Add minio stuff
This commit is contained in:
parent
7fc716534f
commit
83b15681b1
7 changed files with 180 additions and 4 deletions
14
.sops.yaml
14
.sops.yaml
|
@ -1,13 +1,14 @@
|
||||||
keys:
|
keys:
|
||||||
- &erwin b785a9688947edabb9ec8933ee7adefe1d943c7b
|
# - &erwin b785a9688947edabb9ec8933ee7adefe1d943c7b
|
||||||
- &erwin_age age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
|
- &erwin_age age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
|
||||||
- &loki a6e31f5ab2bf34ca3f614d81ed9d6ae54dbcb9f7
|
# - &loki a6e31f5ab2bf34ca3f614d81ed9d6ae54dbcb9f7
|
||||||
- &loki_age age1m93jeyexus2uqvrk99r7hh0xp7qxk55tgmju4h422dfkf92jce2sxpntu5
|
- &loki_age age1m93jeyexus2uqvrk99r7hh0xp7qxk55tgmju4h422dfkf92jce2sxpntu5
|
||||||
- &drone 8eefb1f8c85704ca47aa226a692372b1fc4bb9bf
|
# - &drone 8eefb1f8c85704ca47aa226a692372b1fc4bb9bf
|
||||||
- &drone_age age1q0dfxz58vt4zxwx2etqy8xycf4l0p5nujpznh53kd0fwwc28ms7q6qrhct
|
- &drone_age age1q0dfxz58vt4zxwx2etqy8xycf4l0p5nujpznh53kd0fwwc28ms7q6qrhct
|
||||||
- &gitea ca0dba2f767679957879077fb8922c8ba16710be
|
# - &gitea ca0dba2f767679957879077fb8922c8ba16710be
|
||||||
- &gitea_age age1jkj6xrhr3uf52hac4wlda4a8jcegha86jf5lgv58df0xunadz53qpjlpae
|
- &gitea_age age1jkj6xrhr3uf52hac4wlda4a8jcegha86jf5lgv58df0xunadz53qpjlpae
|
||||||
- &vpn 554dd0be7ba432b2a2c72df52b35c2235938f603
|
- &vpn 554dd0be7ba432b2a2c72df52b35c2235938f603
|
||||||
|
- &minio age1p5hu2l0ys8z2j9rhf0xp5et2wd4222utyn3tk562ksrxmckye9dqu25f49
|
||||||
creation_rules:
|
creation_rules:
|
||||||
- path_regex: machines/loki/[^/]+\.yaml$
|
- path_regex: machines/loki/[^/]+\.yaml$
|
||||||
key_groups:
|
key_groups:
|
||||||
|
@ -28,3 +29,8 @@ creation_rules:
|
||||||
key_groups:
|
key_groups:
|
||||||
- age:
|
- age:
|
||||||
- *erwin_age
|
- *erwin_age
|
||||||
|
- path_regex: machines/minio/[^/]+\.yaml$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *erwin_age
|
||||||
|
- *minio
|
||||||
|
|
14
flake.nix
14
flake.nix
|
@ -211,6 +211,18 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
minio = {
|
||||||
|
hostname = "10.0.0.204";
|
||||||
|
|
||||||
|
profiles = {
|
||||||
|
system = {
|
||||||
|
sshUser = "root";
|
||||||
|
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.minio;
|
||||||
|
user = "root";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
// (flake-utils.lib.eachSystem [ "aarch64-linux" "x86_64-linux" ])
|
// (flake-utils.lib.eachSystem [ "aarch64-linux" "x86_64-linux" ])
|
||||||
|
@ -289,6 +301,8 @@
|
||||||
nix-prefetch-docker
|
nix-prefetch-docker
|
||||||
nixos-install-tools
|
nixos-install-tools
|
||||||
deploy-rs.packages.${system}.deploy-rs
|
deploy-rs.packages.${system}.deploy-rs
|
||||||
|
terraform
|
||||||
|
terraform-ls
|
||||||
|
|
||||||
eww-wayland
|
eww-wayland
|
||||||
];
|
];
|
||||||
|
|
|
