diff --git a/capytal/default.nix b/capytal/default.nix index a86d834..0ad5720 100644 --- a/capytal/default.nix +++ b/capytal/default.nix @@ -1,5 +1,6 @@ {...}: { imports = [ ./forgejo + ./garage.nix ]; } diff --git a/capytal/garage.nix b/capytal/garage.nix new file mode 100644 index 0000000..8da2ee2 --- /dev/null +++ b/capytal/garage.nix @@ -0,0 +1,54 @@ +{ + config, + lib, + pkgs, + ... +}: let + secrets = config.spacestation-secrets.lesser; +in { + imports = []; + + services.garage.enable = true; + services.garage.package = pkgs.garage_1_x; + services.garage.settings = { + db_engine = "sqlite"; + + replication_factor = 1; + + rpc_bind_addr = "[::]:${toString secrets.services.garage-rpc.port}"; + rpc_public_addr = "127.0.0.1:${toString secrets.services.garage-rpc.port}"; + rpc_secret = secrets.services.garage-rpc.token; + + s3_api = { + s3_region = "garage"; + api_bind_addr = "[::]:${toString secrets.services.garage-api.port}"; + root_domain = ".s3.garage.localhost"; + }; + + s3_web = { + bind_addr = "[::]:${toString secrets.services.garage-web.port}"; + root_domain = ".web.garage.localhost"; + index = "index.html"; + }; + + k2v_api = { + api_bind_addr = "[::]:${toString secrets.services.garage-k2v.port}"; + }; + + admin = { + api_bind_addr = "[::]:${toString secrets.services.garage-admin.port}"; + admin_token = secrets.services.garage-admin.token; + metrics_token = secrets.services.garage-admin.metrics_token; + }; + }; + + networking.firewall.allowedTCPPorts = [ + secrets.services.garage-rpc.port + secrets.services.garage-api.port + secrets.services.garage-web.port + secrets.services.garage-k2v.port + secrets.services.garage-admin.port + ]; + + environment.systemPackages = with pkgs; [awscli2]; +} diff --git a/secrets/spacestation.lesser.json b/secrets/spacestation.lesser.json index cb50c14..a4f234a 100644 --- a/secrets/spacestation.lesser.json +++ b/secrets/spacestation.lesser.json @@ -1,15 +1,15 @@ { "tailnet-name": "ENC[AES256_GCM,data:f9T+/IRApqThgMlE,iv:LufRlHxdon5mahAi1+jwbhTqcOZh2bdnUubfEL6QFg0=,tag:KmJ4E0EggzQh8ZCm2fLeGw==,type:str]", "device-ip": "ENC[AES256_GCM,data:Ed6hS/9F52UGVLpAyw==,iv:sg9iVEmZxA2lNJoc0xwLRyDzoF1Cy48wp9CQf3zOOzQ=,tag:77RYGvjgw0QdZUsPcqVTvA==,type:str]", - "homelab-domain": "ENC[AES256_GCM,data:IQAkzgxJL4WsOqJ0RA==,iv:COJSPyCP33ZJJXz1blr4CTH3DfZ9oH/Em72VWlGWtO0=,tag:sLj91nAgVtvDiRcVzqgIsg==,type:str]", + "homelab-domain": "ENC[AES256_GCM,data:XkgOP94q3gBknoGzcA==,iv:pKnrjhi9VnW0xWIEQfnxV+wb/iNxT/TFs07K9/NW8sU=,tag:N2sGj5lTCJHFBpI9baja9Q==,type:str]", "cloudflare-funnel": "ENC[AES