From 80a42cc5788cd1efd31abdf408b04b7d99fd989e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Leonardo=20Eug=C3=AAnio?= Date: Thu, 27 Nov 2025 23:18:47 -0300 Subject: [PATCH] monolith: install minio --- hosts/monolith/default.nix | 1 + hosts/monolith/minio.nix | 43 +++++++++++++++++++++++++++++++++++ secrets/monolith/default.yaml | 6 +++-- 3 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 hosts/monolith/minio.nix diff --git a/hosts/monolith/default.nix b/hosts/monolith/default.nix index db6823e..a759c1f 100644 --- a/hosts/monolith/default.nix +++ b/hosts/monolith/default.nix @@ -26,6 +26,7 @@ in ./amdgpu.nix ./factorio-server.nix ./nebula-vpn.nix + ./minio.nix ]; boot.initrd.availableKernelModules = [ "nvme" diff --git a/hosts/monolith/minio.nix b/hosts/monolith/minio.nix new file mode 100644 index 0000000..19aa6c9 --- /dev/null +++ b/hosts/monolith/minio.nix @@ -0,0 +1,43 @@ +{ + pkgs, + config, + lib, + ... +}: +let + s = config.sops.secrets; + + dataDir = "/var/lib/minio"; + + s3Port = 14749; + consolePort = 10601; + + secretConfig = { + owner = "minio"; + group = "minio"; + restartUnits = [ "minio.service" ]; + sopsFile = ../../secrets/monolith/default.yaml; + }; +in +{ + services.minio = { + enable = true; + + dataDir = [ dataDir ]; + + listenAddress = "0.0.0.0:${toString s3Port}"; + consoleAddress = "127.0.0.1:${toString consolePort}"; + + rootCredentialsFile = config.sops.secrets."minio/root-credentials".path; + }; + + systemd.tmpfiles.rules = [ + "d ${dataDir} 0755 minio minio -" + ]; + + networking.firewall.allowedTCPPorts = [ s3Port ]; + + sops.secrets = { + "minio/root-credentials" = secretConfig; + }; +} diff --git a/secrets/monolith/default.yaml b/secrets/monolith/default.yaml index 82dbbc6..6b3c1ff 100644 --- a/secrets/monolith/default.yaml +++ b/secrets/monolith/default.yaml @@ -11,6 +11,8 @@ nebula-wopus-vpn: ca-crt: ENC[AES256_GCM,data:sFc9SxfCVaDYxbJqzEK6pRsVoJSFbD1qs/oVKLXXJPrR2y5jVM/ESk/xwaemwEBDPn2VOxLqD62lPF8jP665w/rutskKJ4pMji+Ev2zeryaxDmEwSOL8EbEQtlNxkZZEX3dwVNxykbK5A3bIrcI6vHaOTFeMht6IanO6CdeQOS0KoyYW0fHbW0Dc/YytBMjVWCPQk2VeWCl7X4JBsjj8aVQ8qgupsI16tJmETetO3lHAaYt6dk0Fp51XVaKSuaYGBhnoADXEKA3cIQoPUOaJ1Q0CmdfYk5XWEr0q0OcqjeAn8OERGufHr227tJgYx8A=,iv:G5iq5qeX9NlkOdmj9K0GRQ/6lAU0cBNEO2hQe9kyirY=,tag:b3sW5hs0pkIqqm2j81BIIA==,type:str] monolith-crt: ENC[AES256_GCM,data:+0YbGYreXYR2+cu0NwXUuAnfIEUBGXm5J6nUTx2/z25gDTOVx9eI7USX6cQT/3NOt9S8odHcHeWQXChgWU9Xf+avdXmNO9vQGf8bZCybDQltPF+Gb2zRiFWiAy7raQaZc74SMbGCzABdfQBnEnqs+s/y0+ovilzOmcopnu551QEyjojuMLVcpUsvrEoQBx+dLYBjx22xob0wNUmXgBFxLRuDvYHGdehZ4jg8Ihf9kpDyjtjpfa8mF1kmdKZvPI5Y9z4ZOvA8266H+jFSqfx41nIuYcIwi8naKkoRue4kRCv71IXyK5DJNEweZPXD5sCdd005sxGgBnpSJCpSfr7TsCy5FxDcf9ISi3yrXLttcnOt2u1b3FFKNQiwlo5s2PQB2AB2Zf3nvKPqICmcXtGN3w==,iv:Q6izpQw3SymKNjnjO4x3pzqGJo5SxYZkVYdXcHQBi0A=,tag:9tlMYrN+/mMNYifw1F3yZQ==,type:str] monolith-key: ENC[AES256_GCM,data:Y8KVQk66dewyeRIF+6HJeufD9EYO55m73LxrtZi4KQU0RbUpsV0eiRMX62rYtw6+uP87f5Tx6kC3fX4+mqNb2ZgDtVvm3/Qnz5Ly112c/h33krNqRpv6pEHRkrS9j01tLkJnxwiyIvq3b03GTAIoCKWgqaaagCXYHArgzRrDIw==,iv:lp3zuD8XWaiJvyxzXHrgpF4qbrCv/uf9l9qyWXVrkkM=,tag:eSlTCa2TrIuga7UUxoloBQ==,type:str] +minio: + root-credentials: ENC[AES256_GCM,data:izDiis6BgAubbe91EUcuwMKrSrYEDQFQbaEGzpdjj3Wlt8Z8gzgvGmYCryAK8GBUMbzQvy0do26xMGMl3LxLWz9bgixixPVFTTg5GhfUJw==,iv:hkrkGz+EpVwkWEMQWBrm2u4Jti7azsDtsTmyouDREug=,tag:mDnOKKBwgKOmsxegKcRhpQ==,type:str] sops: age: - recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h @@ -31,8 +33,8 @@ sops: aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-10T03:03:07Z" - mac: ENC[AES256_GCM,data:GYriodre07cwdOik6Zh3ab3EzMTikF1BxMlKX+Fx1yurwkuBX9ULp04xN4TYWHlMgrDyQc/6c9K6P7yiT/XDBgLmdOUmdUJCkhHRobBID1oBjceKo/bcEhEx13qbKol11aKS9JFpAXGIogHk/ukElxrNTWiDlk409k7+WNn5l2k=,iv:DFSVmaTn2fUuAVf42v9wC/aekajgVjX+RmlG32aGD7E=,tag:noYDrelrDC5lIHS7b8Gj/g==,type:str] + lastmodified: "2025-11-27T15:58:01Z" + mac: ENC[AES256_GCM,data:8JemHyxdcDjkg++kgBAGpvGZAyGnQhcAOzs58D8EqjJzTWWf4HgF3uD8od5EGu5i1f7IzUBNio57H/0DC7fWZk/vIRM/Xn7DREuXClBGmBsc32H+K0tOKg8hMb11PDGqviw0qj0qwl1Gs0+j8C4OY9qLupTDzsECUgRXBtsD4cU=,iv:vOV25BV/C3hK/D4bKb26Xi0PaiSlJ5t9bN18ZJQnCRs=,tag:1AZyn4Zj1/e/2dhNzcfPqg==,type:str] pgp: - created_at: "2025-03-07T22:49:16Z" enc: |-