aboutsummaryrefslogtreecommitdiff
path: root/modules/garage/default.nix
blob: 4395299a89f2a24c49f2ad311ca16f1912d22f3c (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85

{
  self,
  config,
  lib,
  pkgs,
  ...
}:

with self.lib.nginx;
{
  services.garage = {
    enable = true;
    package = pkgs.garage_2;
    settings = {
      replication_factor = 3;
      consistency_mode = "consistent";
      metadata_dir = "/var/lib/garage/meta";
      data_dir = "/var/lib/garage/data";
      db_engine = "lmdb";

      compression_level = 2;

      rpc_bind_addr = "${config.wireguard.v4.address}:3901";
      rpc_public_addr = "${config.wireguard.v4.address}:3901";
      rpc_secret = "37e1edc5a5eefb8901ca314bcfbd21cb803fbfb0a780b80a547fddf641284503";

      bootstrap_peers = [ ];

      admin = {
        api_bind_addr = "${config.wireguard.v4.address}:3903";
      };

      s3_api = {
        s3_region = "cdn";
        api_bind_addr = "127.0.0.1:3900";
        root_domain = "s3.vapor.systems";
      };

      s3_web = {
        bind_addr = "127.0.0.1:3902";
        root_domain = "web.vapor.systems";
        index = "index.html";
      };
    };
  };

  security.acme.certs = {
    "vapor.systems" = {
      extraDomainNames = [ "*.vapor.systems" ];
    };
    "gnulag.net" = {
      extraDomainNames = [ "*.gnulag.net" ];
    };
    # "linuxmasterrace.org" = {
    #   extraDomainNames = [ "*.linuxmasterrace.org" ];
    # };
  };

  services.nginx = {
    enable = true;
    virtualHosts = {
      "s3.vapor.systems" = (proxyDomain "vapor.systems" "http://127.0.0.1:3900/");
      "web.vapor.systems" = (proxyDomain "vapor.systems" "http://127.0.0.1:3902/");
      "gnulag.net" = (proxyDomain "gnulag.net" "http://127.0.0.1:3902/");

      "cdn.vapor.systems" = {
        forceSSL = true;
        useACMEHost = "vapor.systems";
        locations."/" = {
          proxyPass = "http://127.0.0.1:3902/";
          extraConfig = ''
            proxy_pass_header Authorization;

            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_set_header Upgrade $http_upgrade;

            add_header 'access-control-allow-origin' '*';
          '';
        };
      };
    };
  };
}
generated by cgit v1.2.3 (git 2.46.0) at 2026-02-14 23:41:40 +0000