diff --git a/newinfra/nix/hive.nix b/newinfra/nix/hive.nix index 8bee4c5..09bd1ef 100644 --- a/newinfra/nix/hive.nix +++ b/newinfra/nix/hive.nix @@ -160,6 +160,7 @@ ./modules/contabo ./modules/wg-mesh ./modules/ingress + ./modules/garage ]; deployment.tags = [ "eu" "apps" "wg" ]; @@ -170,6 +171,7 @@ (modulesPath + "/profiles/qemu-guest.nix") ./modules/ingress ./modules/wg-mesh + ./modules/garage ]; deployment.tags = [ "eu" "apps" "hetzner" ]; @@ -219,6 +221,7 @@ ./modules/contabo ./modules/ingress ./modules/wg-mesh + ./modules/garage ]; deployment.tags = [ "eu" "apps" "wg" ]; diff --git a/newinfra/nix/modules/garage/README.md b/newinfra/nix/modules/garage/README.md new file mode 100644 index 0000000..d049bb4 --- /dev/null +++ b/newinfra/nix/modules/garage/README.md @@ -0,0 +1,13 @@ +# garage + +## layout + +- co-ka -> Contabo Karlsruhe +- co-du -> Contabo Düsseldorf +- he-nu -> Hetzner Nürnberg + +| name | disk space | identifier | zone | +| ---- | ---------- | ---------- | ----- | +| vps3 | 100GB | 020bd | co-ka | +| vps4 | 30GB | 41e40 | he-nu | +| vps5 | 100GB | 848d8 | co-du | diff --git a/newinfra/nix/modules/garage/default.nix b/newinfra/nix/modules/garage/default.nix new file mode 100644 index 0000000..80a15ae --- /dev/null +++ b/newinfra/nix/modules/garage/default.nix @@ -0,0 +1,42 @@ +{ config, pkgs, name, ... }: { + age.secrets.garage_secrets.file = ../../secrets/garage_secrets.age; + + networking.firewall.interfaces.wg0.allowedTCPPorts = [ 3901 ]; + + services.garage = { + enable = true; + package = pkgs.garage_1_0_0; + settings = { + metadata_dir = "/var/lib/garage/meta"; + data_dir = "/var/lib/garage/data"; + db_engine = "sqlite"; + metadata_auto_snapshot_interval = "6h"; + + replication_factor = 3; + + # arbitrary, but a bit higher as disk space matters more than time. she says, cluelessly. + compression-level = 5; + + rpc_bind_addr = "[::]:3901"; + rpc_public_addr = "${name}.local:3901"; + + s3_api = { + s3_region = "garage"; + api_bind_addr = "[::]:3900"; + root_domain = ".s3.garage.localhost"; + }; + + s3_web = { + bind_addr = "[::]:3902"; + root_domain = ".web.garage.localhost"; + index = "index.html"; + }; + + admin = { + api_bind_addr = "[::]:3903"; + }; + }; + environmentFile = config.age.secrets.garage_secrets.path; + }; +} + diff --git a/newinfra/nix/secrets/docker_registry_password.age b/newinfra/nix/secrets/docker_registry_password.age index 2e36b9f..49979e7 100644 --- a/newinfra/nix/secrets/docker_registry_password.age +++ b/newinfra/nix/secrets/docker_registry_password.