diff --git a/flake.lock b/flake.lock index 9377408..a61962e 100644 --- a/flake.lock +++ b/flake.lock @@ -109,6 +109,21 @@ "type": "github" } }, + "flake-utils_3": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager-stable": { "inputs": { "nixpkgs": [ @@ -239,7 +254,30 @@ "nixpkgs-mine": "nixpkgs-mine", "nixpkgs-mine-stable": "nixpkgs-mine-stable", "nixpkgs-stable": "nixpkgs-stable", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs-unstable": "nixpkgs-unstable", + "sharry": "sharry" + } + }, + "sharry": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "nixpkgs-unstable" + ] + }, + "locked": { + "lastModified": 1668965316, + "narHash": "sha256-ZIVZBbLhn40A29iF75H/g5N8OuZo9e6OQPZLmstVLvQ=", + "owner": "devplayer0", + "repo": "sharry", + "rev": "a539318cebdeb82bb47100ff4288764d0e6014a8", + "type": "github" + }, + "original": { + "owner": "devplayer0", + "ref": "nix-module-improvements", + "repo": "sharry", + "type": "github" } }, "utils": { diff --git a/flake.nix b/flake.nix index e9040f5..8b7007b 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,10 @@ # Stuff used by systems #impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:devplayer0/impermanence/qemu-vm-dirs"; + + # Packages not in nixpkgs + sharry.url = "github:devplayer0/sharry/nix-module-improvements"; + sharry.inputs.nixpkgs.follows = "nixpkgs-unstable"; }; outputs = diff --git a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix index ac816d4..7660fce 100644 --- a/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix +++ b/nixos/boxes/colony/vms/shill/containers/middleman/vhosts.nix @@ -357,6 +357,15 @@ in ]; useACMEHost = lib.my.pubDomain; }; + + "share.${lib.my.pubDomain}" = { + locations."/" = { + proxyPass = "http://object-ctr.${config.networking.domain}:9090"; + proxyWebsockets = true; + extraConfig = lib.my.nginx.proxyHeaders; + }; + useACMEHost = lib.my.pubDomain; + }; }; minio = diff --git a/nixos/boxes/colony/vms/shill/containers/object.nix b/nixos/boxes/colony/vms/shill/containers/object.nix index c3c7d5d..67f8efa 100644 --- a/nixos/boxes/colony/vms/shill/containers/object.nix +++ b/nixos/boxes/colony/vms/shill/containers/object.nix @@ -29,11 +29,17 @@ secrets = { key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdHbZErWLmTPO/aEWB1Fup/aGMf31Un5Wk66FJwTz/8"; - files."minio.env" = {}; + files = { + "object/minio.env" = {}; + "object/sharry.conf" = { + owner = "sharry"; + group = "sharry"; + }; + }; }; firewall = { - tcp.allowed = [ 9000 9001 ]; + tcp.allowed = [ 9000 9001 config.services.sharry.config.bind.port ]; }; }; @@ -56,9 +62,69 @@ enable = true; region = "eu-central-1"; browser = true; - rootCredentialsFile = config.age.secrets."minio.env".path; + rootCredentialsFile = config.age.secrets."object/minio.env".path; dataDir = [ "/mnt/minio" ]; }; + + sharry = { + enable = true; + configOverridesFile = config.age.secrets."object/sharry.conf".path; + + config = { + base-url = "https://share.${lib.my.pubDomain}"; + bind.address = "[::]"; + alias-member-enabled = true; + webapp = { + chunk-size = "64M"; + }; + backend = { + auth = { + fixed = { + enabled = true; + user = "dev"; + }; + internal = { + enabled = true; + order = 50; + }; + }; + jdbc = { + url = "jdbc:postgresql://colony-psql:5432/sharry"; + user = "sharry"; + }; + files = { + default-store = "minio"; + stores = { + database.enabled = false; + minio = { + enabled = true; + type = "s3"; + endpoint = "https://s3.nul.ie"; + access-key = "share"; + bucket = "share"; + }; + }; + }; + compute-checksum.parallel = 4; + signup.mode = "invite"; + share = { + max-size = "128G"; + max-validity = "3650 days"; + }; + mail = { + enabled = true; + smtp = { + host = "mail.nul.ie"; + port = 587; + user = "sharry@nul.ie"; + ssl-type = "starttls"; + default-from = "Sharry "; + timeout = "30 seconds"; + }; + }; + }; + }; + }; }; } (mkIf config.my.build.isDevVM { @@ -66,6 +132,7 @@ forwardPorts = [ { from = "host"; host.port = 9000; guest.port = 9000; } { from = "host"; host.port = 9001; guest.port = 9001; } + { from = "host"; guest.port = config.services.sharry.config.bind.port; } ]; }; }) diff --git a/nixos/modules/common.nix b/nixos/modules/common.nix index c732a11..b97a495 100644 --- a/nixos/modules/common.nix +++ b/nixos/modules/common.nix @@ -17,6 +17,7 @@ in imports = [ inputs.impermanence.nixosModule inputs.agenix.nixosModules.age + inputs.sharry.nixosModules.default ]; config = mkMerge [ @@ -71,6 +72,7 @@ in nixpkgs = { overlays = [ inputs.deploy-rs.overlay + inputs.sharry.overlays.default ]; config = { allowUnfree = true; diff --git a/secrets/minio.env.age b/secrets/object/minio.env.age similarity index 100% rename from secrets/minio.env.age rename to secrets/object/minio.env.age diff --git a/secrets/object/sharry.conf.age b/secrets/object/sharry.conf.age new file mode 100644 index 0000000..e722c6c Binary files /dev/null and b/secrets/object/sharry.conf.age differ