dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

nixos/object: Use local storage instead of s3
All checks were successful
CI / Check, build and cache Nix flake (push) Successful in 14m46s
Details

Browse Source
This commit is contained in:
Jack O'Sullivan 2023-11-17 22:14:19 +00:00
parent 4133ed48c5
commit 5766bdda99
5 changed files with 49 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/constants.nix
View File

@ -5,11 +5,13 @@
matrix-syncv3 = 400; matrix-syncv3 = 400;
gitea-runner = 401; gitea-runner = 401;
jellyseerr = 402; jellyseerr = 402;
atticd = 403;
}; };
gids = { gids = {
matrix-syncv3 = 400; matrix-syncv3 = 400;
gitea-runner = 401; gitea-runner = 401;
jellyseerr = 402; jellyseerr = 402;
atticd = 403;
}; };
}; };

1
nixos/boxes/colony/vms/default.nix
View File

@ -145,6 +145,7 @@
(lvmDisk "media") (lvmDisk "media")
(lvmDisk "minio") (lvmDisk "minio")
(lvmDisk "nix-atticd")
(lvmDisk "git") (lvmDisk "git")
]); ]);
}; };

34
nixos/boxes/colony/vms/shill/containers/object.nix
View File

@ -60,9 +60,23 @@ in
}; };
}; };
users = with lib.my.c.ids; let inherit (config.services.atticd) user group; in {
users."${user}" = {
isSystemUser = true;
uid = uids.atticd;
group = group;
};
groups."${user}".gid = gids.atticd;
};
systemd = { systemd = {
network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal; network.networks."80-container-host0" = networkdAssignment "host0" assignments.internal;
services = {
services =
let
awaitPostgres = systemdAwaitPostgres pkgs.postgresql "colony-psql";
in
{
minio = { minio = {
environment = { environment = {
MINIO_ROOT_USER = "minioadmin"; MINIO_ROOT_USER = "minioadmin";
@ -71,7 +85,17 @@ in
MINIO_BROWSER_REDIRECT_URL = "https://minio.nul.ie"; MINIO_BROWSER_REDIRECT_URL = "https://minio.nul.ie";
}; };
}; };
sharry = systemdAwaitPostgres pkgs.postgresql "colony-psql"; sharry = awaitPostgres;
atticd = mkMerge [
awaitPostgres
{
serviceConfig = {
# Needs to be able to access its data
DynamicUser = mkForce false;
BindPaths = [ "/mnt/atticd:/var/lib/atticd/storage" ];
};
}
];
}; };
}; };
@ -159,10 +183,8 @@ in
api-endpoint = "https://nix-cache.${pubDomain}/"; api-endpoint = "https://nix-cache.${pubDomain}/";
database = mkForce {}; # blank to pull from env database = mkForce {}; # blank to pull from env
storage = { storage = {
type = "s3"; type = "local";
region = "eu-central-1"; path = "/var/lib/atticd/storage";
bucket = "nix-attic";
endpoint = "https://s3.nul.ie";
}; };
chunking = { chunking = {
nar-size-threshold = 65536; nar-size-threshold = 65536;

6
nixos/boxes/colony/vms/shill/default.nix
View File

@ -81,6 +81,7 @@ in
fsType = "ext4"; fsType = "ext4";
neededForBoot = true; neededForBoot = true;
}; };
"/mnt/media" = { "/mnt/media" = {
device = "/dev/disk/by-label/media"; device = "/dev/disk/by-label/media";
fsType = "ext4"; fsType = "ext4";
@ -89,6 +90,10 @@ in
device = "/dev/disk/by-label/minio"; device = "/dev/disk/by-label/minio";
fsType = "xfs"; fsType = "xfs";
}; };
"/mnt/atticd" = {
device = "/dev/disk/by-label/atticd";
fsType = "ext4";
};
}; };
nix.settings = { nix.settings = {
@ -175,6 +180,7 @@ in
object = { object = {
bindMounts = { bindMounts = {
"/mnt/minio".readOnly = false; "/mnt/minio".readOnly = false;
"/mnt/atticd".readOnly = false;
}; };
}; };
toot = {}; toot = {};

