`
			`...`
			`}: let`
			`secrets = config.spacestation-secrets.lesser;`
feat: refactor network configuration and add TLS support 2024-10-03 16:24:14 -03:00			`garageCfg = secrets.capytal.services.garage;`
feat: garage configuration 2024-09-18 09:58:27 -03:00			`in {`
			`imports = [];`

			`services.garage.enable = true;`
			`services.garage.package = pkgs.garage_1_x;`
			`services.garage.settings = {`
			`db_engine = "sqlite";`

			`replication_factor = 1;`

feat: refactor network configuration and add TLS support 2024-10-03 16:24:14 -03:00			`rpc_bind_addr = "[::]:${toString garageCfg.rpc.port}";`
			`rpc_public_addr = "127.0.0.1:${toString garageCfg.rpc.port}";`
			`rpc_secret = garageCfg.rpc.token;`
feat: garage configuration 2024-09-18 09:58:27 -03:00
			`s3_api = {`
			`s3_region = "garage";`
feat: refactor network configuration and add TLS support 2024-10-03 16:24:14 -03:00			`api_bind_addr = "[::]:${toString garageCfg.api.port}";`
feat: garage configuration 2024-09-18 09:58:27 -03:00			`root_domain = ".s3.garage.localhost";`
			`};`

			`s3_web = {`
feat: refactor network configuration and add TLS support 2024-10-03 16:24:14 -03:00			`bind_addr = "[::]:${toString garageCfg.web.port}";`
feat: garage configuration 2024-09-18 09:58:27 -03:00			`root_domain = ".web.garage.localhost";`
			`index = "index.html";`
			`};`

			`k2v_api = {`
feat: refactor network configuration and add TLS support 2024-10-03 16:24:14 -03:00			`api_bind_addr = "[::]:${toString garageCfg.k2v.port}";`
feat: garage configuration 2024-09-18 09:58:27 -03:00			`};`

			`admin = {`
feat: refactor network configuration and add TLS support 2024-10-03 16:24:14 -03:00			`api_bind_addr = "[::]:${toString garageCfg.admin.port}";`
			`admin_token = garageCfg.admin.token;`
			`metrics_token = garageCfg.admin.metrics_token;`
feat: garage configuration 2024-09-18 09:58:27 -03:00			`};`
			`};`

			`networking.firewall.allowedTCPPorts = [`
feat: refactor network configuration and add TLS support 2024-10-03 16:24:14 -03:00			`garageCfg.rpc.port`
			`garageCfg.api.port`
			`garageCfg.web.port`
			`garageCfg.k2v.port`
			`garageCfg.admin.port`
feat: garage configuration 2024-09-18 09:58:27 -03:00			`];`

			`environment.systemPackages = with pkgs; [awscli2];`
			`}`