Add minio stuff

This commit is contained in:
Erwin Boskma 2023-01-06 00:11:11 +01:00
parent 7fc716534f
commit 83b15681b1
Signed by: erwin
SSH key fingerprint: SHA256:CyeNoWXd3kjX2Nwu6pDxxdS7OqmPVOy0NavA/KU/ntU
7 changed files with 180 additions and 4 deletions

View file

@ -1,13 +1,14 @@
keys: keys:
- &erwin b785a9688947edabb9ec8933ee7adefe1d943c7b # - &erwin b785a9688947edabb9ec8933ee7adefe1d943c7b
- &erwin_age age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht - &erwin_age age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
- &loki a6e31f5ab2bf34ca3f614d81ed9d6ae54dbcb9f7 # - &loki a6e31f5ab2bf34ca3f614d81ed9d6ae54dbcb9f7
- &loki_age age1m93jeyexus2uqvrk99r7hh0xp7qxk55tgmju4h422dfkf92jce2sxpntu5 - &loki_age age1m93jeyexus2uqvrk99r7hh0xp7qxk55tgmju4h422dfkf92jce2sxpntu5
- &drone 8eefb1f8c85704ca47aa226a692372b1fc4bb9bf # - &drone 8eefb1f8c85704ca47aa226a692372b1fc4bb9bf
- &drone_age age1q0dfxz58vt4zxwx2etqy8xycf4l0p5nujpznh53kd0fwwc28ms7q6qrhct - &drone_age age1q0dfxz58vt4zxwx2etqy8xycf4l0p5nujpznh53kd0fwwc28ms7q6qrhct
- &gitea ca0dba2f767679957879077fb8922c8ba16710be # - &gitea ca0dba2f767679957879077fb8922c8ba16710be
- &gitea_age age1jkj6xrhr3uf52hac4wlda4a8jcegha86jf5lgv58df0xunadz53qpjlpae - &gitea_age age1jkj6xrhr3uf52hac4wlda4a8jcegha86jf5lgv58df0xunadz53qpjlpae
- &vpn 554dd0be7ba432b2a2c72df52b35c2235938f603 - &vpn 554dd0be7ba432b2a2c72df52b35c2235938f603
- &minio age1p5hu2l0ys8z2j9rhf0xp5et2wd4222utyn3tk562ksrxmckye9dqu25f49
creation_rules: creation_rules:
- path_regex: machines/loki/[^/]+\.yaml$ - path_regex: machines/loki/[^/]+\.yaml$
key_groups: key_groups:
@ -28,3 +29,8 @@ creation_rules:
key_groups: key_groups:
- age: - age:
- *erwin_age - *erwin_age
- path_regex: machines/minio/[^/]+\.yaml$
key_groups:
- age:
- *erwin_age
- *minio

View file

@ -211,6 +211,18 @@
}; };
}; };
}; };
minio = {
hostname = "10.0.0.204";
profiles = {
system = {
sshUser = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.minio;
user = "root";
};
};
};
}; };
} }
// (flake-utils.lib.eachSystem [ "aarch64-linux" "x86_64-linux" ]) // (flake-utils.lib.eachSystem [ "aarch64-linux" "x86_64-linux" ])
@ -289,6 +301,8 @@
nix-prefetch-docker nix-prefetch-docker
nixos-install-tools nixos-install-tools
deploy-rs.packages.${system}.deploy-rs deploy-rs.packages.${system}.deploy-rs
terraform
terraform-ls
eww-wayland eww-wayland
]; ];

View file

@ -18,6 +18,9 @@ inputs: {
mimir = { mimir = {
config = import ./mimir/configuration.nix inputs; config = import ./mimir/configuration.nix inputs;
}; };
minio = {
config = import ./minio/configuration.nix inputs;
};
proxy = { proxy = {
config = import ./proxy/configuration.nix inputs; config = import ./proxy/configuration.nix inputs;
}; };

View file

@ -0,0 +1,58 @@
{ self, ... }:
{ modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
../../users/root
../../users/erwin
];
eboskma = {
users.erwin.enable = true;
services = {
minio.enable = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
# networking = {
# hostName = "gitea";
# useDHCP = false;
# interfaces = {
# eth0 = {
# ipv4.addresses = [
# {
# address = "10.0.0.204";
# prefixLength = 24;
# }
# ];
# };
# };
# defaultGateway = "10.0.0.1";
# nameservers = [ "10.0.0.254" ];
# };
proxmoxLXC = {
privileged = true;
};
security.sudo.execWheelOnly = true;
security.pam.enableSSHAgentAuth = true;
# services.openssh.enable = true;
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
minio-root-credentials = { };
};
system.stateVersion = "23.05";
}

