From bebfd63f40577e32b76b596c2ee79936c15b7697 Mon Sep 17 00:00:00 2001 From: ulic-youthlic Date: Mon, 2 Jun 2025 19:34:47 +0800 Subject: [PATCH] module(garage,awscli): Add garage and awscli module - Add garage module. - Enable garage module on Tytonidae. - Add awscli module. - Enable awscli module on Tytonidae. --- .../configurations/Tytonidae/default.nix | 1 + home/modules/programs/awscli.nix | 31 +++++++++++++ home/modules/programs/default.nix | 1 + nixos/configurations/Cape/default.nix | 4 ++ nixos/configurations/Tytonidae/default.nix | 1 + nixos/modules/programs/caddy/default.nix | 1 + nixos/modules/programs/caddy/garage.nix | 32 +++++++++++++ nixos/modules/programs/default.nix | 1 + nixos/modules/programs/garage.nix | 45 +++++++++++++++++++ secrets/general.yaml | 6 ++- 10 files changed, 121 insertions(+), 2 deletions(-) create mode 100644 home/modules/programs/awscli.nix create mode 100644 nixos/modules/programs/caddy/garage.nix create mode 100644 nixos/modules/programs/garage.nix diff --git a/home/david/configurations/Tytonidae/default.nix b/home/david/configurations/Tytonidae/default.nix index c658d39..82befcf 100644 --- a/home/david/configurations/Tytonidae/default.nix +++ b/home/david/configurations/Tytonidae/default.nix @@ -33,6 +33,7 @@ kvm.enable = true; atuin.enable = true; ion.enable = true; + awscli.enable = true; }; }; diff --git a/home/modules/programs/awscli.nix b/home/modules/programs/awscli.nix new file mode 100644 index 0000000..6bb50d4 --- /dev/null +++ b/home/modules/programs/awscli.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.youthlic.programs.awscli; +in { + options = { + youthlic.programs.awscli = { + enable = lib.mkEnableOption "awscli"; + }; + }; + config = lib.mkIf cfg.enable { + sops.secrets."awscli" = {}; + programs.awscli = { + enable = true; + credentials = { + default = { + credential_process = "${lib.getExe' pkgs.uutils-coreutils-noprefix "cat"} ${config.sops.secrets.awscli.path}"; + }; + }; + settings = { + default = { + region = "garage"; + endpoint_url = "https://s3.youthlic.social"; + }; + }; + }; + }; +} diff --git a/home/modules/programs/default.nix b/home/modules/programs/default.nix index 69643b2..85ccc78 100644 --- a/home/modules/programs/default.nix +++ b/home/modules/programs/default.nix @@ -16,5 +16,6 @@ ./fzf.nix ./eza.nix ./ion.nix + ./awscli.nix ]; } diff --git a/nixos/configurations/Cape/default.nix b/nixos/configurations/Cape/default.nix index 61b802a..fea157b 100644 --- a/nixos/configurations/Cape/default.nix +++ b/nixos/configurations/Cape/default.nix @@ -36,6 +36,10 @@ baseDomain = "youthlic.social"; radicle-explorer.enable = true; outer-wilds-text-adventure.enable = true; + garage = { + enable = true; + target = "100.73.250.25"; + }; }; juicity.server.enable = true; }; diff --git a/nixos/configurations/Tytonidae/default.nix b/nixos/configurations/Tytonidae/default.nix index d96f82d..7ad5a7b 100644 --- a/nixos/configurations/Tytonidae/default.nix +++ b/nixos/configurations/Tytonidae/default.nix @@ -55,6 +55,7 @@ owncast.enable = true; wshowkeys.enable = true; obs.enable = true; + garage.enable = true; }; }; diff --git a/nixos/modules/programs/caddy/default.nix b/nixos/modules/programs/caddy/default.nix index 9fea8d2..efa3eb5 100644 --- a/nixos/modules/programs/caddy/default.nix +++ b/nixos/modules/programs/caddy/default.nix @@ -8,6 +8,7 @@ in { imports = [ ./radicle-explorer.nix ./OuterWildsTextAdventure.nix + ./garage.nix ]; options = { youthlic.programs.caddy = { diff --git a/nixos/modules/programs/caddy/garage.nix b/nixos/modules/programs/caddy/garage.nix new file mode 100644 index 0000000..02e56e5 --- /dev/null +++ b/nixos/modules/programs/caddy/garage.