{ config, pkgs, ... }: let host = "s3.dgnum.eu"; webHost = "cdn.dgnum.eu"; data_dir = "/data/slow/garage/data"; metadata_dir = "/data/fast/garage/meta"; domains = [ "boussole-sante.normalesup.eu" "simi.normalesup.eu" ]; buckets = [ "castopod-dgnum" "peertube-videos-dgnum" "banda-website" ] ++ domains; mkHosted = host: builtins.map (b: "${b}.${host}"); in { services.garage = { enable = true; package = pkgs.garage_0_9; settings = { inherit data_dir metadata_dir; db_engine = "lmdb"; replication_mode = "none"; compression_level = 7; rpc_bind_addr = "[::]:3901"; rpc_public_addr = "127.0.0.1:3901"; s3_api = { s3_region = "garage"; api_bind_addr = "127.0.0.1:3900"; root_domain = ".${host}"; }; s3_web = { bind_addr = "127.0.0.1:3902"; root_domain = ".${webHost}"; index = "index.html"; }; k2v_api.api_bind_addr = "[::]:3904"; admin.api_bind_addr = "127.0.0.1:3903"; }; environmentFile = config.age.secrets."garage-environment_file".path; }; systemd.services.garage.serviceConfig = { User = "garage"; ReadWriteDirectories = [ data_dir metadata_dir ]; }; users.users.garage = { isSystemUser = true; group = "garage"; }; users.groups.garage = { }; services.nginx.virtualHosts = { ${host} = { enableACME = true; forceSSL = true; serverAliases = mkHosted host buckets; locations."/".extraConfig = '' proxy_pass http://127.0.0.1:3900; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; # Disable buffering to a temporary file. proxy_max_temp_file_size 0; client_max_body_size 5G; ''; }; ${webHost} = { enableACME = true; forceSSL = true; serverAliases = domains ++ (mkHosted webHost buckets); locations."/".extraConfig = '' proxy_pass http://127.0.0.1:3902; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; ''; }; }; }