os/hosts/chonk/garage.nix

{ pkgs, config, lib, self, ... }:

{
  age.secrets.garage_rpc_token = {
    file = "${self}/secrets/chonk_garage_rpc_secret.age";
    owner = "garage";
    group = "garage";
  };

  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 3900 3901 ];

  users.groups.garage = {};
  users.users.garage = {
    group = "garage";
    isSystemUser = true;
  };

  # overwrite dynamicuser
  systemd.services.garage.serviceConfig = {
    User = "garage";
    Group = "garage";
    DynamicUser = false;
    StateDirectory = lib.mkForce null;
  };

  services.garage = {
    enable = true;
    package = pkgs.garage_0_8;
    settings = {
      replication_mode = "1";
      rpc_bind_addr = "[::]:3901";
      rpc_secret_file = config.age.secrets.garage_rpc_token.path;
      s3_api = {
        api_bind_addr = "[::]:3900";
        s3_region = "garage";
        root_domain = ".s3.gssws.de";
      };
    };
  };
}
latest changes 2023-11-11 00:12:57 +00:00			`{ pkgs, config, lib, self, ... }:`

			`{`
			`age.secrets.garage_rpc_token = {`
			`file = "${self}/secrets/chonk_garage_rpc_secret.age";`
			`owner = "garage";`
			`group = "garage";`
			`};`

			`networking.firewall.interfaces.wg0.allowedTCPPorts = [ 3900 3901 ];`

			`users.groups.garage = {};`
			`users.users.garage = {`
			`group = "garage";`
			`isSystemUser = true;`
			`};`

			`# overwrite dynamicuser`
			`systemd.services.garage.serviceConfig = {`
			`User = "garage";`
			`Group = "garage";`
			`DynamicUser = false;`
			`StateDirectory = lib.mkForce null;`
			`};`

			`services.garage = {`
			`enable = true;`
			`package = pkgs.garage_0_8;`
			`settings = {`
			`replication_mode = "1";`
			`rpc_bind_addr = "[::]:3901";`
			`rpc_secret_file = config.age.secrets.garage_rpc_token.path;`
			`s3_api = {`
			`api_bind_addr = "[::]:3900";`
			`s3_region = "garage";`
			`root_domain = ".s3.gssws.de";`
			`};`
			`};`
			`};`
			`}`