diff --git a/services/fediversity/garage/default.nix b/services/fediversity/garage/default.nix
index f9015cf1..f1638dfd 100644
--- a/services/fediversity/garage/default.nix
+++ b/services/fediversity/garage/default.nix
@@ -7,7 +7,6 @@ let
};
in
-# TODO: expand to a multi-machine setup
{
config,
lib,
@@ -66,7 +65,7 @@ let
garage bucket deny --read --write --owner ${bucketArg} --key tmp
''}
'';
- ensureBucketsScript = concatMapAttrs ensureBucketScriptFn cfg.ensureBuckets;
+ ensureBucketsScript = concatMapAttrs ensureBucketScriptFn config.fediversity.garage.ensureBuckets;
ensureAccessScriptFn =
key: bucket:
{
@@ -90,7 +89,7 @@ let
garage key import --yes -n ${escapeShellArg key} ${escapeShellArg id} ${escapeShellArg secret} || :
${concatMapAttrs (ensureAccessScriptFn key) ensureAccess}
'';
- ensureKeysScript = concatMapAttrs ensureKeyScriptFn cfg.ensureKeys;
+ ensureKeysScript = concatMapAttrs ensureKeyScriptFn config.fediversity.garage.ensureKeys;
in
{
@@ -149,7 +148,7 @@ in
mapAttrs' (bucket: _: {
name = fedicfg.web.domainForBucket bucket;
inherit value;
- }) (filterAttrs (_: { website, ... }: website) cfg.ensureBuckets);
+ }) (filterAttrs (_: { website, ... }: website) config.fediversity.garage.ensureBuckets);
systemd.services.ensure-garage = {
after = [ "garage.service" ];
diff --git a/services/fediversity/garage/options.nix b/services/fediversity/garage/options.nix
index 69d9c4b7..56fec596 100644
--- a/services/fediversity/garage/options.nix
+++ b/services/fediversity/garage/options.nix
@@ -5,76 +5,75 @@ let
in
{
- options = {
- services.garage = {
- ensureBuckets = mkOption {
- type = types.attrsOf (
- types.submodule {
- options = {
- website = mkOption {
- type = types.bool;
- default = false;
+ options.fediversity.garage = {
+ ensureBuckets = mkOption {
+ type = types.attrsOf (
+ types.submodule {
+ options = {
+ website = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ # I think setting corsRules should allow another website to show images from your bucket
+ corsRules = {
+ enable = mkEnableOption "CORS Rules";
+ allowedHeaders = mkOption {
+ type = types.listOf types.str;
+ default = [ ];
};
- # I think setting corsRules should allow another website to show images from your bucket
- corsRules = {
- enable = mkEnableOption "CORS Rules";
- allowedHeaders = mkOption {
- type = types.listOf types.str;
- default = [ ];
- };
- allowedMethods = mkOption {
- type = types.listOf types.str;
- default = [ ];
- };
- allowedOrigins = mkOption {
- type = types.listOf types.str;
- default = [ ];
- };
+ allowedMethods = mkOption {
+ type = types.listOf types.str;
+ default = [ ];
};
- aliases = mkOption {
+ allowedOrigins = mkOption {
type = types.listOf types.str;
default = [ ];
};
};
- }
- );
- default = { };
- };
- ensureKeys = mkOption {
- type = types.attrsOf (
- types.submodule {
- # TODO: these should be managed as secrets, not in the nix store
- options = {
- id = mkOption { type = types.str; };
- secret = mkOption { type = types.str; };
- # TODO: assert at least one of these is true
- # NOTE: this currently needs to be done at the top level module
- ensureAccess = mkOption {
- type = types.attrsOf (
- types.submodule {
- options = {
- read = mkOption {
- type = types.bool;
- default = false;
- };
- write = mkOption {
- type = types.bool;
- default = false;
- };
- owner = mkOption {
- type = types.bool;
- default = false;
- };
- };
- }
- );
- default = [ ];
- };
+ aliases = mkOption {
+ type = types.listOf types.str;
+ default = [ ];
};
- }
- );
- default = { };
- };
+ };
+ }
+ );
+ default = { };
+ };
+
+ ensureKeys = mkOption {
+ type = types.attrsOf (
+ types.submodule {
+ # TODO: these should be managed as secrets, not in the nix store
+ options = {
+ id = mkOption { type = types.str; };
+ secret = mkOption { type = types.str; };
+ # TODO: assert at least one of these is true
+ # NOTE: this currently needs to be done at the top level module
+ ensureAccess = mkOption {
+ type = types.attrsOf (
+ types.submodule {
+ options = {
+ read = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ write = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ owner = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ };
+ }
+ );
+ default = [ ];
+ };
+ };
+ }
+ );
+ default = { };
};
};
}
