81690c1ea3
All checks were successful
Build all the nodes / netcore02 (push) Successful in 23s
Build all the nodes / ap01 (push) Successful in 1m6s
Build the shell / build-shell (push) Successful in 33s
Build all the nodes / hypervisor01 (push) Successful in 1m40s
Run pre-commit on all files / pre-commit (push) Successful in 24s
Build all the nodes / hypervisor03 (push) Successful in 1m45s
Build all the nodes / tower01 (push) Successful in 1m47s
Build all the nodes / vault01 (push) Successful in 2m24s
Build all the nodes / bridge01 (push) Successful in 2m30s
Build all the nodes / build01 (push) Successful in 2m37s
Build all the nodes / geo02 (push) Successful in 2m38s
Build all the nodes / compute01 (push) Successful in 2m42s
Build all the nodes / geo01 (push) Successful in 2m44s
Build all the nodes / hypervisor02 (push) Successful in 2m50s
Build all the nodes / rescue01 (push) Successful in 2m50s
Build all the nodes / web02 (push) Successful in 2m55s
Build all the nodes / storage01 (push) Successful in 2m56s
Build all the nodes / web01 (push) Successful in 3m19s
Build all the nodes / web03 (push) Successful in 2m57s
167 lines
3.7 KiB
Nix
167 lines
3.7 KiB
Nix
# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>
|
|
#
|
|
# SPDX-License-Identifier: EUPL-1.2
|
|
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
meta,
|
|
name,
|
|
...
|
|
}:
|
|
|
|
let
|
|
inherit (lib)
|
|
genAttrs
|
|
mapAttrs'
|
|
mkDefault
|
|
mkEnableOption
|
|
mkIf
|
|
mkOption
|
|
nameValuePair
|
|
;
|
|
|
|
inherit (lib.types)
|
|
path
|
|
nullOr
|
|
package
|
|
port
|
|
;
|
|
|
|
mkIfNotNull = v: mkIf (v != null);
|
|
|
|
mkListen = local: port: "${if local then "127.0.0.1" else "[::]"}:${builtins.toString port}";
|
|
|
|
mkOptionalListen = local: port: mkIfNotNull port (mkListen local port);
|
|
|
|
mkPortOption =
|
|
name:
|
|
mkOption {
|
|
type = nullOr port;
|
|
default = null;
|
|
description = ''
|
|
Listening port for the ${name} garage service.
|
|
'';
|
|
};
|
|
|
|
cfg = config.dgn-s3;
|
|
in
|
|
|
|
{
|
|
options.dgn-s3 = {
|
|
enable = mkEnableOption "a Garage node for the DGNum S3 server";
|
|
|
|
data_dir = mkOption {
|
|
type = path;
|
|
description = ''
|
|
The directory in which Garage will store the data blocks of objects.
|
|
Can be put on slow hardware.
|
|
'';
|
|
};
|
|
|
|
metadata_dir = mkOption {
|
|
type = path;
|
|
description = ''
|
|
The directory in which Garage will store the metadata of objects.
|
|
Should be put on fast hardware.
|
|
'';
|
|
};
|
|
|
|
package = mkOption {
|
|
type = package;
|
|
default = pkgs.garage_1_0_1;
|
|
description = ''
|
|
Garage package to use, needs to be set explicitly.
|
|
If you are upgrading from a major version, please read NixOS
|
|
and Garage release notes for upgrade instructions.
|
|
'';
|
|
};
|
|
|
|
ports =
|
|
{
|
|
rpc = mkOption {
|
|
type = port;
|
|
default = null;
|
|
description = ''
|
|
Listening port for the ${name} garage service.
|
|
'';
|
|
};
|
|
}
|
|
// (genAttrs [
|
|
"admin_api"
|
|
"k2v_api"
|
|
"s3_api"
|
|
"s3_web"
|
|
] mkPortOption);
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
age-secrets = {
|
|
autoMatch = [ "garage" ];
|
|
sources = [ ./. ];
|
|
};
|
|
|
|
dgn-web.internalPorts = mapAttrs' (name: nameValuePair "garage-${name}") cfg.ports;
|
|
|
|
networking.firewall.allowedTCPPorts = [ cfg.ports.rpc ];
|
|
|
|
services.garage = {
|
|
enable = true;
|
|
|
|
inherit (cfg) package;
|
|
|
|
settings = {
|
|
inherit (cfg) data_dir metadata_dir;
|
|
|
|
db_engine = "lmdb";
|
|
|
|
consistency_mode = "dangerous";
|
|
replication_factor = 2;
|
|
|
|
compression_level = 7;
|
|
|
|
rpc_bind_addr = mkOptionalListen false cfg.ports.rpc;
|
|
rpc_public_addr = "${meta.network.${name}.netbirdIp}:${builtins.toString cfg.ports.rpc}";
|
|
rpc_secret_file = config.age.secrets."garage-rpc_secret_file".path;
|
|
|
|
s3_api = {
|
|
s3_region = "garage";
|
|
api_bind_addr = mkOptionalListen true cfg.ports.s3_api;
|
|
root_domain = mkDefault ".s3.dgnum";
|
|
};
|
|
|
|
s3_web = {
|
|
bind_addr = mkOptionalListen true cfg.ports.s3_web;
|
|
index = "index.html";
|
|
root_domain = mkDefault ".web.dgnum";
|
|
};
|
|
|
|
k2v_api = mkIfNotNull cfg.ports.k2v_api {
|
|
api_bind_addr = mkListen false cfg.ports.k2v_api;
|
|
};
|
|
|
|
admin = {
|
|
api_bind_addr = mkListen true cfg.ports.admin_api;
|
|
admin_token_file = config.age.secrets."garage-admin_token_file".path;
|
|
metrics_token_file = config.age.secrets."garage-metrics_token_file".path;
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.garage.serviceConfig = {
|
|
User = "garage";
|
|
ReadWriteDirectories = [
|
|
cfg.data_dir
|
|
cfg.metadata_dir
|
|
];
|
|
TimeoutSec = 600;
|
|
};
|
|
|
|
users.users.garage = {
|
|
isSystemUser = true;
|
|
group = "garage";
|
|
};
|
|
users.groups.garage = { };
|
|
};
|
|
}
|