gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add minio+cockroachdb

Browse source
This commit is contained in:
Kat Inskip 2022-10-06 09:06:17 -07:00
parent bdd402ffeb
commit 2d615951a2
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
11 changed files with 121 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

41
services/minio.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, lib, ... }: let
import (lib.modules) mkIf mkDefault;
cfg = config.services.minio;
in {
options.services.minio.isNAS = mkEnableFunction "NAS lack of defaults";
config = {
secrets = {
variables = mapAttrs' (name: value: nameValuePair "minio-${name}-key" value) (genAttrs ["access" "secret"] (name: {
path = "gensokyo/minio";
field = "${name}-key";
}));
};
files = {
minio-root-credentials = {
text = ''
MINIO_ROOT_USER=${tf.variables.minio-access-key.ref}
MINIO_ROOT_PASSWORD=${tf.variables.minio-secret-key.ref}
'';
owner = "minio";
group = "minio";
};
};
};
systemd.tmpfiles.rules = mkIf !cfg.isNAS ''
v /minio 700 minio minio
'';
services = {
minio = {
region = config.services.cockroachdb.locality;
enable = true;
dataDir = lib.optional !cfg.isNAS "/minio";
listenAddress = "${config.networks.tailscale.ipv4}:9000";
consoleAddress = "${config.networks.tailcale.ipv4}:9001";
rootCredentialsFile = config.secrets.files.minio-root-credentials.path;
};
};
};
}