# SPDX-FileCopyrightText: 2024 Maurice Debray # SPDX-FileCopyrightText: 2024 Tom Hubrecht # SPDX-FileContributor: Ryan Lahfa # # SPDX-License-Identifier: EUPL-1.2 { config, lib, pkgs, ... }: let inherit (lib) mapAttrs' nameValuePair; host = "s3.dgnum.eu"; webHost = "cdn.dgnum.eu"; data_dir = "/data/slow/garage/data"; metadata_dir = "/data/fast/garage/meta"; domains = [ "bandarretdurgence.ens.fr" "boussole-sante.normalesup.eu" "lanuit.ens.fr" "simi.normalesup.eu" "pub.dgnum.eu" ]; buckets = [ "monorepo-terraform-state" "banda-website" "castopod-dgnum" "hackens-website" "nuit-website" "peertube-videos-dgnum" "landing-website" ] ++ domains; mkHosted = host: builtins.map (b: "${b}.${host}"); ports = { admin_api = 3903; k2v_api = 3904; rpc = 3901; s3_api = 3900; s3_web = 3902; }; in { dgn-web.internalPorts = mapAttrs' (name: nameValuePair "garage-${name}") ports; services.garage = { enable = true; package = pkgs.garage_1_0_1; settings = { inherit data_dir metadata_dir; db_engine = "lmdb"; consistency_mode = "consistent"; replication_factor = 1; compression_level = 7; rpc_bind_addr = "[::]:${toString ports.rpc}"; rpc_public_addr = "127.0.0.1:${toString ports.rpc}"; s3_api = { s3_region = "garage"; api_bind_addr = "127.0.0.1:${toString ports.s3_api}"; root_domain = ".${host}"; }; s3_web = { bind_addr = "127.0.0.1:${toString ports.s3_web}"; root_domain = ".${webHost}"; index = "index.html"; }; k2v_api.api_bind_addr = "[::]:${toString ports.k2v_api}"; admin.api_bind_addr = "127.0.0.1:${toString ports.admin_api}"; }; environmentFile = config.age.secrets."garage-environment_file".path; }; systemd.services.garage.serviceConfig = { User = "garage"; ReadWriteDirectories = [ data_dir metadata_dir ]; TimeoutSec = 600; }; users.users.garage = { isSystemUser = true; group = "garage"; }; users.groups.garage = { }; services.nginx.virtualHosts = { "s3-admin.dgnum.eu" = { enableACME = true; forceSSL = true; locations."/".extraConfig = '' proxy_pass http://127.0.0.1:${toString ports.admin_api}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; ''; }; ${host} = { enableACME = true; forceSSL = true; serverAliases = mkHosted host buckets; locations."/".extraConfig = '' proxy_pass http://127.0.0.1:${toString ports.s3_api}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; # Disable buffering to a temporary file. proxy_max_temp_file_size 0; client_max_body_size 5G; ''; }; ${webHost} = { enableACME = true; forceSSL = true; serverAliases = domains ++ (mkHosted webHost buckets); locations."/".extraConfig = '' proxy_pass http://127.0.0.1:${toString ports.s3_web}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; ''; }; }; }