infrastructure/machines/public-cof/garage.nix
2023-07-23 18:07:40 +02:00

47 lines
1.3 KiB
Nix

{ pkgs, ... }:
{
security.acme.certs."cdn.rz.ens.wtf" = {
dnsProvider = "acme-dns";
credentialsFile = pkgs.writeText "acme-dns-env" ''
ACME_DNS_API_BASE=https://acme.rz.ens.wtf
ACME_DNS_STORAGE_PATH=/var/lib/acme/lego-acme-dns-accounts.json
'';
extraDomainNames = [ "*.cdn.rz.ens.wtf" ];
group = "nginx";
};
services.nginx.virtualHosts."s3.rz.ens.wtf" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://[::1]:3900";
};
services.nginx.virtualHosts."cdn.rz.ens.wtf" = {
serverAliases = [ "*.cdn.rz.ens.wtf" ];
useACMEHost = "cdn.rz.ens.wtf";
forceSSL = true;
locations."/".proxyPass = "http://[::1]:3902";
};
services.garage = {
enable = true;
package = pkgs.garage_0_8;
settings = {
replication_mode = "none";
compression_level = 7;
rpc_bind_addr = "10.1.1.21:3901";
rpc_public_addr = "10.1.1.21:3901";
rpc_secret = "76c2746530a4a27d188530a6bbf6c4613ccb8d8f129863d8c21462b84d5b998f";
s3_api = {
s3_region = "ens";
api_bind_addr = "[::]:3900";
root_domain = ".s3.rz.ens.wtf";
};
s3_web = {
bind_addr = "[::]:3902";
root_domain = ".cdn.rz.ens.wtf";
index = "index.html";
};
};
};
}