# SPDX-FileCopyrightText: 2024 Maurice Debray # SPDX-FileCopyrightText: 2024 Tom Hubrecht # SPDX-FileContributor: Ryan Lahfa # # SPDX-License-Identifier: EUPL-1.2 let host = "s3.dgnum.eu"; webHost = "cdn.dgnum.eu"; domains = [ "bandarretdurgence.ens.fr" "boussole-sante.normalesup.eu" "lanuit.ens.fr" "simi.normalesup.eu" "pub.dgnum.eu" ]; buckets = [ "monorepo-terraform-state" "banda-website" "castopod-dgnum" "hackens-website" "nuit-website" "peertube-videos-dgnum" "landing-website" ] ++ domains; mkHosted = host: builtins.map (b: "${b}.${host}"); ports = { admin_api = 3903; k2v_api = 3904; rpc = 3901; s3_api = 3900; s3_web = 3902; }; in { dgn-s3 = { enable = true; inherit ports; data_dir = "/data/slow/garage/data"; metadata_dir = "/data/fast/garage/meta"; }; services.garage.settings = { s3_api.root_domain = ".${host}"; s3_web.root_domain = ".${webHost}"; }; services.nginx.virtualHosts = { "s3-admin.dgnum.eu" = { enableACME = true; forceSSL = true; locations."/".extraConfig = '' proxy_pass http://127.0.0.1:${builtins.toString ports.admin_api}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; ''; }; ${host} = { enableACME = true; forceSSL = true; serverAliases = mkHosted host buckets; locations."/".extraConfig = '' proxy_pass http://127.0.0.1:${builtins.toString ports.s3_api}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; # Disable buffering to a temporary file. proxy_max_temp_file_size 0; client_max_body_size 5G; ''; }; ${webHost} = { enableACME = true; forceSSL = true; serverAliases = domains ++ (mkHosted webHost buckets); locations."/".extraConfig = '' proxy_pass http://127.0.0.1:${builtins.toString ports.s3_web}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; ''; }; }; }