e6906a0aa3
All checks were successful
Check meta / check_dns (pull_request) Successful in 15s
Check meta / check_meta (pull_request) Successful in 15s
Check workflows / check_workflows (pull_request) Successful in 16s
Build all the nodes / ap01 (pull_request) Successful in 1m8s
Build all the nodes / bridge01 (pull_request) Successful in 1m47s
Build all the nodes / geo02 (pull_request) Successful in 1m53s
Build all the nodes / hypervisor01 (pull_request) Successful in 1m37s
Build all the nodes / geo01 (pull_request) Successful in 2m44s
Build all the nodes / build01 (pull_request) Successful in 3m1s
Build all the nodes / netcore02 (pull_request) Successful in 31s
Build all the nodes / hypervisor02 (pull_request) Successful in 1m37s
Build all the nodes / compute01 (pull_request) Successful in 3m26s
Build all the nodes / hypervisor03 (pull_request) Successful in 1m42s
Build all the nodes / tower01 (pull_request) Successful in 1m46s
Build all the nodes / vault01 (pull_request) Successful in 1m40s
Build the shell / build-shell (pull_request) Successful in 34s
Build all the nodes / web02 (pull_request) Successful in 1m32s
Build all the nodes / rescue01 (pull_request) Successful in 3m5s
Run pre-commit on all files / pre-commit (pull_request) Successful in 38s
Build all the nodes / storage01 (pull_request) Successful in 3m24s
Build all the nodes / web03 (pull_request) Successful in 1m42s
Build all the nodes / web01 (pull_request) Successful in 3m50s
Build all the nodes / ap01 (push) Successful in 33s
Build all the nodes / netcore02 (push) Successful in 27s
Build all the nodes / geo01 (push) Successful in 1m36s
Build all the nodes / storage01 (push) Successful in 2m3s
Build all the nodes / bridge01 (push) Successful in 2m55s
Build all the nodes / hypervisor03 (push) Successful in 2m48s
Build all the nodes / hypervisor01 (push) Successful in 2m56s
Build the shell / build-shell (push) Successful in 36s
Build all the nodes / build01 (push) Successful in 3m17s
Run pre-commit on all files / pre-commit (push) Successful in 23s
Build all the nodes / tower01 (push) Successful in 1m42s
Build all the nodes / geo02 (push) Successful in 3m28s
Build all the nodes / compute01 (push) Successful in 3m32s
Build all the nodes / hypervisor02 (push) Successful in 3m42s
Build all the nodes / web03 (push) Successful in 1m52s
Build all the nodes / rescue01 (push) Successful in 3m23s
Build all the nodes / web01 (push) Successful in 2m22s
Build all the nodes / vault01 (push) Successful in 3m39s
Build all the nodes / web02 (push) Successful in 3m43s
163 lines
3.5 KiB
Nix
163 lines
3.5 KiB
Nix
# SPDX-FileCopyrightText: 2024 Maurice Debray <maurice.debray@dgnum.eu>
|
|
#
|
|
# SPDX-License-Identifier: EUPL-1.2
|
|
|
|
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
meta,
|
|
name,
|
|
...
|
|
}:
|
|
|
|
let
|
|
inherit (lib)
|
|
genAttrs
|
|
mapAttrs'
|
|
mkDefault
|
|
mkEnableOption
|
|
mkIf
|
|
mkOption
|
|
nameValuePair
|
|
;
|
|
|
|
inherit (lib.types)
|
|
path
|
|
nullOr
|
|
package
|
|
port
|
|
;
|
|
|
|
mkListen =
|
|
local: port:
|
|
mkIf (port != null) "${if local then "127.0.0.1" else "[::]"}:${builtins.toString port}";
|
|
|
|
mkPortOption =
|
|
name:
|
|
mkOption {
|
|
type = nullOr port;
|
|
default = null;
|
|
description = ''
|
|
Listening port for the ${name} garage service.
