{ self, config, lib, pkgs, ... }: with self.lib.nginx; { services.garage = { enable = true; package = pkgs.garage_2; settings = { replication_factor = 3; consistency_mode = "consistent"; metadata_dir = "/var/lib/garage/meta"; data_dir = "/var/lib/garage/data"; db_engine = "lmdb"; compression_level = 2; rpc_bind_addr = "${config.wireguard.v4.address}:3901"; rpc_public_addr = "${config.wireguard.v4.address}:3901"; rpc_secret = "37e1edc5a5eefb8901ca314bcfbd21cb803fbfb0a780b80a547fddf641284503"; bootstrap_peers = [ ]; admin = { api_bind_addr = "${config.wireguard.v4.address}:3903"; }; s3_api = { s3_region = "cdn"; api_bind_addr = "127.0.0.1:3900"; root_domain = "s3.vapor.systems"; }; s3_web = { bind_addr = "127.0.0.1:3902"; root_domain = "web.vapor.systems"; index = "index.html"; }; }; }; security.acme.certs = { "vapor.systems" = { extraDomainNames = [ "*.vapor.systems" ]; }; "gnulag.net" = { extraDomainNames = [ "*.gnulag.net" ]; }; # "linuxmasterrace.org" = { # extraDomainNames = [ "*.linuxmasterrace.org" ]; # }; }; services.nginx = { enable = true; virtualHosts = { "s3.vapor.systems" = (proxyDomain "vapor.systems" "http://127.0.0.1:3900/"); "web.vapor.systems" = (proxyDomain "vapor.systems" "http://127.0.0.1:3902/"); "gnulag.net" = (proxyDomain "gnulag.net" "http://127.0.0.1:3902/"); "cdn.vapor.systems" = { forceSSL = true; useACMEHost = "vapor.systems"; locations."/" = { proxyPass = "http://127.0.0.1:3902/"; extraConfig = '' proxy_pass_header Authorization; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header Upgrade $http_upgrade; add_header 'access-control-allow-origin' '*'; ''; }; }; }; }; }