From d9188427ede5a85c8bdd395bfcfb0e8c49a6762f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Fri, 14 Feb 2025 16:25:52 +0100 Subject: [PATCH] `services.garage` -> `fediversity.garage` for the options that are ours; we want to avoid clashes if possible --- services/fediversity/garage/default.nix | 7 +- services/fediversity/garage/options.nix | 125 ++++++++++++------------ services/fediversity/mastodon.nix | 2 +- services/fediversity/peertube.nix | 2 +- services/fediversity/pixelfed.nix | 2 +- services/tests/mastodon.nix | 4 +- services/tests/peertube.nix | 4 +- services/tests/pixelfed-garage.nix | 5 +- services/vm/garage-vm.nix | 16 ++- 9 files changed, 81 insertions(+), 86 deletions(-) diff --git a/services/fediversity/garage/default.nix b/services/fediversity/garage/default.nix index f9015cf1..f1638dfd 100644 --- a/services/fediversity/garage/default.nix +++ b/services/fediversity/garage/default.nix @@ -7,7 +7,6 @@ let }; in -# TODO: expand to a multi-machine setup { config, lib, @@ -66,7 +65,7 @@ let garage bucket deny --read --write --owner ${bucketArg} --key tmp ''} ''; - ensureBucketsScript = concatMapAttrs ensureBucketScriptFn cfg.ensureBuckets; + ensureBucketsScript = concatMapAttrs ensureBucketScriptFn config.fediversity.garage.ensureBuckets; ensureAccessScriptFn = key: bucket: { @@ -90,7 +89,7 @@ let garage key import --yes -n ${escapeShellArg key} ${escapeShellArg id} ${escapeShellArg secret} || : ${concatMapAttrs (ensureAccessScriptFn key) ensureAccess} ''; - ensureKeysScript = concatMapAttrs ensureKeyScriptFn cfg.ensureKeys; + ensureKeysScript = concatMapAttrs ensureKeyScriptFn config.fediversity.garage.ensureKeys; in { @@ -149,7 +148,7 @@ in mapAttrs' (bucket: _: { name = fedicfg.web.domainForBucket bucket; inherit value; - }) (filterAttrs (_: { website, ... }: website) cfg.ensureBuckets); + }) (filterAttrs (_: { website, ... }: website) config.fediversity.garage.ensureBuckets); systemd.services.ensure-garage = { after = [ "garage.service" ]; diff --git a/services/fediversity/garage/options.nix b/services/fediversity/garage/options.nix index 69d9c4b7..56fec596 100644 --- a/services/fediversity/garage/options.nix +++ b/services/fediversity/garage/options.nix @@ -5,76 +5,75 @@ let in { - options = { - services.garage = { - ensureBuckets = mkOption { - type = types.attrsOf ( - types.submodule { - options = { - website = mkOption { - type = types.bool; - default = false; + options.fediversity.garage = { + ensureBuckets = mkOption { + type = types.attrsOf ( + types.submodule { + options = { + website = mkOption { + type = types.bool; + default = false; + }; + # I think setting corsRules should allow another website to show images from your bucket + corsRules = { + enable = mkEnableOption "CORS Rules"; + allowedHeaders = mkOption { + type = types.listOf types.str; + default = [ ]; }; - # I think setting corsRules should allow another website to show images from your bucket - corsRules = { - enable = mkEnableOption "CORS Rules"; - allowedHeaders = mkOption { - type = types.listOf types.str; - default = [ ]; - }; - allowedMethods = mkOption { - type = types.listOf types.str; - default = [ ]; - }; - allowedOrigins = mkOption { - type = types.listOf types.str; - default = [ ]; - }; + allowedMethods = mkOption { + type = types.listOf types.str; + default = [ ]; }; - aliases = mkOption { + allowedOrigins = mkOption { type = types.listOf types.str; default = [ ]; }; }; - } - ); - default = { }; - }; - ensureKeys = mkOption { - type = types.attrsOf ( - types.submodule { - # TODO: these should be managed as secrets, not in the nix store - options = { - id = mkOption { type = types.str; }; - secret = mkOption { type = types.str; }; - # TODO: assert at least one of these is true - # NOTE: this currently needs to be done at the top level module - ensureAccess = mkOption { - type = types.attrsOf ( - types.submodule { - options = { - read = mkOption { - type = types.bool; - default = false; - }; - write = mkOption { - type = types.bool; - default = false; - }; - owner = mkOption { - type = types.bool; - default = false; - }; - }; - } - ); - default = [ ]; - }; + aliases = mkOption { + type = types.listOf types.str; + default = [ ]; }; - } - ); - default = { }; - }; + }; + } + ); + default = { }; + }; + + ensureKeys = mkOption { + type = types.attrsOf ( + types.submodule { + # TODO: these should be managed as secrets, not in the nix store + options = { + id = mkOption { type = types.str; }; + secret = mkOption { type = types.str; }; + # TODO: assert at least one of these is true + # NOTE: this currently needs to be done at the