kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

services.garage -> fediversity.garage

Browse source 
for the options that are ours; we want to avoid clashes if possible
This commit is contained in:
Nicolas Jeannerod 2025-02-14 16:25:52 +01:00
parent b68a821b77
commit d9188427ed
Signed by untrusted user: Niols
GPG key ID: 35DB9EC8886E1CB8
9 changed files with 81 additions and 86 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
services/fediversity/garage/default.nix
View file

@ -7,7 +7,6 @@ let
}; };
in in
# TODO: expand to a multi-machine setup
{ {
config, config,
lib, lib,
@ -66,7 +65,7 @@ let
garage bucket deny --read --write --owner ${bucketArg} --key tmp garage bucket deny --read --write --owner ${bucketArg} --key tmp
''} ''}
''; '';
ensureBucketsScript = concatMapAttrs ensureBucketScriptFn cfg.ensureBuckets; ensureBucketsScript = concatMapAttrs ensureBucketScriptFn config.fediversity.garage.ensureBuckets;
ensureAccessScriptFn = ensureAccessScriptFn =
key: bucket: key: bucket:
{ {
@ -90,7 +89,7 @@ let
garage key import --yes -n ${escapeShellArg key} ${escapeShellArg id} ${escapeShellArg secret} || : garage key import --yes -n ${escapeShellArg key} ${escapeShellArg id} ${escapeShellArg secret} || :
${concatMapAttrs (ensureAccessScriptFn key) ensureAccess} ${concatMapAttrs (ensureAccessScriptFn key) ensureAccess}
''; '';
ensureKeysScript = concatMapAttrs ensureKeyScriptFn cfg.ensureKeys; ensureKeysScript = concatMapAttrs ensureKeyScriptFn config.fediversity.garage.ensureKeys;
in in
{ {
@ -149,7 +148,7 @@ in
mapAttrs' (bucket: _: { mapAttrs' (bucket: _: {
name = fedicfg.web.domainForBucket bucket; name = fedicfg.web.domainForBucket bucket;
inherit value; inherit value;
}) (filterAttrs (_: { website, ... }: website) cfg.ensureBuckets); }) (filterAttrs (_: { website, ... }: website) config.fediversity.garage.ensureBuckets);
systemd.services.ensure-garage = { systemd.services.ensure-garage = {
after = [ "garage.service" ]; after = [ "garage.service" ];

125
services/fediversity/garage/options.nix
View file

@ -5,76 +5,75 @@ let
in in
{ {
options = { options.fediversity.garage = {
services.garage = { ensureBuckets = mkOption {
ensureBuckets = mkOption { type = types.attrsOf (
type = types.attrsOf ( types.submodule {
types.submodule { options = {
options = { website = mkOption {
website = mkOption { type = types.bool;
type = types.bool; default = false;
default = false; };
# I think setting corsRules should allow another website to show images from your bucket
corsRules = {
enable = mkEnableOption "CORS Rules";
allowedHeaders = mkOption {
type = types.listOf types.str;
default = [ ];
}; };
# I think setting corsRules should allow another website to show images from your bucket allowedMethods = mkOption {
corsRules = { type = types.listOf types.str;
enable = mkEnableOption "CORS Rules"; default = [ ];
allowedHeaders = mkOption {
type = types.listOf types.str;
default = [ ];
};
allowedMethods = mkOption {
type = types.listOf types.str;
default = [ ];
};
allowedOrigins = mkOption {
type = types.listOf types.str;
default = [ ];
};
}; };
aliases = mkOption { allowedOrigins = mkOption {
type = types.listOf types.str; type = types.listOf types.str;
default = [ ]; default = [ ];
}; };
}; };
} aliases = mkOption {
); type = types.listOf types.str;
default = { }; default = [ ];
};
ensureKeys = mkOption {
type = types.attrsOf (
types.submodule {
# TODO: these should be managed as secrets, not in the nix store
options = {
id = mkOption { type = types.str; };
secret = mkOption { type = types.str; };
# TODO: assert at least one of these is true
# NOTE: this currently needs to be done at the top level module
ensureAccess = mkOption {
type = types.attrsOf (
types.submodule {
options = {
read = mkOption {
type = types.bool;
default = false;
};
write = mkOption {
type = types.bool;
default = false;
};
owner = mkOption {
type = types.bool;
default = false;
};
};
}
);
default = [ ];
};
}; };
} };
); }
default = { }; );
}; default = { };
};
ensureKeys = mkOption {
type = types.attrsOf (
types.submodule {
# TODO: these should be managed as secrets, not in the nix store
options = {
id = mkOption { type = types.str; };
secret = mkOption { type = types.str; };
# TODO: assert at least one of these is true
# NOTE: this currently needs to be done at the top level module
ensureAccess = mkOption {
type = types.attrsOf (
types.submodule {
options = {
read = mkOption {
type = types.bool;
default = false;
};
write = mkOption {
type = types.bool;
default = false;
};
owner = mkOption {
type = types.bool;
default = false;
};
};
}
);
default = [ ];
};
};
}
);
default = { };
}; };
}; };
} }