256_GCM,data:bUGjnOkfGZaXV7htm0QotjMRs9fMXRQ1zR+KMLicBfYSpEj6rlrg8zos4eGXfueYvHbL/+kgtG+ncmmWCClHyVVeF7lJFykzu0/x/EVf7ia0p451CghfXJ0uJPoH03S42zru/B2OfF0nyatXdknd6s6mn6vsO7eT37OzjFANB51nhPTX+rYi+TAdN9CRVp11TwGcY6ag9jDKo/AbsFPrmwasSXELeYFnNNkI78+4uPeusYoRFhn/uA==,iv:TgaFg5nCc0DDiVI28Fk8OHJ+cJjd90eTt6kKVgzT7mQ=,tag:kEFXsDqSbfq+z3ayDmofow==,type:str]", "services": { "adguard": { - "domain": "ENC[AES256_GCM,data:QquWEbgpXY13UMV9BTXplQ5LhSgv,iv:0AstA5oaS8714QME3QK0/aiv9Khqk1bLCcFdCEPn+IA=,tag:XXIWjIjHQ0gZFSFBHU49Ag==,type:str]", + "domain": "ENC[AES256_GCM,data:HBSOMhBmEGjzmAtXiulXDcDzWbUD,iv:NcL5I//0buHgMtZX4BEv2i66pYsZAZkLBWfZDe8tWhg=,tag:5f3y6wjCAjiD7qTxwx0ltA==,type:str]", "port": "ENC[AES256_GCM,data:4JC+Dg==,iv:jACiG3MB0u8mKFhghBN3VzLBGkUYeCC58fGOuLePJ+M=,tag:Lz4Q8U24aOfjIA4tK6yZwg==,type:float]" }, "forgejo": { - "domain": "ENC[AES256_GCM,data:DJDExE7VVmAk4ZLhOkTfD2wBY5i1,iv:tnOgrKCpglvDyk75mnmeoiz2trmD3r3wCL2etHmALC4=,tag:rAiEK9U48cR1q+W7Zbkhvg==,type:str]", + "domain": "ENC[AES256_GCM,data:wQFMA6ek2MwQ/o3RoN514FhaqkrL,iv:o29YxXtMgyVhDt4ufuD4cRLriwv4clkjN9g3ZNBErwU=,tag:sjtRHwOYXFUXhn3R8U3dBA==,type:str]", "port": "ENC[AES256_GCM,data:ydSACw==,iv:0RWRLLCU8YyYmOmTawns2Iy+ABiBFbBqgQ10+buZNt0=,tag:3QW0NzbKeUkcfYh/5my3fA==,type:float]", "actions-token": "ENC[AES256_GCM,data:eNZtfpBt0ZjgLrykGKGEL3gtKCHHE+UWaDATgi0QHBGj7ZZX7ROuKQ==,iv:J8wmqFVmi8sarGupw/F4PP20HdaGTrxC4pF8GERwZxs=,tag:wZve5TI4/NpacMpHtpBnoA==,type:str]", "actions-labels": [ @@ -18,6 +18,29 @@ "ENC[AES256_GCM,data:KybqnMcU6ON30jLPHHdKB8oc2clxwV7otpUfinlm/YCWgvLZpsjFPnm/eu9hjKLfcwPEsWqi,iv:mmhWpJLzLJJJ8eJkNQtVLYudNG+wgIFoIEvc0o9KP7I=,tag:YB/x4AF+jrC1i0q/LhtnCw==,type:str]", "ENC[AES256_GCM,data:ewFeb0pgS7t7ugV1rvEqQHkZ3UfHf7BdPXh9rIZAmyAG04E53EFYFcjuLLlZKnsu,iv:Dc+8zlv0bKkNbmMYgUXOrBkolOKJLrasen2KfUjwyoc=,tag:TUmz6hvwS3jbxvSfq3ajTQ==,type:str]" ] + }, + "garage-admin": { + "domain": "ENC[AES256_GCM,data:viXPfFmlLcR769g8qjkI0D4o78o=,iv:Gds3r2vfx0P+inx3QbhZG1UeKyKmcyRytPJ5WlG/ydA=,tag:n/wbsvqPDy5+yMV/YX+jCQ==,type:str]", + "port": "ENC[AES256_GCM,data:a2aSDA==,iv:nWo1gjBWbzi3I4NrLrwgUz5j6+XD88sgn7ce7j3svJ8=,tag:bO1OcmiuDnVmH+I+pxyIjA==,type:float]", + "token": "ENC[AES256_GCM,data:bkDJvY6lwdgzKtB+ewzMoJtzW+bk1oMu2XGZaJ4WjHLKBdxPBlRrhvXUMHSDpBTZq/8hfmVmV8M4G9xJ6mGtSg==,iv:SE/A6+pZE7ec+kgS1hDZ8pm/c/TB87X9JOdC50SwldU=,tag:/KKaFDWfTnzgmIHOg/t7Jw==,type:str]", + "metrics_token": "ENC[AES256_GCM,data:HpCXud0I4EGYTvOh/dj0Y6h+dCHDq/EfRdSDqWIPayYfClPkd4sdj1HYNREhmiPoWpmmfPJIsioDd3ZZXERU6Q==,iv:xGeRbLTcplcZUxAxDNBOklhQEatOaRG5Ibj41FuY4O4=,tag:Nw+FThszSwAK6MNfaF