From 8ba8fc98ca56daeca71e1d00a550c46a6ebe7d1d Mon Sep 17 00:00:00 2001 From: zack Date: Tue, 22 Oct 2024 15:15:39 -0400 Subject: [PATCH] update minio --- flake.nix | 5 +- homes/x86_64-linux/zoey@earth/default.nix | 1 + modules/nixos/sites/minio/default.nix | 85 ++++++++++++++++++ modules/nixos/sites/minio/sec/minio.age | Bin 0 -> 648 bytes systems/x86_64-linux/pluto/default.nix | 29 +++++- systems/x86_64-linux/pluto/sec/zc_db_pass.age | Bin 0 -> 607 bytes systems/x86_64-linux/pluto/sec/zc_key.age | Bin 0 -> 607 bytes 7 files changed, 118 insertions(+), 2 deletions(-) create mode 100644 modules/nixos/sites/minio/default.nix create mode 100644 modules/nixos/sites/minio/sec/minio.age create mode 100644 systems/x86_64-linux/pluto/sec/zc_db_pass.age create mode 100644 systems/x86_64-linux/pluto/sec/zc_key.age diff --git a/flake.nix b/flake.nix index 0de19bf..665c733 100644 --- a/flake.nix +++ b/flake.nix @@ -101,7 +101,10 @@ zen-browser.url = "github:MarceColl/zen-browser-flake"; - zoeycomputer.url = "git+https://git.zoeys.computer/zoey/zoeys.computer"; + zoeycomputer = { + url = "git+https://git.zoeys.computer/zoey/zoeys.computer"; + # inputs.nixpkgs.follows = "nixpkgs"; + }; systems.url = "github:nix-systems/default"; spicetify-nix = { diff --git a/homes/x86_64-linux/zoey@earth/default.nix b/homes/x86_64-linux/zoey@earth/default.nix index dc5255f..66cc5d8 100644 --- a/homes/x86_64-linux/zoey@earth/default.nix +++ b/homes/x86_64-linux/zoey@earth/default.nix @@ -41,6 +41,7 @@ services.lock.enable = true; services.music.enable = true; services.pm-bridge.enable = true; + services.pm-bridge.nonInteractive = true; services.udiskie.enable = true; xdg.enable = true; diff --git a/modules/nixos/sites/minio/default.nix b/modules/nixos/sites/minio/default.nix new file mode 100644 index 0000000..40685c4 --- /dev/null +++ b/modules/nixos/sites/minio/default.nix @@ -0,0 +1,85 @@ +{ + lib, + config, + pkgs, + ... +}: +with lib; +with lib.custom; let + cfg = config.sites.minio; +in { + options.sites.minio = with types; { + enable = mkBoolOpt false "Enable Hydra"; + }; + + config = mkIf cfg.enable { + age.secrets = { + minio = { + owner = "minio"; + group = "minio"; + file = ./sec/minio.age; + }; + }; + + services.minio = { + enable = true; + consoleAddress = ":4242"; + rootCredentialsFile = config.age.secrets.minio.path; + }; + + services.nginx.virtualHosts."s3.zoeys.computer" = { + forceSSL = true; + enableACME = true; + extraConfig = '' + # Allow special characters in headers + ignore_invalid_headers off; + # Allow any size file to be uploaded. + # Set to a value such as 1000m; to restrict file size to a specific value + client_max_body_size 0; + # Disable buffering + proxy_buffering off; + proxy_request_buffering off; + ''; + locations."/" = { + proxyPass = "http://localhost${config.services.minio.listenAddress}"; + extraConfig = '' + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + + proxy_connect_timeout 300; + # Default is HTTP/1, keepalive is only enabled in HTTP/1.1 + proxy_http_version 1.1; + proxy_set_header Connection ""; + chunked_transfer_encoding off; + ''; + }; + locations."