monolith: install minio

2025-11-27 23:18:47 -03:00 · 2025-11-27 23:18:47 -03:00 · 80a42cc578
commit 80a42cc578
parent 19c97a81e0
3 changed files with 48 additions and 2 deletions
--- a/hosts/monolith/default.nix
+++ b/hosts/monolith/default.nix
@ -26,6 +26,7 @@ in
    ./amdgpu.nix
    ./factorio-server.nix
    ./nebula-vpn.nix
+    ./minio.nix
  ];
  boot.initrd.availableKernelModules = [
    "nvme"
--- a/hosts/monolith/minio.nix
+++ b/hosts/monolith/minio.nix
@ -0,0 +1,43 @@
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:
+let
+  s = config.sops.secrets;
+
+  dataDir = "/var/lib/minio";
+
+  s3Port = 14749;
+  consolePort = 10601;
+
+  secretConfig = {
+    owner = "minio";
+    group = "minio";
+    restartUnits = [ "minio.service" ];
+    sopsFile = ../../secrets/monolith/default.yaml;
+  };
+in
+{
+  services.minio = {
+    enable = true;
+
+    dataDir = [ dataDir ];
+
+    listenAddress = "0.0.0.0:${toString s3Port}";
+    consoleAddress = "127.0.0.1:${toString consolePort}";
+
+    rootCredentialsFile = config.sops.secrets."minio/root-credentials".path;
+  };
+
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 minio minio -"
+  ];
+
+  networking.firewall.allowedTCPPorts = [ s3Port ];
+
+  sops.secrets = {
+    "minio/root-credentials" = secretConfig;
+  };
+}