45
machines/minio/main.tf Normal file
View file

@ -0,0 +1,45 @@
terraform {
required_providers {
proxmox = {
source = "Telmate/proxmox"
version = "2.9.11"
}
}
}
provider "proxmox" {
pm_api_url = var.proxmox_api_url
pm_api_token_id = var.proxmox_token_id
pm_api_token_secret = var.proxmox_token_secret
pm_tls_insecure = true
}
resource "proxmox_lxc" "minio" {
target_node = "pve"
hostname = "minio"
ostemplate = "loki:vztmpl/nixos-23.05-default_20230104_amd64.tar.xz"
unprivileged = false
memory = 2048
swap = 2048
rootfs {
storage = "local-lvm"
size = "32G"
}
mountpoint {
key = "0"
slot = 0
storage = "local-lvm"
mp = "/data"
size = "256G"
}
network {
name = "eth0"
bridge = "vmbr0"
ip = "10.0.0.204/24"
gw = "10.0.0.1"
}
}

View file

@ -0,0 +1,30 @@
minio-root-credentials: ENC[AES256_GCM,data:IR2xlQ/pXHUA0baJTe9J+iH4qsw3dHeCP+oSQ3yZohQSm1mrXil7HR1NlsI2sbQVQM1GAJcmPytrn7z3YocrainnDv3WZ0AeRqwyEtItC2cXfw3mfh+SIeq2sX2jkYDycuW0J7jRdCBV+Bs=,iv:A7cgR9ykXY4qkixDp699wzNLs4AEVEJRJ8PxzOAnCqU=,tag:++C4ejM5h8wM95G2N6PZmg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1N09uWml0ZUtjNU1KeGdq
OERZMDI2TGJQVmlkNjR4WVZ6NGNKZVU3RFE0Cm1DcHpHOGpjVitsVnVFVnJLTVdq
NmJ3Z1FWQVM5Nmg5aFBsMkVWNzR2Ym8KLS0tIERpQ1ZEQk9MaEJBZEFHcHU1QUty
a2gxTUJvQTlWcENqWVpGOXRkUjhKanMKDEyB7p8Dg61szFU06W+384FJ3GcUNbvc
1J7kdL/8JdsS5ziTmI5PU5pz0rARkZuloxKpBX/QEuSLcQiYtBY2qQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p5hu2l0ys8z2j9rhf0xp5et2wd4222utyn3tk562ksrxmckye9dqu25f49
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJMkNBUmJwNG5aanBWcUFz
MFdiVjlJQk83YnJvM2hTQURZWjJIU1lkQzBNCmZKK2Nzak5nOGJLdURJaUJTcURo
TW9DY0ZrYXBITUl5UVA5R1JJVXp5dTQKLS0tIEVvNUZRWkZrSjRWNFQ2RVlHemxJ
UmhqQTFQeWc3L1BlazlINnltUDFzdEEKO2PfIgkx36lOUDPn3EmZTw/Puy+Oou6G
oiICgnNvvBOlHTX+myOKA+Y1J0hmSiPQCpFTIPSJLvn67a0uxTAdpw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-01-04T22:17:52Z"
mac: ENC[AES256_GCM,data:aK5XNUiQYVHpSRuztLO7WXQnBQwScvtF3rABMjsJBbJ2aep74MhVUYEq9FwQOaC3puB2J0jdfKd0i6Mxdn0iScZ1JndGizEqBOeyxVZuAIfg5jL2sL/FjKGIU6BgbNquExiCnllikVyEKfjfX9sxkaB7vfjuYNauQ7hPW68GCwI=,iv:HYx9SaTBDICgWcU9B+a7h9pWA5+fVjZ0Y9pfrv4iAJM=,tag:fJXCQdCXd7IddyRP9Scueg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

20
modules/minio/default.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, ... }:
with lib;
let
cfg = config.eboskma.services.minio;
in
{
options.eboskma.services.minio = { enable = mkEnableOption "minio"; };
config = mkIf cfg.enable {
services.minio = {
enable = true;
dataDir = [ "/data" ];
browser = true;
region = "local";
rootCredentialsFile = config.sops.secrets.minio-root-credentials.path;
};
networking.firewall.allowedTCPPorts = [ 9000 9001 ];
};
}