{ config, pkgs, lib, ... }: let host = "s3.dgnum.eu"; webHost = "cdn.dgnum.eu"; data_dir = "/data/slow/garage/data"; metadata_dir = "/data/fast/garage/meta"; buckets = { "castopod-dgnum" = { }; "peertube-videos-dgnum" = { }; "boussole-sante.normalesup.eu" = { mainDomain = true; }; }; in { services.garage = { enable = true; package = pkgs.garage_0_9; settings = { inherit data_dir metadata_dir; db_engine = "lmdb"; replication_mode = "none"; compression_level = 7; rpc_bind_addr = "[::]:3901"; rpc_public_addr = "127.0.0.1:3901"; s3_api = { s3_region = "garage"; api_bind_addr = "127.0.0.1:3900"; root_domain = ".${host}"; }; s3_web = { bind_addr = "127.0.0.1:3902"; root_domain = ".${webHost}"; index = "index.html"; }; k2v_api.api_bind_addr = "[::]:3904"; admin.api_bind_addr = "0.0.0.0:3903"; }; environmentFile = config.age.secrets."garage-environment_file".path; }; systemd.services.garage.serviceConfig = { User = "garage"; ReadWriteDirectories = [ data_dir metadata_dir ]; }; users.users.garage = { isSystemUser = true; group = "garage"; }; users.groups.garage = { }; services.nginx.virtualHosts = { ${host} = { enableACME = true; forceSSL = true; serverAliases = builtins.map (b: "${b}.${host}") (builtins.attrNames buckets); locations."/".extraConfig = '' proxy_pass http://127.0.0.1:3900; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; # Disable buffering to a temporary file. proxy_max_temp_file_size 0; client_max_body_size 5G; ''; }; ${webHost} = { enableACME = true; forceSSL = true; serverAliases = lib.flatten ( lib.mapAttrsToList ( b: v: lib.singleton "${b}.${webHost}" ++ lib.optional (v ? mainDomain && v.mainDomain) b ) buckets ); locations."/".extraConfig = '' proxy_pass http://127.0.0.1:3902; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host;''; }; }; }