|
|
'';
|
|
};
|
|
|
|
cfg = config.dgn-s3;
|
|
in
|
|
|
|
{
|
|
options.dgn-s3 = {
|
|
enable = mkEnableOption "a Garage node for the DGNum S3 server";
|
|
|
|
data_dir = mkOption {
|
|
type = path;
|
|
description = ''
|
|
The directory in which Garage will store the data blocks of objects.
|
|
Can be put on slow hardware.
|
|
'';
|
|
};
|
|
|
|
metadata_dir = mkOption {
|
|
type = path;
|
|
description = ''
|
|
The directory in which Garage will store the metadata of objects.
|
|
Should be put on fast hardware.
|
|
'';
|
|
};
|
|
|
|
package = mkOption {
|
|
type = package;
|
|
default = pkgs.garage_1_0_1;
|
|
description = ''
|
|
Garage package to use, needs to be set explicitly.
|
|
If you are upgrading from a major version, please read NixOS
|
|
and Garage release notes for upgrade instructions.
|
|
'';
|
|
};
|
|
|
|
ports =
|
|
{
|
|
rpc = mkOption {
|
|
type = port;
|
|
default = null;
|
|
description = ''
|
|
Listening port for the ${name} garage service.
|
|
'';
|
|
};
|
|
}
|
|
// (genAttrs [
|
|
"admin_api"
|
|
"k2v_api"
|
|
"s3_api"
|
|
"s3_web"
|
|
] mkPortOption);
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
age-secrets = {
|
|
autoMatch = [ "garage" ];
|
|
sources = [ ./. ];
|
|
};
|
|
|
|
dgn-web.internalPorts = mapAttrs' (name: nameValuePair "garage-${name}") cfg.ports;
|
|
|
|
networking.firewall.allowedTCPPorts = [ cfg.ports.rpc ];
|
|
|
|
services.garage = {
|
|
enable = true;
|
|
|
|
inherit (cfg) package;
|
|
|
|
settings = {
|
|
inherit (cfg) data_dir metadata_dir;
|
|
|
|
db_engine = "lmdb";
|
|
|
|
consistency_mode = "consistent";
|
|
replication_factor = 2;
|
|
|
|
compression_level = 7;
|
|
|
|
rpc_bind_addr = mkListen false cfg.ports.rpc;
|
|
rpc_public_addr = "${meta.network.${name}.netbirdIp}:${builtins.toString cfg.ports.rpc}";
|
|
rpc_secret_file = config.age.secrets."garage-rpc_secret_file".path;
|
|
|
|
s3_api = {
|
|
s3_region = "garage";
|
|
api_bind_addr = mkListen true cfg.ports.s3_api;
|
|
root_domain = mkDefault ".s3.dgnum";
|
|
};
|
|
|
|
s3_web = {
|
|
bind_addr = mkListen true cfg.ports.s3_web;
|
|
index = "index.html";
|
|
root_domain = mkDefault ".web.dgnum";
|
|
};
|
|
|
|
k2v_api.api_bind_addr = mkListen false cfg.ports.k2v_api;
|
|
|
|
admin = {
|
|
api_bind_addr = mkListen true cfg.ports.admin_api;
|
|
admin_token_file = config.age.secrets."garage-admin_token_file".path;
|
|
metrics_token_file = config.age.secrets."garage-metrics_token_file".path;
|
|
};
|
|
};
|
|
};
|
|
|
|
systemd.services.garage.serviceConfig = {
|
|
User = "garage";
|
|
ReadWriteDirectories = [
|
|
cfg.data_dir
|
|
cfg.metadata_dir
|
|
];
|
|
TimeoutSec = 600;
|
|
};
|
|
|
|
users.users.garage = {
|
|
isSystemUser = true;
|
|
group = "garage";
|
|
};
|
|
users.groups.garage = { };
|
|
};
|
|
}
|