Get Pixelfed running on metal #24
|
@ -5,7 +5,6 @@ let
|
||||||
id = "GK22a15201acacbd51cd43e327";
|
id = "GK22a15201acacbd51cd43e327";
|
||||||
secret = "82b2b4cbef27bf8917b350d5b10a87c92fa9c8b13a415aeeea49726cf335d74e";
|
secret = "82b2b4cbef27bf8917b350d5b10a87c92fa9c8b13a415aeeea49726cf335d74e";
|
||||||
};
|
};
|
||||||
cfg = config.fediversity.internal.garage;
|
|
||||||
in
|
in
|
||||||
|
|
||||||
# TODO: expand to a multi-machine setup
|
# TODO: expand to a multi-machine setup
|
||||||
|
@ -16,6 +15,7 @@ let
|
||||||
inherit (lib) types mkOption mkEnableOption optionalString concatStringsSep;
|
inherit (lib) types mkOption mkEnableOption optionalString concatStringsSep;
|
||||||
inherit (lib.strings) escapeShellArg;
|
inherit (lib.strings) escapeShellArg;
|
||||||
cfg = config.services.garage;
|
cfg = config.services.garage;
|
||||||
|
fedicfg = config.fediversity.internal.garage;
|
||||||
concatMapAttrs = scriptFn: attrset: concatStringsSep "\n" (lib.mapAttrsToList scriptFn attrset);
|
concatMapAttrs = scriptFn: attrset: concatStringsSep "\n" (lib.mapAttrsToList scriptFn attrset);
|
||||||
ensureBucketScriptFn = bucket: { website, aliases, corsRules }:
|
ensureBucketScriptFn = bucket: { website, aliases, corsRules }:
|
||||||
let
|
let
|
||||||
|
@ -43,7 +43,7 @@ let
|
||||||
${optionalString corsRules.enable ''
|
${optionalString corsRules.enable ''
|
||||||
garage bucket allow --read --write --owner ${bucketArg} --key tmp
|
garage bucket allow --read --write --owner ${bucketArg} --key tmp
|
||||||
# TODO: endpoin-url should not be hard-coded
|
# TODO: endpoin-url should not be hard-coded
|
||||||
aws --region ${cfg.settings.s3_api.s3_region} --endpoint-url ${cfg.api.url} s3api put-bucket-cors --bucket ${bucketArg} --cors-configuration ${corsRulesJSON}
|
aws --region ${cfg.settings.s3_api.s3_region} --endpoint-url ${fedicfg.api.url} s3api put-bucket-cors --bucket ${bucketArg} --cors-configuration ${corsRulesJSON}
|
||||||
garage bucket deny --read --write --owner ${bucketArg} --key tmp
|
garage bucket deny --read --write --owner ${bucketArg} --key tmp
|
||||||
''}
|
''}
|
||||||
'';
|
'';
|
||||||
|
@ -138,20 +138,20 @@ in
|
||||||
# virtualisation.forwardPorts = [
|
# virtualisation.forwardPorts = [
|
||||||
# {
|
# {
|
||||||
# from = "host";
|
# from = "host";
|
||||||
# host.port = cfg.rpc.port;
|
# host.port = fedicfg.rpc.port;
|
||||||
# guest.port = cfg.rpc.port;
|
# guest.port = fedicfg.rpc.port;
|
||||||
# }
|
# }
|
||||||
# {
|
# {
|
||||||
# from = "host";
|
# from = "host";
|
||||||
# host.port = cfg.web.port;
|
# host.port = fedicfg.web.port;
|
||||||
# guest.port = cfg.web.port;
|
# guest.port = fedicfg.web.port;
|
||||||
# }
|
# }
|
||||||
# ];
|
# ];
|
||||||
|
|
||||||
environment.systemPackages = [ pkgs.minio-client pkgs.awscli ];
|
environment.systemPackages = [ pkgs.minio-client pkgs.awscli ];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
networking.firewall.allowedTCPPorts = [
|
||||||
cfg.rpc.port
|
fedicfg.rpc.port
|
||||||
];
|
];
|
||||||
services.garage = {
|
services.garage = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -161,19 +161,19 @@ in
|
||||||
# TODO: use a secret file
|
# TODO: use a secret file
|
||||||
rpc_secret = "d576c4478cc7d0d94cfc127138cbb82018b0155c037d1c827dfb6c36be5f6625";
|
rpc_secret = "d576c4478cc7d0d94cfc127138cbb82018b0155c037d1c827dfb6c36be5f6625";
|
||||||
# TODO: why does this have to be set? is there not a sensible default?
|
# TODO: why does this have to be set? is there not a sensible default?
|
||||||
rpc_bind_addr = "[::]:${toString cfg.rpc.port}";
|
rpc_bind_addr = "[::]:${toString fedicfg.rpc.port}";
|
||||||
rpc_public_addr = "[::1]:${toString cfg.rpc.port}";
|
rpc_public_addr = "[::1]:${toString fedicfg.rpc.port}";
|
||||||
s3_api.api_bind_addr = "[::]:${toString cfg.api.port}";
|
s3_api.api_bind_addr = "[::]:${toString fedicfg.api.port}";
|
||||||
s3_web.bind_addr = "[::]:${toString cfg.web.port}";
|
s3_web.bind_addr = "[::]:${toString fedicfg.web.port}";
|
||||||
s3_web.root_domain = ".${cfg.web.rootDomain}";
|
s3_web.root_domain = ".${fedicfg.web.rootDomain}";
|
||||||
index = "index.html";
|
index = "index.html";
|
||||||
|
|
||||||
s3_api.s3_region = "garage";
|
s3_api.s3_region = "garage";
|
||||||
s3_api.root_domain = ".${cfg.api.domain}";
|
s3_api.root_domain = ".${fedicfg.api.domain}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.nginx.virtualHosts."garagePortProxy" = {
|
services.nginx.virtualHosts."garagePortProxy" = {
|
||||||
serverName = "${cfg.web.urlFor "*"}"; # wildcard bucket *.foo.com
|
serverName = "${fedicfg.web.urlFor "*"}"; # wildcard bucket *.foo.com
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "localhost:3902";
|
proxyPass = "localhost:3902";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
@ -193,7 +193,7 @@ in
|
||||||
|
|
||||||
# Give Garage time to start up by waiting until somethings speaks HTTP
|
# Give Garage time to start up by waiting until somethings speaks HTTP
|
||||||
# behind Garage's API URL.
|
# behind Garage's API URL.
|
||||||
until ${pkgs.curl}/bin/curl -sio /dev/null ${cfg.api.url}; do sleep 1; done
|
until ${pkgs.curl}/bin/curl -sio /dev/null ${fedicfg.api.url}; do sleep 1; done
|
||||||
|
|
||||||
# XXX: this is very sensitive to being a single instance
|
# XXX: this is very sensitive to being a single instance
|
||||||
# (doing the bare minimum to get garage up and running)
|
# (doing the bare minimum to get garage up and running)
|
||||||
|
|
Reference in a new issue