diff --git a/services/fediversity/mastodon.nix b/services/fediversity/mastodon.nix
index 2ed4b3e9..7486559a 100644
--- a/services/fediversity/mastodon.nix
+++ b/services/fediversity/mastodon.nix
@@ -9,7 +9,7 @@ in
lib.mkIf (config.fediversity.enable && config.fediversity.mastodon.enable) {
#### garage setup
- services.garage = {
+ fediversity.garage = {
ensureBuckets = {
mastodon = {
website = true;
diff --git a/services/fediversity/peertube.nix b/services/fediversity/peertube.nix
index bb2b6181..ae973c15 100644
--- a/services/fediversity/peertube.nix
+++ b/services/fediversity/peertube.nix
@@ -17,7 +17,7 @@ lib.mkIf (config.fediversity.enable && config.fediversity.peertube.enable) {
1936
];
- services.garage = {
+ fediversity.garage = {
ensureBuckets = {
peertube-videos = {
website = true;
diff --git a/services/fediversity/pixelfed.nix b/services/fediversity/pixelfed.nix
index 279445ef..6c2a3ebb 100644
--- a/services/fediversity/pixelfed.nix
+++ b/services/fediversity/pixelfed.nix
@@ -13,7 +13,7 @@ in
}:
lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
- services.garage = {
+ fediversity.garage = {
ensureBuckets = {
pixelfed = {
website = true;
diff --git a/services/tests/mastodon.nix b/services/tests/mastodon.nix
index ef6a6676..80ede0c5 100644
--- a/services/tests/mastodon.nix
+++ b/services/tests/mastodon.nix
@@ -69,8 +69,8 @@ pkgs.nixosTest {
expect
];
environment.variables = {
- AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.mastodon.id;
- AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.mastodon.secret;
+ AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.mastodon.id;
+ AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.mastodon.secret;
};
};
};
diff --git a/services/tests/peertube.nix b/services/tests/peertube.nix
index 6a5161b7..c10e01a8 100644
--- a/services/tests/peertube.nix
+++ b/services/tests/peertube.nix
@@ -197,8 +197,8 @@ pkgs.nixosTest {
systemd.services.postgresql.serviceConfig.TimeoutSec = lib.mkForce 3600;
environment.variables = {
- AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.peertube.id;
- AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.peertube.secret;
+ AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.peertube.id;
+ AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.peertube.secret;
PT_INITIAL_ROOT_PASSWORD = "testtest";
};
};
diff --git a/services/tests/pixelfed-garage.nix b/services/tests/pixelfed-garage.nix
index 56c5d11a..346ffe4b 100644
--- a/services/tests/pixelfed-garage.nix
+++ b/services/tests/pixelfed-garage.nix
@@ -1,4 +1,5 @@
{ pkgs, self }:
+
let
lib = pkgs.lib;
@@ -160,8 +161,8 @@ pkgs.nixosTest {
];
environment.variables = {
POST_MEDIA = ./fediversity.png;
- AWS_ACCESS_KEY_ID = config.services.garage.ensureKeys.pixelfed.id;
- AWS_SECRET_ACCESS_KEY = config.services.garage.ensureKeys.pixelfed.secret;
+ AWS_ACCESS_KEY_ID = config.fediversity.garage.ensureKeys.pixelfed.id;
+ AWS_SECRET_ACCESS_KEY = config.fediversity.garage.ensureKeys.pixelfed.secret;
## without this we get frivolous errors in the logs
MC_REGION = "garage";
};
diff --git a/services/vm/garage-vm.nix b/services/vm/garage-vm.nix
index aca295e2..b115b51e 100644
--- a/services/vm/garage-vm.nix
+++ b/services/vm/garage-vm.nix
@@ -8,10 +8,6 @@
let
inherit (lib) mkVMOverride mapAttrs' filterAttrs;
- cfg = config.services.garage;
-
- fedicfg = config.fediversity.internal.garage;
-
in
{
imports = [ (modulesPath + "/virtualisation/qemu-vm.nix") ];
@@ -24,21 +20,21 @@ in
};
in
mapAttrs' (bucket: _: {
- name = fedicfg.web.domainForBucket bucket;
+ name = config.fediversity.internal.garage.web.domainForBucket bucket;
inherit value;
- }) (filterAttrs (_: { website, ... }: website) cfg.ensureBuckets);
+ }) (filterAttrs (_: { website, ... }: website) config.fediversity.garage.ensureBuckets);
virtualisation.diskSize = 2048;
virtualisation.forwardPorts = [
{
from = "host";
- host.port = fedicfg.rpc.port;
- guest.port = fedicfg.rpc.port;
+ host.port = config.fediversity.internal.garage.rpc.port;
+ guest.port = config.fediversity.internal.garage.rpc.port;
}
{
from = "host";
- host.port = fedicfg.web.internalPort;
- guest.port = fedicfg.web.internalPort;
+ host.port = config.fediversity.internal.garage.web.internalPort;
+ guest.port = config.fediversity.internal.garage.web.internalPort;
}
];
}