module(garage,awscli): Add garage and awscli module

- Add garage module.
- Enable garage module on Tytonidae.
- Add awscli module.
- Enable awscli module on Tytonidae.

home/david/configurations/Tytonidae/default.nix

@@ -33,6 +33,7 @@
       kvm.enable = true;
       atuin.enable = true;
       ion.enable = true;
+      awscli.enable = true;
     };
   };
 

home/modules/programs/awscli.nix

@@ -0,0 +1,31 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.youthlic.programs.awscli;
+in {
+  options = {
+    youthlic.programs.awscli = {
+      enable = lib.mkEnableOption "awscli";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    sops.secrets."awscli" = {};
+    programs.awscli = {
+      enable = true;
+      credentials = {
+        default = {
+          credential_process = "${lib.getExe' pkgs.uutils-coreutils-noprefix "cat"} ${config.sops.secrets.awscli.path}";
+        };
+      };
+      settings = {
+        default = {
+          region = "garage";
+          endpoint_url = "https://s3.youthlic.social";
+        };
+      };
+    };
+  };
+}

home/modules/programs/default.nix

@@ -16,5 +16,6 @@
     ./fzf.nix
     ./eza.nix
     ./ion.nix
+    ./awscli.nix
   ];
 }

nixos/configurations/Cape/default.nix

@@ -36,6 +36,10 @@
         baseDomain = "youthlic.social";
         radicle-explorer.enable = true;
         outer-wilds-text-adventure.enable = true;
+        garage = {
+          enable = true;
+          target = "100.73.250.25";
+        };
       };
       juicity.server.enable = true;
     };

nixos/configurations/Tytonidae/default.nix

@@ -55,6 +55,7 @@
       owncast.enable = true;
       wshowkeys.enable = true;
       obs.enable = true;
+      garage.enable = true;
     };
   };
 

nixos/modules/programs/caddy/default.nix

@@ -8,6 +8,7 @@ in {
   imports = [
     ./radicle-explorer.nix
     ./OuterWildsTextAdventure.nix
+    ./garage.nix
   ];
   options = {
     youthlic.programs.caddy = {

nixos/modules/programs/caddy/garage.nix

@@ -0,0 +1,32 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.youthlic.programs.caddy.garage;
+  caddy-cfg = config.youthlic.programs.caddy;
+in {
+  options = {
+    youthlic.programs.caddy.garage = {
+      enable = lib.mkEnableOption "caddy.garage";
+      target = lib.mkOption {
+        type = lib.types.str;
+        example = "127.0.0.1";
+      };
+    };
+  };
+  config = lib.mkIf (cfg.enable && caddy-cfg.enable) {
+    services.caddy.virtualHosts = {
+      "wallpaper.${caddy-cfg.baseDomain}" = {
+        extraConfig = ''
+          reverse_proxy ${cfg.target}:8494
+        '';
+      };
+      "s3.${caddy-cfg.baseDomain}" = {
+        extraConfig = ''
+          reverse_proxy ${cfg.target}:8491
+        '';
+      };
+    };
+  };
+}

nixos/modules/programs/default.nix

@@ -28,5 +28,6 @@
     ./bash.nix
     ./obs.nix
     ./sudo-rs.nix
+    ./garage.nix
   ];
 }

nixos/modules/programs/garage.nix

@@ -0,0 +1,45 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}: let
+  cfg = config.youthlic.programs.garage;
+in {
+  options = {
+    youthlic.programs.garage = {
+      enable = lib.mkEnableOption "garage";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    sops.secrets."garage" = {
+    };
+    services.garage = {
+      enable = true;
+      package = pkgs.garage_2;
+      environmentFile = config.sops.secrets."garage".path;
+      settings = {
+        replication_factor = 1;
+        db_engine = "sqlite";
+        rpc_bind_addr = "[::]:8490";
+        use_local_tz = true;
+        allow_punycode = true;
+        s3_api = {
+          s3_region = "garage";
+          api_bind_addr = "[::]:8491";
+          root_domain = ".s3.youthlic.social";
+        };
+        s3_web = {
+          root_domain = ".youthlic.social";
+          bind_addr = "[::]:8494";
+        };
+        k2v_api = {
+          api_bind_addr = "[::]:8493";
+        };
+        admin = {
+          api_bind_addr = "127.0.0.1:8492";
+        };
+      };
+    };
+  };
+}