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + ... +}: let + cfg = config.youthlic.programs.caddy.garage; + caddy-cfg = config.youthlic.programs.caddy; +in { + options = { + youthlic.programs.caddy.garage = { + enable = lib.mkEnableOption "caddy.garage"; + target = lib.mkOption { + type = lib.types.str; + example = "127.0.0.1"; + }; + }; + }; + config = lib.mkIf (cfg.enable && caddy-cfg.enable) { + services.caddy.virtualHosts = { + "wallpaper.${caddy-cfg.baseDomain}" = { + extraConfig = '' + reverse_proxy ${cfg.target}:8494 + ''; + }; + "s3.${caddy-cfg.baseDomain}" = { + extraConfig = '' + reverse_proxy ${cfg.target}:8491 + ''; + }; + }; + }; +} diff --git a/nixos/modules/programs/default.nix b/nixos/modules/programs/default.nix index b07ed8c..881cadf 100644 --- a/nixos/modules/programs/default.nix +++ b/nixos/modules/programs/default.nix @@ -28,5 +28,6 @@ ./bash.nix ./obs.nix ./sudo-rs.nix + ./garage.nix ]; } diff --git a/nixos/modules/programs/garage.nix b/nixos/modules/programs/garage.nix new file mode 100644 index 0000000..6055408 --- /dev/null +++ b/nixos/modules/programs/garage.nix @@ -0,0 +1,45 @@ +{ + pkgs, + lib, + config, + ... +}: let + cfg = config.youthlic.programs.garage; +in { + options = { + youthlic.programs.garage = { + enable = lib.mkEnableOption "garage"; + }; + }; + config = lib.mkIf cfg.enable { + sops.secrets."garage" = { + }; + services.garage = { + enable = true; + package = pkgs.garage_2; + environmentFile = config.sops.secrets."garage".path; + settings = { + replication_factor = 1; + db_engine = "sqlite"; + rpc_bind_addr = "[::]:8490"; + use_local_tz = true; + allow_punycode = true; + s3_api = { + s3_region = "garage"; + api_bind_addr = "[::]:8491"; + root_domain = ".s3.youthlic.social"; + }; + s3_web = { + root_domain = ".youthlic.social"; + bind_addr = "[::]:8494"; + }; + k2v_api = { + api_bind_addr = "[::]:8493"; + }; + admin = { + api_bind_addr = "127.0.0.1:8492"; + }; + }; + }; + }; +} diff --git a/secrets/general.yaml b/secrets/general.yaml index 1bf8002..cb71ba1 100644 --- a/secrets/general.yaml +++ b/secrets/general.yaml @@ -1,3 +1,5 @@ +awscli: ENC[AES256_GCM,data:YoeIPrKEMvjMrF/obs08hqnsVIPO1ojBKQpb+XapH20Rzo1Cw1ytIMf+MMcDLuZqvI8SeEqs0EtjBqqzqA0RvDVOGHWurQlC67MInkDdpN/p5xwTbAQgtv/dV6fKYySQgqG2LaKh6hEPKqNeT0TTW7e7Dd5TbA6em5YppPrKtmJK/8KDyTbCrrBo68bUZUV+WBiu055qXTm3ZA==,iv:d5c1imjlZGRWjrxJS1ibNucwZxoW7nHIXFnlEP51aOo=,tag:OQN5cKd7AqXk+lBqJ6eF+g==,type:str] +garage: ENC[AES256_GCM,data:KEcOZUNa8aBKpp/m1xUZeNdZ4WABC0FnhN3x9hlof3sI0mj8Hm1NZabUgDpiYZPaCuvFwAN+P1cNXkT6DMtEyLeLDfNjuVpFMENAsPSVrBAiRvGhqpuYWjyPboDV/qHc1EnIPO73z7O6tbDfTGze42dIIlROGUtwlr78DCSWZZIR82dDQkcQkik7lc3soAnsYKdEd/93bs8EJPLlOdmmBfV79binI+8VchT/pYhypnaMqxHCK1FOfIo31Fn7Ym6Oqp9T0w+uA4Lkh03RlhWo0oAUbbY=,iv:NtaAeX3td8tEIDoLybjtB8azsHj6JsTw4WPD5jQHaHs=,tag:XqGDWf5+RkCseExHPiszNw==,type:str] minio: ENC[AES256_GCM,data:rJRE7HAI3t3CFn08mVe3t9slBGJMH2Jzzsrlbs2jkj+5fn3412NqVB8JheVy3+zrTd+09M1uJFZpeWcOkUw=,iv:x+JUOhYkXqLwNOuT5ZZ8JaX+spM/h0zszwun5kF0U3o=,tag:SyscCkZc78PsLAHIyLQ3QQ==,type:str] rustypaste: auth: ENC[AES256_GCM,data:DORM12zY0wQQxqBNFYG3oYodhevUJXNjdqJcnyOnuPnZQIsUdEtm4TyNHokUKYoc30s8c6INOFoAB+7210y0dQE3hfg=,iv:Kms90lNPaL5fvQjD31+DZGJf+YQU/tTGLTxrqkvsbDY=,tag:5voNZlwGf2adVQoVqgyRqA==,type:str] @@ -54,7 +56,7 @@ sops: a1Y1NU9CK2h1SS83VW42bzBMa01yMXMKI1DBtgNlkNCrxUQvnD6a45mQKNfg5gM4 Zb5buo9Jofj4dn/HFwng3T3gxKTrP2Dh74CAH4L0M5yrF9fzk5TCcQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-06-30T16:32:22Z" - mac: ENC[AES256_GCM,data:UwwvC6a6RRp5ALYhuJyCsRl5NSM8DUnLGsVRPF0Gj43aoMqFAGWioqAaGLhkY2Wdg24rSAKGEBKYL6LHG1ckS/AlCl4QhkuobvkbhWtquCuKQqCn9UfGB6KqKjz7SA74W7OYINkGsPJOLMdIKThbrnFc7WoOjnQw6dlUgyxS32I=,iv:XIivVoeuXyT2CgjfQUMo3dj9jMSGv7KQ9w8zdFBJEPw=,tag:tV9kP8cDpqjtYY7PRifY5Q==,type:str] + lastmodified: "2025-07-03T21:52:43Z" + mac: ENC[AES256_GCM,data:i9I6MZQKqxll4n4puhZ/wqnOFL/9Nvhlyh017bz1S+VApqKLmkf+Rd3LpjV8nAdWpwD3T+sL4VL2OQKN3hofKWo19QZNt1H2YGXNSb3Y6OqG15M5fDCglziWlxu+BIr/sG6NmwPnnlEXfb9qVvSAHjl0OzZyPm7IXxH/IbJITTI=,iv:L178iYVRCBca2yBF7OdDbVt5DBpf6l/H2MIcjxXpzFY=,tag:+v/kj/lLjeVGkt1xiJqZtQ==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2