Minio, move to different host

This commit is contained in:
Julius 2022-05-21 21:59:14 +02:00
parent 1d55090665
commit 5b0683df9d
Signed by: j00lz
GPG key ID: AF241B0AA237BBA2
4 changed files with 87 additions and 20 deletions

View file

@ -45,6 +45,28 @@
''; '';
}; };
packages.x86_64-linux.vm = let
vm = nixos-generators.nixosGenerate {
pkgs = pkgs;
modules = [ ./machines/base ];
format = "qcow";
};
metadata = nixos-generators.nixosGenerate {
pkgs = pkgs;
modules = [ ./machines/base ];
format = "lxc-metadata";
};
in with import nixpkgs { system = "x86_64-linux"; };
stdenv.mkDerivation {
name = "make-nixos-vm";
buildInputs = [ ];
src = self;
buildPhase =
"mkdir -p $out; ln -s ${vm} $out/vm; ln -s ${metadata} $out/metadata";
installPhase =
"ln -s $out/vm/nixos.qcow2 $out/nixos.qcow2;ln -s $out/metadata/tarball/nixos-system-x86_64-linux.tar.xz $out/metadata.tar.xz;";
};
colmena = { colmena = {
meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; }; meta = { nixpkgs = import nixpkgs { system = "x86_64-linux"; }; };
nginx = { nginx = {
@ -78,6 +100,28 @@
}; };
}; };
k3s = {
imports = [ ./machines/k3s ];
deployment = {
targetHost = "k3s.lxd";
tags = [ "system" ];
};
};
minio = {
imports = [ ./machines/minio ];
deployment = {
targetHost = "minio.lxd";
tags = [ "system" ];
keys."minioSettings" = {
keyCommand = [ "vault" "kv" "get" "-field=settings" "kv/minio" ];
destDir = "/var/lib/keys";
user = "minio";
group = "minio";
};
};
};
# k3s = { # k3s = {
# imports = [ ./machines/k3s ]; # imports = [ ./machines/k3s ];
# deployment = { # deployment = {

View file

@ -0,0 +1,13 @@
{ config, pkgs, ... }: {
imports = [ ../../common ../../common/lxc.nix ];
networking.hostName = "minio";
system.stateVersion = "21.11";
networking.firewall.enable = false;
networking.firewall.allowedTCPPorts = [ 9000 9001 ];
services.minio = {
enable = true;
rootCredentialsFile = "/var/lib/keys/minioSettings";
};
}

View file

@ -1,4 +1,28 @@
{ config, pkgs, ... }: { { config, pkgs, ... }:
let
proxy = path: {
forceSSL = true;
enableACME = true;
http2 = true;
locations."/" = {
proxyPass = path;
proxyWebsockets = true;
};
};
bigProxy = path: {
forceSSL = true;
enableACME = true;
http2 = true;
locations."/" = {
proxyPass = path;
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 0;
'';
};
};
in {
imports = [ ../../common ../../common/lxc.nix ]; imports = [ ../../common ../../common/lxc.nix ];
networking.hostName = "nginx"; networking.hostName = "nginx";
system.stateVersion = "21.11"; system.stateVersion = "21.11";
@ -17,24 +41,10 @@
enableACME = true; enableACME = true;
root = "/etc/main"; root = "/etc/main";
}; };
virtualHosts."git.asraphiel.dev" = { virtualHosts."git.asraphiel.dev" = proxy "http://gitea.lxd:3000/";
forceSSL = true; virtualHosts."vault.asraphiel.dev" = proxy "http://vault.lxd:8200/";
enableACME = true; virtualHosts."s3.asraphiel.dev" = bigProxy "http://minio.lxd:9000/";
http2 = true; virtualHosts."shell.s3.asraphiel.dev" = proxy "http://minio.lxd:9001/";
locations."/" = {
proxyPass = "http://gitea.lxd:3000/";
proxyWebsockets = true;
};
};
virtualHosts."vault.asraphiel.dev" = {
forceSSL = true;
enableACME = true;
http2 = true;
locations."/" = {
proxyPass = "http://vault.lxd:8200/";
proxyWebsockets = true;
};
};
}; };
security.acme.email = "acme@voidcorp.nl"; security.acme.email = "acme@voidcorp.nl";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;

View file

@ -15,7 +15,7 @@
authentication = '' authentication = ''
local all all trust local all all trust
host all all 10.0.0.0/8 trust host all all 10.0.0.0/8 trust
host all all fd42:14c:5baf:51ec:216:3eff:fe6e:32a7/96 trust host all all fd42:8db7:2e6b:8e9b:216:3eff::/96 trust
''; '';
ensureDatabases = [ "gitea" "vault" ]; ensureDatabases = [ "gitea" "vault" ];
ensureUsers = [ ensureUsers = [