feat: garage configuration
This commit is contained in:
@@ -1,5 +1,6 @@
|
||||
{...}: {
|
||||
imports = [
|
||||
./forgejo
|
||||
./garage.nix
|
||||
];
|
||||
}
|
||||
|
||||
54
capytal/garage.nix
Normal file
54
capytal/garage.nix
Normal file
@@ -0,0 +1,54 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
secrets = config.spacestation-secrets.lesser;
|
||||
in {
|
||||
imports = [];
|
||||
|
||||
services.garage.enable = true;
|
||||
services.garage.package = pkgs.garage_1_x;
|
||||
services.garage.settings = {
|
||||
db_engine = "sqlite";
|
||||
|
||||
replication_factor = 1;
|
||||
|
||||
rpc_bind_addr = "[::]:${toString secrets.services.garage-rpc.port}";
|
||||
rpc_public_addr = "127.0.0.1:${toString secrets.services.garage-rpc.port}";
|
||||
rpc_secret = secrets.services.garage-rpc.token;
|
||||
|
||||
s3_api = {
|
||||
s3_region = "garage";
|
||||
api_bind_addr = "[::]:${toString secrets.services.garage-api.port}";
|
||||
root_domain = ".s3.garage.localhost";
|
||||
};
|
||||
|
||||
s3_web = {
|
||||
bind_addr = "[::]:${toString secrets.services.garage-web.port}";
|
||||
root_domain = ".web.garage.localhost";
|
||||
index = "index.html";
|
||||
};
|
||||
|
||||
k2v_api = {
|
||||
api_bind_addr = "[::]:${toString secrets.services.garage-k2v.port}";
|
||||
};
|
||||
|
||||
admin = {
|
||||
api_bind_addr = "[::]:${toString secrets.services.garage-admin.port}";
|
||||
admin_token = secrets.services.garage-admin.token;
|
||||
metrics_token = secrets.services.garage-admin.metrics_token;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
secrets.services.garage-rpc.port
|
||||
secrets.services.garage-api.port
|
||||
secrets.services.garage-web.port
|
||||
secrets.services.garage-k2v.port
|
||||
secrets.services.garage-admin.port
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [awscli2];
|
||||
}
|
||||
@@ -1,15 +1,15 @@
|
||||
{
|
||||
"tailnet-name": "ENC[AES256_GCM,data:f9T+/IRApqThgMlE,iv:LufRlHxdon5mahAi1+jwbhTqcOZh2bdnUubfEL6QFg0=,tag:KmJ4E0EggzQh8ZCm2fLeGw==,type:str]",
|
||||
"device-ip": "ENC[AES256_GCM,data:Ed6hS/9F52UGVLpAyw==,iv:sg9iVEmZxA2lNJoc0xwLRyDzoF1Cy48wp9CQf3zOOzQ=,tag:77RYGvjgw0QdZUsPcqVTvA==,type:str]",
|
||||
"homelab-domain": "ENC[AES256_GCM,data:IQAkzgxJL4WsOqJ0RA==,iv:COJSPyCP33ZJJXz1blr4CTH3DfZ9oH/Em72VWlGWtO0=,tag:sLj91nAgVtvDiRcVzqgIsg==,type:str]",
|
||||
"homelab-domain": "ENC[AES256_GCM,data:XkgOP94q3gBknoGzcA==,iv:pKnrjhi9VnW0xWIEQfnxV+wb/iNxT/TFs07K9/NW8sU=,tag:N2sGj5lTCJHFBpI9baja9Q==,type:str]",
|
||||