top level module + ensureAccess = mkOption { + type = types.attrsOf ( + types.submodule { + options = { + read = mkOption { + type = types.bool; + default = false; + }; + write = mkOption { + type = types.bool; + default = false; + }; + owner = mkOption { + type = types.bool; + default = false; + }; + }; + } + ); + default = [ ]; + }; + }; + } + ); + default = { }; }; }; } diff --git a/services/fediversity/mastodon.nix b/services/fediversity/mastodon.nix index 2ed4b3e9..7486559a 100644 --- a/services/fediversity/mastodon.nix +++ b/services/fediversity/mastodon.nix @@ -9,7 +9,7 @@ in lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) { #### garage setup - services.garage = { + fediversity.garage = { ensureBuckets = { mastodon = { website = true; diff --git a/services/fediversity/peertube.nix b/services/fediversity/peertube.nix index bb2b6181..ae973c15 100644 --- a/services/fediversity/peertube.nix +++ b/services/fediversity/peertube.nix @@ -17,7 +17,7 @@ lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) { 1936 ]; - services.garage = { + fediversity.garage = { ensureBuckets = { peertube-videos = { website = true; diff --git a/services/fediversity/pixelfed.nix b/services/fediversity/pixelfed.nix index 279445ef..6c2a3ebb 100644 --- a/services/fediversity/pixelfed.nix +++ b/services/fediversity/pixelfed.nix @@ -13,7 +13,7 @@ in }: lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) { - services.garage = { + fediversity.garage = { ensureBuckets = { pixelfed = { website = true; diff --git a/services/tests/mastodon.nix b/services/tests/mastodon.nix index ef6a6676..80ede0c5 100644 --- a/services/tests/mastodon.nix +++ b/services/tests/mastodon.nix @@ -69,8 +69,8 @@ pkgs.nixosTest { expect ]; environment.variables = { - AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.mastodon.id; - AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.mastodon.secret; + AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.mastodon.id; + AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.mastodon.secret; }; }; }; diff --git a/services/tests/peertube.nix b/services/tests/peertube.nix index 6a5161b7..c10e01a8 100644 --- a/services/tests/peertube.nix +++ b/services/tests/peertube.nix @@ -197,8 +197,8 @@ pkgs.nixosTest { systemd.services.postgresql.serviceConfig.TimeoutSec = lib.mkForce 3600; environment.variables = { - AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.peertube.id; - AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.peertube.secret; + AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.peertube.id; + AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.peertube.secret; PT_INITIAL_ROOT_PASSWORD = "testtest"; }; }; diff --git a/services/tests/pixelfed-garage.nix b/services/tests/pixelfed-garage.nix index 56c5d11a..346ffe4b 100644 --- a/services/tests/pixelfed-garage.nix +++ b/services/tests/pixelfed-garage.nix @@ -1,4 +1,5 @@ { pkgs, self }: + let lib = pkgs.lib; @@ -160,8 +161,8 @@ pkgs.nixosTest { ]; environment.variables = { POST_MEDIA = ./fediversity.png; - AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id; - AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret; + AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.pixelfed.id; + AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.pixelfed.secret; ## without this we get frivolous errors in the logs MC_REGION = "garage"; }; diff --git a/services/vm/garage-vm.nix b/services/vm/garage-vm.nix index aca295e2..b115b51e 100644 --- a/services/vm/garage-vm.nix +++ b/services/vm/garage-vm.nix @@ -8,10 +8,6 @@ let inherit (lib) mkVMOverride mapAttrs' filterAttrs; - cfg = config.services.garage; - - fedicfg = config.fediversity.internal.garage; - in { imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; @@ -24,21 +20,21 @@ in }; in mapAttrs' (bucket: _: { - name = fedicfg.web.domainForBucket bucket; + name = config.fediversity.internal.garage.web.domainForBucket bucket; inherit value; - }) (filterAttrs (_: { website, ... }: website) cfg.ensureBuckets); + }) (filterAttrs (_: { website, ... }: website) config.fediversity.garage.ensureBuckets); virtualisation.diskSize = 2048; virtualisation.forwardPorts = [ { from = "host"; - host.port = fedicfg.rpc.port; - guest.port = fedicfg.rpc.port; + host.port = config.fediversity.internal.garage.rpc.port; + guest.port = config.fediversity.internal.garage.rpc.port; } { from = "host"; - host.port = fedicfg.web.internalPort; - guest.port = fedicfg.web.internalPort; + host.port = config.fediversity.internal.garage.web.internalPort; + guest.port = config.fediversity.internal.garage.web.internalPort; } ]; }