@ -18,6 +18,9 @@ inputs: {
|
||||||
mimir = {
|
mimir = {
|
||||||
config = import ./mimir/configuration.nix inputs;
|
config = import ./mimir/configuration.nix inputs;
|
||||||
};
|
};
|
||||||
|
minio = {
|
||||||
|
config = import ./minio/configuration.nix inputs;
|
||||||
|
};
|
||||||
proxy = {
|
proxy = {
|
||||||
config = import ./proxy/configuration.nix inputs;
|
config = import ./proxy/configuration.nix inputs;
|
||||||
};
|
};
|
||||||
|
|
58
machines/minio/configuration.nix
Normal file
58
machines/minio/configuration.nix
Normal file
|
@ -0,0 +1,58 @@
|
||||||
|
{ self, ... }:
|
||||||
|
{ modulesPath, ... }: {
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/virtualisation/proxmox-lxc.nix")
|
||||||
|
../../users/root
|
||||||
|
../../users/erwin
|
||||||
|
];
|
||||||
|
|
||||||
|
eboskma = {
|
||||||
|
users.erwin.enable = true;
|
||||||
|
services = {
|
||||||
|
minio.enable = true;
|
||||||
|
};
|
||||||
|
nix-common = {
|
||||||
|
enable = true;
|
||||||
|
remote-builders = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
time.timeZone = "Europe/Amsterdam";
|
||||||
|
|
||||||
|
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
|
||||||
|
|
||||||
|
# networking = {
|
||||||
|
# hostName = "gitea";
|
||||||
|
# useDHCP = false;
|
||||||
|
|
||||||
|
# interfaces = {
|
||||||
|
# eth0 = {
|
||||||
|
# ipv4.addresses = [
|
||||||
|
# {
|
||||||
|
# address = "10.0.0.204";
|
||||||
|
# prefixLength = 24;
|
||||||
|
# }
|
||||||
|
# ];
|
||||||
|
# };
|
||||||
|
# };
|
||||||
|
|
||||||
|
# defaultGateway = "10.0.0.1";
|
||||||
|
# nameservers = [ "10.0.0.254" ];
|
||||||
|
# };
|
||||||
|
|
||||||
|
proxmoxLXC = {
|
||||||
|
privileged = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
security.sudo.execWheelOnly = true;
|
||||||
|
security.pam.enableSSHAgentAuth = true;
|
||||||
|
|
||||||
|
# services.openssh.enable = true;
|
||||||
|
|
||||||
|
sops.defaultSopsFile = ./secrets.yaml;
|
||||||
|
sops.secrets = {
|
||||||
|
minio-root-credentials = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "23.05";
|
||||||
|
}
|
45
machines/minio/main.tf
Normal file
45
machines/minio/main.tf
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
terraform {
|
||||||
|
required_providers {
|
||||||
|
proxmox = {
|
||||||
|
source = "Telmate/proxmox"
|
||||||
|
version = "2.9.11"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
provider "proxmox" {
|
||||||
|
pm_api_url = var.proxmox_api_url
|
||||||
|
pm_api_token_id = var.proxmox_token_id
|
||||||
|
pm_api_token_secret = var.proxmox_token_secret
|
||||||
|
pm_tls_insecure = true
|
||||||
|
}
|
||||||
|
|
||||||
|
resource "proxmox_lxc" "minio" {
|
||||||
|
target_node = "pve"
|
||||||
|
hostname = "minio"
|
||||||
|
ostemplate = "loki:vztmpl/nixos-23.05-default_20230104_amd64.tar.xz"
|
||||||
|