"cloudflare-funnel": "ENC[AES256_GCM,data:bUGjnOkfGZaXV7htm0QotjMRs9fMXRQ1zR+KMLicBfYSpEj6rlrg8zos4eGXfueYvHbL/+kgtG+ncmmWCClHyVVeF7lJFykzu0/x/EVf7ia0p451CghfXJ0uJPoH03S42zru/B2OfF0nyatXdknd6s6mn6vsO7eT37OzjFANB51nhPTX+rYi+TAdN9CRVp11TwGcY6ag9jDKo/AbsFPrmwasSXELeYFnNNkI78+4uPeusYoRFhn/uA==,iv:TgaFg5nCc0DDiVI28Fk8OHJ+cJjd90eTt6kKVgzT7mQ=,tag:kEFXsDqSbfq+z3ayDmofow==,type:str]",
|
||||
"services": {
|
||||
"adguard": {
|
||||
"domain": "ENC[AES256_GCM,data:QquWEbgpXY13UMV9BTXplQ5LhSgv,iv:0AstA5oaS8714QME3QK0/aiv9Khqk1bLCcFdCEPn+IA=,tag:XXIWjIjHQ0gZFSFBHU49Ag==,type:str]",
|
||||
"domain": "ENC[AES256_GCM,data:HBSOMhBmEGjzmAtXiulXDcDzWbUD,iv:NcL5I//0buHgMtZX4BEv2i66pYsZAZkLBWfZDe8tWhg=,tag:5f3y6wjCAjiD7qTxwx0ltA==,type:str]",
|
||||
"port": "ENC[AES256_GCM,data:4JC+Dg==,iv:jACiG3MB0u8mKFhghBN3VzLBGkUYeCC58fGOuLePJ+M=,tag:Lz4Q8U24aOfjIA4tK6yZwg==,type:float]"
|
||||
},
|
||||
"forgejo": {
|
||||
"domain": "ENC[AES256_GCM,data:DJDExE7VVmAk4ZLhOkTfD2wBY5i1,iv:tnOgrKCpglvDyk75mnmeoiz2trmD3r3wCL2etHmALC4=,tag:rAiEK9U48cR1q+W7Zbkhvg==,type:str]",
|
||||
"domain": "ENC[AES256_GCM,data:wQFMA6ek2MwQ/o3RoN514FhaqkrL,iv:o29YxXtMgyVhDt4ufuD4cRLriwv4clkjN9g3ZNBErwU=,tag:sjtRHwOYXFUXhn3R8U3dBA==,type:str]",
|
||||
"port": "ENC[AES256_GCM,data:ydSACw==,iv:0RWRLLCU8YyYmOmTawns2Iy+ABiBFbBqgQ10+buZNt0=,tag:3QW0NzbKeUkcfYh/5my3fA==,type:float]",
|
||||
"actions-token": "ENC[AES256_GCM,data:eNZtfpBt0ZjgLrykGKGEL3gtKCHHE+UWaDATgi0QHBGj7ZZX7ROuKQ==,iv:J8wmqFVmi8sarGupw/F4PP20HdaGTrxC4pF8GERwZxs=,tag:wZve5TI4/NpacMpHtpBnoA==,type:str]",
|
||||
"actions-labels": [
|
||||
@@ -18,6 +18,29 @@
|
||||
"ENC[AES256_GCM,data:KybqnMcU6ON30jLPHHdKB8oc2clxwV7otpUfinlm/YCWgvLZpsjFPnm/eu9hjKLfcwPEsWqi,iv:mmhWpJLzLJJJ8eJkNQtVLYudNG+wgIFoIEvc0o9KP7I=,tag:YB/x4AF+jrC1i0q/LhtnCw==,type:str]",
|
||||
"ENC[AES256_GCM,data:ewFeb0pgS7t7ugV1rvEqQHkZ3UfHf7BdPXh9rIZAmyAG04E53EFYFcjuLLlZKnsu,iv:Dc+8zlv0bKkNbmMYgUXOrBkolOKJLrasen2KfUjwyoc=,tag:TUmz6hvwS3jbxvSfq3ajTQ==,type:str]"
|
||||
]
|
||||
},
|
||||
"garage-admin": {
|
||||
"domain": "ENC[AES256_GCM,data:viXPfFmlLcR769g8qjkI0D4o78o=,iv:Gds3r2vfx0P+inx3QbhZG1UeKyKmcyRytPJ5WlG/ydA=,tag:n/wbsvqPDy5+yMV/YX+jCQ==,type:str]",
|
||||
"port": "ENC[AES256_GCM,data:a2aSDA==,iv:nWo1gjBWbzi3I4NrLrwgUz5j6+XD88sgn7ce7j3svJ8=,tag:bO1OcmiuDnVmH+I+pxyIjA==,type:float]",
|
||||
"token": "ENC[AES256_GCM,data:bkDJvY6lwdgzKtB+ewzMoJtzW+bk1oMu2XGZaJ4WjHLKBdxPBlRrhvXUMHSDpBTZq/8hfmVmV8M4G9xJ6mGtSg==,iv:SE/A6+pZE7ec+kgS1hDZ8pm/c/TB87X9JOdC50SwldU=,tag:/KKaFDWfTnzgmIHOg/t7Jw==,type:str]",
|
||||
"metrics_token": "ENC[AES256_GCM,data:HpCXud0I4EGYTvOh/dj0Y6h+dCHDq/EfRdSDqWIPayYfClPkd4sdj1HYNREhmiPoWpmmfPJIsioDd3ZZXERU6Q==,iv:xGeRbLTcplcZUxAxDNBOklhQEatOaRG5Ibj41FuY4O4=,tag:Nw+FThszSwAK6MNfaF1Zsg==,type:str]"
|
||||
},
|
||||
"garage-api": {
|
||||