29
secrets/object/atticd.env.age
View File

@ -1,19 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhrYnR2ZyBFZGRt YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IGhrYnR2ZyBWd2Fx
cjlNMnY4eDJ6enMzbjRrYk9rdk5aUlpjUFhWUXhrL0N1RFhOVnp3CmJWNzJXV3RW WlJJV2NYZkpnbUNmM1BIK241MUtNczhtbjhzNTJBb2plTG14ZFc4CnlESmNHMEJH
RGEzRTJxT01nZlIyTE84Y1poblUwa3VUUkxvK2ZUdHVFWlUKLT4gWDI1NTE5IEJn NTR0Q3ZXWTRtdlc4a1lyOHF3WHlLVlhCRnBsSG1TUzNMNnMKLT4gWDI1NTE5IFhQ
NFVUNk9mZXpUUCtRc1E2WjFhY2k1K1RpTFBLSTZpZzkrRjZEMC9nRzgKRXQvR1ZY eGF0MEdkQXBnTFVxbDRwOHQ3Nm5OTG90czRXaE8vcTdWSzM1SnlGM1kKUVA3Z1Y3
d2gwOENSN283TlpBQlU3K2pndk5vZldqUmxQczloTEhFZFlFNAotPiBYMjU1MTkg cld6MSt2dk5qMVpDd1NGWUtrd2w0OForUjlObHJKNCtiekZwVQotPiB6fS8tZ3Jl
cURjVytMNU1xUFdWcVVVL2pweXE3VUFHdkZvcVk1eUFpcEVWQkk4NkFYbwpUZkJv YXNlCmkwK2dDbkVNVmxlZXBxV2wKLS0tIEFJSHl5SGFIQUtqczRBakJlMU8vQWRM
QnlXRFZmMi8wMUFOVHhIRVUxOG9VaENrbGwwUHI5YTBzbE5oMnVJCi0+IHMtZ3Jl T2dQZUtpbkJrai9aVlJUNWkxaFUKvYcEdjxs2G+ATNCJ6mbxdyQQW11h++QLFoBg
YXNlClp4NmpRSTlOUjF2MnZnZVFaYUltNVdEZmdxSFpYK1NDVUY4TGFXRTB6KzlW EwAP1m3k5mxMTyfGhv7L0QNSAmisy8nUDm8dYkmiiN7QOnXSAUVr7Li+aNDji81f
dzBHVEs2TVdyNEpZTVU5ZktoMSsKNEtjUyttSVA5VTJoazg0ay9BCi0tLSBQbGx4 0Nz3PI1rpmj5AIJ49CN91c+iynzBIXVEeoHgap5SGAmD/SaG+MwChW96KEX9Vpsx
T3BVUmo2KzNzdFd2MmlVWHM3OUtvRTV5dm9Hc1ZtdW9KT1UrYmNRCleCUn5rMaT3 1g98+ciETPBlhF0hKtJsxSRAbjbioU6x0TwIAHAW9zmunEMSINV6MdVH+HslQpcr
1eZtb7kLC2CATBgghXRv/ao9RAal9IrqEUiaeFk6H2IS5VL2ew97Chz2Rq48NQFG /cMlE/cAuOhDzSajGu8uGfoiaQ87gAs4TXsSoFtPDvHKx9xlUImW5DjPv7Fn/Avg
WpVxdM/Uhc2mVHXhHA7tUcMkICPwRSZ/B++1CvYBfzpGq+B2rPmMKAGeIk+yGFgt CJNO7/NfzfE4bdAf8QkwDoWyLMYnlfBZyGA/ryW0YUkT
hWpssoaSMnaI58wBfT1SpNDPMm5ukQqcqb5LON/UZ4ExajNeTVEXZUJE6+cEfgrG
/1n4Jp86A0jI45/IF+kxzP8MMgQs6aZ4/iiynMubJE8D7dB51QhTfx8RMQ4zOPyT
Ak46cl7tZB+4sww7DE5sz5VXWMoEHig6qlLu0j/AonQCOMqoQj3dRiU0gfRJacu9
4TMeDiY3GS0AjIIO6ENgnsk6gCn8tZ8HOZ85a9EbOT+LVjnL3EVVSup81uquGoJf
Q6/0JkjFOWZuVJIaI2s6NFbfyA3vC1ig
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----