1Zsg==,type:str]" + }, + "garage-api": { + "domain": "ENC[AES256_GCM,data:w9kevQ2pdjlHFZxLDiEq59Uv,iv:i0xA/rmPDZIE7cDLpqDAeGBe7sZxpakHQwTAnTzwsIk=,tag:1uE0baZC66OgfKHUznJ/eQ==,type:str]", + "port": "ENC[AES256_GCM,data:9Epzmw==,iv:eb5S5Ih/AfZ2mXZgfIN1to3D/MPHYc8WsrispuHHewE=,tag:2qL03lJOPhWNv3ixTwMRNA==,type:float]" + }, + "garage-k2v": { + "domain": "ENC[AES256_GCM,data:cNNjAFNNmCBv6nli9Vdj9E5d,iv:ZCLU6dKjxcRUf7J5R0EG8Vvv+Iz7Q9SC6MaaLwelq7k=,tag:Of7a2I+2ox6VJgYfrnjlGQ==,type:str]", + "port": "ENC[AES256_GCM,data:EbEKBg==,iv:2dM8Ddvz0+4DDzeawGnP+7QRch9KphjfhZhBrphPKM0=,tag:++I0mvw6Qki34AU/m3qSIQ==,type:float]" + }, + "garage-rpc": { + "domain": "ENC[AES256_GCM,data:MuDiYQ2uDT6ZZtrkVveSJ/sv,iv:EW9VP2p65nyk8iDt3zX298hQUASoXqfJ7S2+eBgOFxg=,tag:g+PG+658RLOqG4BkbaoVcQ==,type:str]", + "port": "ENC[AES256_GCM,data:63VKeg==,iv:AukBAin0wH2YaxNwG2IIz+V5Ia/WFnpNK1StKpLsTaw=,tag:kCrFhte8xVFuqtRdzHgUpg==,type:float]", + "token": "ENC[AES256_GCM,data:G6iKuK+1AkNIz1v5dEYiJ8dyfQ8MAWFAEu1xjrLexaH3x6O4aeqYIU+x+UpKYXUMOnOdWOUfB3o19GqbNXzSow==,iv:XHqYO1vdZTtUa4vZfU3L5h56O1Bfnu7ikLaZALOpSls=,tag:QGbLoYoXk80t+/Rzme6cHg==,type:str]" + }, + "garage-web": { + "domain": "ENC[AES256_GCM,data:4GBeKJA30Cv8wrpHH/ZE9e/D,iv:NLd3vkBS0powSgPSSBjh4XeLSaozpqsxk0QVYb8aGoc=,tag:fvsbTzCPTJe4ztDN0mwmWw==,type:str]", + "port": "ENC[AES256_GCM,data:m+GbLg==,iv:flh8eBzbIXFUWQIp6dXM/1X64+tNXNlA78Xw21YwZ0o=,tag:fgijLcMuQHyVNZlhakXZ2w==,type:float]" } }, "sops": { @@ -31,8 +54,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnL3dCY1VLMmoxRFRmS0Ir\nV0ppTnI0RE5ZMjcvRGNPWkNxWFdJYTBDTG00ClRGQkh1UStGTmc0RE5aNy9nL3FI\nbHJIa3hLR0ZkTjd6WkFzOFkzeFdMNUEKLS0tIDBidk93Qy9LenFlSGZ2aEpuTUFt\nWVM2eS9UdXAvbzE4eEdKMjVEM3RLdm8KKeIhk+YOKVL9Y19lLyb6/Pxv8rbewK2e\nLm96jx+LOMOCFcQGxuFKWqQbTB4br/cPvRKSY5jFmFWqVg7pCPTAzQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2024-09-09T19:53:36Z", - "mac": "ENC[AES256_GCM,data:gTkt5pmM5j76mZCmiUNQp69/LTn7vOVO8xdJOpBPywOt4+Ypi/xb9wlPdtB+Jca6BJYuZHNE6yI8Ui+/rorPHZXyT/sphXG1UmUOqwAWTUBOQEv9g6W94vf6/KUadANmQSTcQ6/2r3YAGxHr2IUjTBh1Ir4U7A9Nzu+NQ25Xc/Q=,iv:dghHEnjxcV9RZFobz/fHqx2oaH77+AcCWOSSEE+dvkA=,tag:rjn7PH8v0cosN8Wcelt3PQ==,type:str]", + "lastmodified": "2024-09-18T01:25:20Z", + "mac": "ENC[AES256_GCM,data:f7KDdiyhcRpGFwVJIs/AU5t++1cQnHxr1kBJTAcZ7v0TTIqjVMwXd6JtcEX8p6voiTXbj+/pVJ0d0ucy6BZdnC8f97wnRpVUlsogeWGfotQCamfrqqa8NTNrg9uMeZqZefPDE5OikCPeyP7fyhJzbm6FmgZEcwsp4o3YefXwqxA=,iv:UzfDPzkNJGlgOF/eJAeekYKV7j50CK6p8EC2LflLoGI=,tag:0yQ0mXl9vBbwReXCuhWWHQ==,type:str]", "pgp": null, "unencrypted_suffix": "_unencrypted", "version": "3.9.0"