2
services/fediversity/mastodon.nix
View file

@ -9,7 +9,7 @@ in
lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) { lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) {
#### garage setup #### garage setup
services.garage = { fediversity.garage = {
ensureBuckets = { ensureBuckets = {
mastodon = { mastodon = {
website = true; website = true;

2
services/fediversity/peertube.nix
View file

@ -17,7 +17,7 @@ lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) {
1936 1936
]; ];
services.garage = { fediversity.garage = {
ensureBuckets = { ensureBuckets = {
peertube-videos = { peertube-videos = {
website = true; website = true;

2
services/fediversity/pixelfed.nix
View file

@ -13,7 +13,7 @@ in
}: }:
lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) { lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
services.garage = { fediversity.garage = {
ensureBuckets = { ensureBuckets = {
pixelfed = { pixelfed = {
website = true; website = true;

4
services/tests/mastodon.nix
View file

@ -69,8 +69,8 @@ pkgs.nixosTest {
expect expect
]; ];
environment.variables = { environment.variables = {
AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.mastodon.id; AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.mastodon.id;
AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.mastodon.secret; AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.mastodon.secret;
}; };
}; };
}; };

4
services/tests/peertube.nix
View file

@ -197,8 +197,8 @@ pkgs.nixosTest {
systemd.services.postgresql.serviceConfig.TimeoutSec = lib.mkForce 3600; systemd.services.postgresql.serviceConfig.TimeoutSec = lib.mkForce 3600;
environment.variables = { environment.variables = {
AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.peertube.id; AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.peertube.id;
AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.peertube.secret; AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.peertube.secret;
PT_INITIAL_ROOT_PASSWORD = "testtest"; PT_INITIAL_ROOT_PASSWORD = "testtest";
}; };
}; };

5
services/tests/pixelfed-garage.nix
View file

@ -1,4 +1,5 @@
{ pkgs, self }: { pkgs, self }:
let let
lib = pkgs.lib; lib = pkgs.lib;
@ -160,8 +161,8 @@ pkgs.nixosTest {
]; ];
environment.variables = { environment.variables = {
POST_MEDIA = ./fediversity.png; POST_MEDIA = ./fediversity.png;
AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id; AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.pixelfed.id;
AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret; AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.pixelfed.secret;
## without this we get frivolous errors in the logs ## without this we get frivolous errors in the logs
MC_REGION = "garage"; MC_REGION = "garage";
}; };

16
services/vm/garage-vm.nix
View file

@ -8,10 +8,6 @@
let let
inherit (lib) mkVMOverride mapAttrs' filterAttrs; inherit (lib) mkVMOverride mapAttrs' filterAttrs;
cfg = config.services.garage;
fedicfg = config.fediversity.internal.garage;
in in
{ {
imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ]; imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
@ -24,21 +20,21 @@ in
}; };
in in
mapAttrs' (bucket: _: { mapAttrs' (bucket: _: {
name = fedicfg.web.domainForBucket bucket; name = config.fediversity.internal.garage.web.domainForBucket bucket;
inherit value; inherit value;
}) (filterAttrs (_: { website, ... }: website) cfg.ensureBuckets); }) (filterAttrs (_: { website, ... }: website) config.fediversity.garage.ensureBuckets);
virtualisation.diskSize = 2048; virtualisation.diskSize = 2048;
virtualisation.forwardPorts = [ virtualisation.forwardPorts = [
{ {
from = "host"; from = "host";
host.port = fedicfg.rpc.port; host.port = config.fediversity.internal.garage.rpc.port;
guest.port = fedicfg.rpc.port; guest.port = config.fediversity.internal.garage.rpc.port;
} }
{ {
from = "host"; from = "host";
host.port = fedicfg.web.internalPort; host.port = config.fediversity.internal.garage.web.internalPort;
guest.port = fedicfg.web.internalPort; guest.port = config.fediversity.internal.garage.web.internalPort;
} }
]; ];
} }