unprivileged = false
|
||||||
|
|
||||||
|
memory = 2048
|
||||||
|
swap = 2048
|
||||||
|
|
||||||
|
rootfs {
|
||||||
|
storage = "local-lvm"
|
||||||
|
size = "32G"
|
||||||
|
}
|
||||||
|
|
||||||
|
mountpoint {
|
||||||
|
key = "0"
|
||||||
|
slot = 0
|
||||||
|
storage = "local-lvm"
|
||||||
|
mp = "/data"
|
||||||
|
size = "256G"
|
||||||
|
}
|
||||||
|
|
||||||
|
network {
|
||||||
|
name = "eth0"
|
||||||
|
bridge = "vmbr0"
|
||||||
|
ip = "10.0.0.204/24"
|
||||||
|
gw = "10.0.0.1"
|
||||||
|
}
|
||||||
|
}
|
30
machines/minio/secrets.yaml
Normal file
30
machines/minio/secrets.yaml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
minio-root-credentials: ENC[AES256_GCM,data:IR2xlQ/pXHUA0baJTe9J+iH4qsw3dHeCP+oSQ3yZohQSm1mrXil7HR1NlsI2sbQVQM1GAJcmPytrn7z3YocrainnDv3WZ0AeRqwyEtItC2cXfw3mfh+SIeq2sX2jkYDycuW0J7jRdCBV+Bs=,iv:A7cgR9ykXY4qkixDp699wzNLs4AEVEJRJ8PxzOAnCqU=,tag:++C4ejM5h8wM95G2N6PZmg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1N09uWml0ZUtjNU1KeGdq
|
||||||
|
OERZMDI2TGJQVmlkNjR4WVZ6NGNKZVU3RFE0Cm1DcHpHOGpjVitsVnVFVnJLTVdq
|
||||||
|
NmJ3Z1FWQVM5Nmg5aFBsMkVWNzR2Ym8KLS0tIERpQ1ZEQk9MaEJBZEFHcHU1QUty
|
||||||
|
a2gxTUJvQTlWcENqWVpGOXRkUjhKanMKDEyB7p8Dg61szFU06W+384FJ3GcUNbvc
|
||||||
|
1J7kdL/8JdsS5ziTmI5PU5pz0rARkZuloxKpBX/QEuSLcQiYtBY2qQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1p5hu2l0ys8z2j9rhf0xp5et2wd4222utyn3tk562ksrxmckye9dqu25f49
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJMkNBUmJwNG5aanBWcUFz
|
||||||
|
MFdiVjlJQk83YnJvM2hTQURZWjJIU1lkQzBNCmZKK2Nzak5nOGJLdURJaUJTcURo
|
||||||
|
TW9DY0ZrYXBITUl5UVA5R1JJVXp5dTQKLS0tIEVvNUZRWkZrSjRWNFQ2RVlHemxJ
|
||||||
|
UmhqQTFQeWc3L1BlazlINnltUDFzdEEKO2PfIgkx36lOUDPn3EmZTw/Puy+Oou6G
|
||||||
|
oiICgnNvvBOlHTX+myOKA+Y1J0hmSiPQCpFTIPSJLvn67a0uxTAdpw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-01-04T22:17:52Z"
|
||||||
|
mac: ENC[AES256_GCM,data:aK5XNUiQYVHpSRuztLO7WXQnBQwScvtF3rABMjsJBbJ2aep74MhVUYEq9FwQOaC3puB2J0jdfKd0i6Mxdn0iScZ1JndGizEqBOeyxVZuAIfg5jL2sL/FjKGIU6BgbNquExiCnllikVyEKfjfX9sxkaB7vfjuYNauQ7hPW68GCwI=,iv:HYx9SaTBDICgWcU9B+a7h9pWA5+fVjZ0Y9pfrv4iAJM=,tag:fJXCQdCXd7IddyRP9Scueg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
20
modules/minio/default.nix
Normal file
20
modules/minio/default.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.eboskma.services.minio;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.eboskma.services.minio = { enable = mkEnableOption "minio"; };
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.minio = {
|
||||||
|
enable = true;
|
||||||
|
dataDir = [ "/data" ];
|
||||||
|
browser = true;
|
||||||
|
region = "local";
|
||||||
|
rootCredentialsFile = config.sops.secrets.minio-root-credentials.path;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 9000 9001 ];
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue