nixos/hosts/hadouken/modules/garage.nix at master · noisesfromspace/nixos · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
{
  config,
  lib,
  pkgs,
  inputs,
  ...
}:
with lib;
let
  cfg = config.hosts.garage;
in
{
  options.hosts.garage = {
    enable = mkEnableOption "Garage Object Storage";
  };

  config = mkIf cfg.enable {
    services.caddy.virtualHosts = {
      "garage.thuis".extraConfig = ''
        import headscale
        handle @internal {
          handle {
            reverse_proxy http://localhost:3900
          }
        }
        respond 403
      '';
      "garage-admin.thuis".extraConfig = ''
        import headscale
        handle @internal {
          reverse_proxy http://localhost:3909
        }
        respond 403
      '';
    };

    services.garage = {
      enable = true;
      package = pkgs.garage;
      settings = {
        metadata_dir = "/var/lib/garage/meta";
        data_dir = "/mnt/zwembad/games/garage";
        db_engine = "sqlite";

        replication_factor = 1;

        rpc_bind_addr = "[::]:3901";
        rpc_public_addr = "127.0.0.1:3901";

        s3_api = {
          s3_region = "thuis";
          api_bind_addr = "[::]:3900";
          root_domain = ".s3.garage.thuis";
        };

        s3_web = {
          bind_addr = "[::]:3902";
          root_domain = ".web.garage.thuis";
          index = "index.html";
        };

        admin = {
          api_bind_addr = "[::]:3903";
        };
      };
      environmentFile = config.age.secrets.garage.path;
    };

    users.users.garage = {
      isSystemUser = true;
      group = "garage";
      home = "/var/lib/garage";
      createHome = true;
    };
    users.groups.garage = { };

    systemd.services.garage.serviceConfig = {
      User = "garage";
      Group = "garage";
      DynamicUser = lib.mkForce false;
    };

    environment.systemPackages = [ pkgs.garage-webui ];

    systemd.services.garage-webui = {
      enable = true;
      description = "Garage Web UI";
      after = [ "garage.service" ];
      wantedBy = [ "multi-user.target" ];
      serviceConfig = {
        Type = "simple";
        User = "garage";
        Group = "garage";
        ExecStart = "${pkgs.garage-webui}/bin/garage-webui";
        Restart = "on-failure";
        Environment = [
          "GARAGE_WEBUI_LISTEN=127.0.0.1:3909"
          "GARAGE_WEBUI_GARAGE_API=http://localhost:3901"
        ];
        EnvironmentFile = config.age.secrets.garage.path;
      };
    };

    age.secrets.garage = {
      file = "${inputs.secrets}/garage.age";
      owner = "garage";
      group = "garage";
    };
  };
}