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 qM6TYg lW7MJ/iW+nvXMk984BZjeEojIbqDojP1y6w0sRkQpzM -5t7qrvWDhmIfs0F2Av1kkq0zB9LMiHG1uM9G73KjgY8 ---- BrrUNOV8vvacVsORvb5tnuoZENT8dvSv9ZQPKDY2cbA -YE@u6ZX_BSnj0i97hCySlH{ i \ No newline at end of file +-> ssh-ed25519 qM6TYg ciJZbD4GUbcVmy6rikyd1kwSJCsBv3itB51s73srmhA +/Z8BXxEbeZgzZZ+EYLbi39LIu1Wxq0xjkCaFn3KhoW0 +--- DaLt8rTk6Sng6r8D0mUjP1MMb+NxCa6gYUJ9LLNFGo0 +xbV0)<ˉbz R̙#[,30)E7] \ No newline at end of file diff --git a/newinfra/nix/secrets/garage_secrets.age b/newinfra/nix/secrets/garage_secrets.age new file mode 100644 index 0000000..4535b10 Binary files /dev/null and b/newinfra/nix/secrets/garage_secrets.age differ diff --git a/newinfra/nix/secrets/hugochat_db_password.age b/newinfra/nix/secrets/hugochat_db_password.age index f819d6b..17b2709 100644 Binary files a/newinfra/nix/secrets/hugochat_db_password.age and b/newinfra/nix/secrets/hugochat_db_password.age differ diff --git a/newinfra/nix/secrets/minio_env_file.age b/newinfra/nix/secrets/minio_env_file.age index 0998fdb..e257c84 100644 Binary files a/newinfra/nix/secrets/minio_env_file.age and b/newinfra/nix/secrets/minio_env_file.age differ diff --git a/newinfra/nix/secrets/secrets.nix b/newinfra/nix/secrets/secrets.nix index 355ed1d..174ab60 100644 --- a/newinfra/nix/secrets/secrets.nix +++ b/newinfra/nix/secrets/secrets.nix @@ -10,6 +10,7 @@ in "docker_registry_password.age".publicKeys = [ vps1 ]; "hugochat_db_password.age".publicKeys = [ vps1 ]; "minio_env_file.age".publicKeys = [ vps1 vps3 ]; + "garage_secrets.age".publicKeys = [ vps1 vps3 vps4 vps5 ]; "wg_private_vps1.age".publicKeys = [ vps1 ]; "wg_private_vps3.age".publicKeys = [ vps3 ]; "wg_private_vps4.age".publicKeys = [ vps4 ]; diff --git a/newinfra/nix/secrets/wg_private_vps1.age b/newinfra/nix/secrets/wg_private_vps1.age index 3e85a7a..07c8d4f 100644 --- a/newinfra/nix/secrets/wg_private_vps1.age +++ b/newinfra/nix/secrets/wg_private_vps1.age @@ -1,6 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 qM6TYg rz0Ls6JosajC8Fuw/rZ0bnC5pAvBhZbmiSwFx/cbszo -Vo8rHTcmj4b3bX//nA/2PaGHNnuD22JddB7ZujNlNb8 ---- SZh6zAv94lZUhWuq4dOdh1nrjI8Ryq0mwtyqLxIx6YU -s3>4M ssh-ed25519 qM6TYg Q5X+l2POBANoYyo8HNMy89MLtpodzzN9prnQY71mSTE +X3MJesW3kfHCfCyvaWm22mOI8vSgP7JWlLugCXtiy+U +--- ZH3UZFDfQwZ+DIF3yFADfBKEv2K6k9DTCh5wLVnyaTs +i,1Ff [_+[ !