"domain": "ENC[AES256_GCM,data:w9kevQ2pdjlHFZxLDiEq59Uv,iv:i0xA/rmPDZIE7cDLpqDAeGBe7sZxpakHQwTAnTzwsIk=,tag:1uE0baZC66OgfKHUznJ/eQ==,type:str]",
|
||||
"port": "ENC[AES256_GCM,data:9Epzmw==,iv:eb5S5Ih/AfZ2mXZgfIN1to3D/MPHYc8WsrispuHHewE=,tag:2qL03lJOPhWNv3ixTwMRNA==,type:float]"
|
||||
},
|
||||
"garage-k2v": {
|
||||
"domain": "ENC[AES256_GCM,data:cNNjAFNNmCBv6nli9Vdj9E5d,iv:ZCLU6dKjxcRUf7J5R0EG8Vvv+Iz7Q9SC6MaaLwelq7k=,tag:Of7a2I+2ox6VJgYfrnjlGQ==,type:str]",
|
||||
"port": "ENC[AES256_GCM,data:EbEKBg==,iv:2dM8Ddvz0+4DDzeawGnP+7QRch9KphjfhZhBrphPKM0=,tag:++I0mvw6Qki34AU/m3qSIQ==,type:float]"
|
||||
},
|
||||
"garage-rpc": {
|
||||
"domain": "ENC[AES256_GCM,data:MuDiYQ2uDT6ZZtrkVveSJ/sv,iv:EW9VP2p65nyk8iDt3zX298hQUASoXqfJ7S2+eBgOFxg=,tag:g+PG+658RLOqG4BkbaoVcQ==,type:str]",
|
||||
"port": "ENC[AES256_GCM,data:63VKeg==,iv:AukBAin0wH2YaxNwG2IIz+V5Ia/WFnpNK1StKpLsTaw=,tag:kCrFhte8xVFuqtRdzHgUpg==,type:float]",
|
||||
"token": "ENC[AES256_GCM,data:G6iKuK+1AkNIz1v5dEYiJ8dyfQ8MAWFAEu1xjrLexaH3x6O4aeqYIU+x+UpKYXUMOnOdWOUfB3o19GqbNXzSow==,iv:XHqYO1vdZTtUa4vZfU3L5h56O1Bfnu7ikLaZALOpSls=,tag:QGbLoYoXk80t+/Rzme6cHg==,type:str]"
|
||||
},
|
||||
"garage-web": {
|
||||
"domain": "ENC[AES256_GCM,data:4GBeKJA30Cv8wrpHH/ZE9e/D,iv:NLd3vkBS0powSgPSSBjh4XeLSaozpqsxk0QVYb8aGoc=,tag:fvsbTzCPTJe4ztDN0mwmWw==,type:str]",
|
||||
"port": "ENC[AES256_GCM,data:m+GbLg==,iv:flh8eBzbIXFUWQIp6dXM/1X64+tNXNlA78Xw21YwZ0o=,tag:fgijLcMuQHyVNZlhakXZ2w==,type:float]"
|
||||
}
|
||||
},
|
||||
"sops": {
|
||||
@@ -31,8 +54,8 @@
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL3dCY1VLMmoxRFRmS0Ir\nV0ppTnI0RE5ZMjcvRGNPWkNxWFdJYTBDTG00ClRGQkh1UStGTmc0RE5aNy9nL3FI\nbHJIa3hLR0ZkTjd6WkFzOFkzeFdMNUEKLS0tIDBidk93Qy9LenFlSGZ2aEpuTUFt\nWVM2eS9UdXAvbzE4eEdKMjVEM3RLdm8KKeIhk+YOKVL9Y19lLyb6/Pxv8rbewK2e\nLm96jx+LOMOCFcQGxuFKWqQbTB4br/cPvRKSY5jFmFWqVg7pCPTAzQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2024-09-09T19:53:36Z",
|
||||
"mac": "ENC[AES256_GCM,data:gTkt5pmM5j76mZCmiUNQp69/LTn7vOVO8xdJOpBPywOt4+Ypi/xb9wlPdtB+Jca6BJYuZHNE6yI8Ui+/rorPHZXyT/sphXG1UmUOqwAWTUBOQEv9g6W94vf6/KUadANmQSTcQ6/2r3YAGxHr2IUjTBh1Ir4U7A9Nzu+NQ25Xc/Q=,iv:dghHEnjxcV9RZFobz/fHqx2oaH77+AcCWOSSEE+dvkA=,tag:rjn7PH8v0cosN8Wcelt3PQ==,type:str]",
|
||||
"lastmodified": "2024-09-18T01:25:20Z",
|
||||
"mac": "ENC[AES256_GCM,data:f7KDdiyhcRpGFwVJIs/AU5t++1cQnHxr1kBJTAcZ7v0TTIqjVMwXd6JtcEX8p6voiTXbj+/pVJ0d0ucy6BZdnC8f97wnRpVUlsogeWGfotQCamfrqqa8NTNrg9uMeZqZefPDE5OikCPeyP7fyhJzbm6FmgZEcwsp4o3YefXwqxA=,iv:UzfDPzkNJGlgOF/eJAeekYKV7j50CK6p8EC2LflLoGI=,tag:0yQ0mXl9vBbwReXCuhWWHQ==,type:str]",
|
||||
"pgp": null,
|
||||
"unencrypted_suffix": "_unencrypted",
|
||||
"version": "3.9.0"
|
||||
|
||||
Reference in New Issue
Block a user