secrets/general.yaml

@@ -1,3 +1,5 @@
+awscli: ENC[AES256_GCM,data:YoeIPrKEMvjMrF/obs08hqnsVIPO1ojBKQpb+XapH20Rzo1Cw1ytIMf+MMcDLuZqvI8SeEqs0EtjBqqzqA0RvDVOGHWurQlC67MInkDdpN/p5xwTbAQgtv/dV6fKYySQgqG2LaKh6hEPKqNeT0TTW7e7Dd5TbA6em5YppPrKtmJK/8KDyTbCrrBo68bUZUV+WBiu055qXTm3ZA==,iv:d5c1imjlZGRWjrxJS1ibNucwZxoW7nHIXFnlEP51aOo=,tag:OQN5cKd7AqXk+lBqJ6eF+g==,type:str]
+garage: ENC[AES256_GCM,data:KEcOZUNa8aBKpp/m1xUZeNdZ4WABC0FnhN3x9hlof3sI0mj8Hm1NZabUgDpiYZPaCuvFwAN+P1cNXkT6DMtEyLeLDfNjuVpFMENAsPSVrBAiRvGhqpuYWjyPboDV/qHc1EnIPO73z7O6tbDfTGze42dIIlROGUtwlr78DCSWZZIR82dDQkcQkik7lc3soAnsYKdEd/93bs8EJPLlOdmmBfV79binI+8VchT/pYhypnaMqxHCK1FOfIo31Fn7Ym6Oqp9T0w+uA4Lkh03RlhWo0oAUbbY=,iv:NtaAeX3td8tEIDoLybjtB8azsHj6JsTw4WPD5jQHaHs=,tag:XqGDWf5+RkCseExHPiszNw==,type:str]
 minio: ENC[AES256_GCM,data:rJRE7HAI3t3CFn08mVe3t9slBGJMH2Jzzsrlbs2jkj+5fn3412NqVB8JheVy3+zrTd+09M1uJFZpeWcOkUw=,iv:x+JUOhYkXqLwNOuT5ZZ8JaX+spM/h0zszwun5kF0U3o=,tag:SyscCkZc78PsLAHIyLQ3QQ==,type:str]
 rustypaste:
     auth: ENC[AES256_GCM,data:DORM12zY0wQQxqBNFYG3oYodhevUJXNjdqJcnyOnuPnZQIsUdEtm4TyNHokUKYoc30s8c6INOFoAB+7210y0dQE3hfg=,iv:Kms90lNPaL5fvQjD31+DZGJf+YQU/tTGLTxrqkvsbDY=,tag:5voNZlwGf2adVQoVqgyRqA==,type:str]
@@ -54,7 +56,7 @@ sops:
             a1Y1NU9CK2h1SS83VW42bzBMa01yMXMKI1DBtgNlkNCrxUQvnD6a45mQKNfg5gM4
             Zb5buo9Jofj4dn/HFwng3T3gxKTrP2Dh74CAH4L0M5yrF9fzk5TCcQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-06-30T16:32:22Z"
+    lastmodified: "2025-07-03T21:52:43Z"
-    mac: ENC[AES256_GCM,data:UwwvC6a6RRp5ALYhuJyCsRl5NSM8DUnLGsVRPF0Gj43aoMqFAGWioqAaGLhkY2Wdg24rSAKGEBKYL6LHG1ckS/AlCl4QhkuobvkbhWtquCuKQqCn9UfGB6KqKjz7SA74W7OYINkGsPJOLMdIKThbrnFc7WoOjnQw6dlUgyxS32I=,iv:XIivVoeuXyT2CgjfQUMo3dj9jMSGv7KQ9w8zdFBJEPw=,tag:tV9kP8cDpqjtYY7PRifY5Q==,type:str]
+    mac: ENC[AES256_GCM,data:i9I6MZQKqxll4n4puhZ/wqnOFL/9Nvhlyh017bz1S+VApqKLmkf+Rd3LpjV8nAdWpwD3T+sL4VL2OQKN3hofKWo19QZNt1H2YGXNSb3Y6OqG15M5fDCglziWlxu+BIr/sG6NmwPnnlEXfb9qVvSAHjl0OzZyPm7IXxH/IbJITTI=,iv:L178iYVRCBca2yBF7OdDbVt5DBpf6l/H2MIcjxXpzFY=,tag:+v/kj/lLjeVGkt1xiJqZtQ==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2