>)ep'YAWg <^= (B)~eG \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps3.age b/newinfra/nix/secrets/wg_private_vps3.age index e6f2fc7..12dbf45 100644 --- a/newinfra/nix/secrets/wg_private_vps3.age +++ b/newinfra/nix/secrets/wg_private_vps3.age @@ -1,6 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 XzACZQ 2stObavGIOgxEB1ugSCc1wR4cUfx5qOF8OZeqo+VOWo -pM8j9mTorFEsDHlmxhlzRqYWLoF1mE1H+oLy5rnNLig ---- FL5+Ok2A5ueUZ2a10VbbwNPUU9egbE2kYTl9uJFq3IU -` 7W3΢+,> ۍ@U_AQ &rV -EΓ=51' hN~ȝ3je  \ No newline at end of file +-> ssh-ed25519 XzACZQ nsIkJQw/lrrXChkpFc87upQ4pbGefolI36wqMOWZGAE +t49QoSdb2azGQlDBX5AyWMxCOt+ETpT7erp4WU5p2rQ +--- 4UbCHfpAfwiuRYsiN3HgdhbSLFBG05DxGCw55XT1IGg +Y Ǝ 2Rs Q4d I.KpPFthaɍRX \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps4.age b/newinfra/nix/secrets/wg_private_vps4.age index c31183a..c019915 100644 --- a/newinfra/nix/secrets/wg_private_vps4.age +++ b/newinfra/nix/secrets/wg_private_vps4.age @@ -1,5 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 51bcvA XKsa9hdh/Kte1Ywd4E2u7WrZdIiJYK6DiH5j8Dy7nFA -h4pernMl+nyhX75/OimLhW+AS2Jk2s63uEOxK8vUqCY ---- Mm1KWNxwJt2aei0pMk5Jhol5xTm89nG5wMlNg2wJG7g -[x D]m5 էOhM#EN2J{kZNhzqBœ'C84;P^7%+ \ No newline at end of file +-> ssh-ed25519 51bcvA 9dYzUZSs/ilKHHRiuMgT6GEbtyBwWHAl8ycBcsvTQz0 +iq0ozCU1p1sekOH4qbxKxWezY2pyVM6LjhUuNpmTQx0 +--- wjCRFJISrIrpgosh7ZBNM1qR78BPmhVBBwFpaQc10oA +a~ue?'iIl C"w:\R) (.ե%*>p"uy4s>2 \ No newline at end of file diff --git a/newinfra/nix/secrets/wg_private_vps5.age b/newinfra/nix/secrets/wg_private_vps5.age index 9fdef5a..ad4e00a 100644 Binary files a/newinfra/nix/secrets/wg_private_vps5.age and b/newinfra/nix/secrets/wg_private_vps5.age differ diff --git a/newinfra/nix/secrets/widetom_bot_token.age b/newinfra/nix/secrets/widetom_bot_token.age index 811d2e4..7a4f13c 100644 --- a/newinfra/nix/secrets/widetom_bot_token.age +++ b/newinfra/nix/secrets/widetom_bot_token.age @@ -1,6 +1,5 @@ age-encryption.org/v1 --> ssh-ed25519 qM6TYg wxaRumhsa+QRSzwuWtJnpBoUPIBJLYsX9BUBHUFYMA0 -cnSJ3IgH2wysx74eXjYLKWmkouUJ0MsAOwK6OpsSGPs ---- wYwjkEfkR859+/qp9uneByt6H8f/6bR7qbOK1EXC2kE -8%{bW.K! փgP#mi0zR^{ok<] -*G*h+áyxcӸzxwmj)  \ No newline at end of file +-> ssh-ed25519 qM6TYg ba85KijEoTsymy3hJMqIKL93ESg8VI13gumBGwL+sw0 +aC8TyOMuycKOApJmqfPwIxiNjPya/Q8a9YwzwHwZsUU +--- 5wE3LD5eotZBVFnIzqEULhghAmwOiu5xL5Q/fM0gYck +c'\ ϼOTH-2zhU74$7kW{S{&β\sĊ[1yB)C[viV{xO \ No newline at end of file diff --git a/newinfra/nix/secrets/widetom_config_toml.age b/newinfra/nix/secrets/widetom_config_toml.age index adf61a3..4d6b7a4 100644 Binary files a/newinfra/nix/secrets/widetom_config_toml.age and b/newinfra/nix/secrets/widetom_config_toml.age differ diff --git a/newinfra/secrets-git-crypt/garage_secrets b/newinfra/secrets-git-crypt/garage_secrets new file mode 100644 index 0000000..428cb5a Binary files /dev/null and b/newinfra/secrets-git-crypt/garage_secrets differ