/minio/ui" = { + proxyPass = "http://localhost${config.services.minio.consoleAddress}"; + extraConfig = '' + rewrite ^/minio/ui/(.*) /$1 break; + proxy_set_header Host $http_host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-NginX-Proxy true; + + # This is necessary to pass the correct IP to be hashed + real_ip_header X-Real-IP; + + proxy_connect_timeout 300; + + # To support websockets in MinIO versions released after January 2023 + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) + # Uncomment the following line to set the Origin request to an empty string + # proxy_set_header Origin \'\'; + chunked_transfer_encoding off; + ''; + }; + }; + }; +} diff --git a/modules/nixos/sites/minio/sec/minio.age b/modules/nixos/sites/minio/sec/minio.age new file mode 100644 index 0000000000000000000000000000000000000000..72afbe317b2c898b776e10fc0df76dca8755846d GIT binary patch literal 648 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7aj!}@PFD!e^>H#! zbq~o7EAt7~&okDy$TmwZEAT3-@G3}&h>Y|zGc$HBG%L5vNajlMb4Drq>D)LVbsPu8l^f9t5439D|%tp7ZSlch6Dp0{l+c?L~)Fs5ZP&-^d zJu=KIBfHSpIN8S}FSsH(tIV^sGT5>p&@s09)FADu5--z0H;)ik17lBpk4XK3 zpdjbcsBq`({E(2KjAC@#f_(kb($W>u1O0<@U4u<>&HW4`io=VI{XL6v{8PLt%q@~~ zva>QWO}!)XLoBkA!$P^dog+NMD??m;3Va=15*-c8vi!4+LrVN|qmo_9jWWXX91AkN zLo(crT_d@4b#)aCO7kkpsd5Xx-)#6w)1V#yPX-X-}Kp{8l`!X yw(WgXE2i_yB-2Amd-9!i`yT48?K}~~8nSu+556f?57Nv9!*U8j?wNhCSPuY43Fa^W literal 0 HcmV?d00001 diff --git a/systems/x86_64-linux/pluto/default.nix b/systems/x86_64-linux/pluto/default.nix index 258b5aa..f4caaf0 100644 --- a/systems/x86_64-linux/pluto/default.nix +++ b/systems/x86_64-linux/pluto/default.nix @@ -4,6 +4,7 @@ { pkgs, inputs, + config, ... }: { imports = [ @@ -38,6 +39,19 @@ services.gh.enable = true; services.fail2ban.enable = true; + age.secrets = { + zc_key = { + owner = "zoeyscomputer-phx"; + group = "zoeyscomputer-phx"; + file = ./sec/zc_key.age; + }; + zc_db_pass = { + owner = "zoeyscomputer-phx"; + group = "zoeyscomputer-phx"; + file = ./sec/zc_db_pass.age; + }; + }; + sites = { cv.enable = true; gitlab.enable = true; @@ -48,7 +62,20 @@ map.enable = true; hydra.enable = true; cache.enable = true; - zoeycomputer.enable = true; + minio.enable = true; + zoeycomputer = { + enable = true; + domain = "zoeys.computer"; + phx = { + database = { + name = "zoeyscomputer"; + user = "zoeyscomputer"; + passwordFile = config.age.secrets.zc_db_pass.path; # Optional + host = "localhost"; # Optional, defaults to localhost + }; + secret_key_file = config.age.secrets.zc_key.path; + }; + }; }; zmio.blog.enable = true; diff --git a/systems/x86_64-linux/pluto/sec/zc_db_pass.age b/systems/x86_64-linux/pluto/sec/zc_db_pass.age new file mode 100644 index 0000000000000000000000000000000000000000..8ddae49017345bc3b5101257cdf5efbeb789cb87 GIT binary patch literal 607 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7aj!}@PFKjWs5I90 zs`3j7&a?0c_VM&Hb}Or_%&ju;NKJLj3@f#$%qt2Hi%4>EGvP|i4l8v{Gb{~DOY@0L zsm!~ zzdYZy%H1b1C@dr^!@w=1z$_=%EW|t6z&ANGqMXagMZY-G!aKvy)u1pfCA>)6r_kRm z-90(cr^+$R$Spf3BF!lyH#5mU&;s4IO4pLAq(Ftju#kM$fSgokqg+E11Mj3X-ze9> zWK);ifb7sh!!);){1T^BpHhQNLjx|;N;Ahu^GN61JpB}HAB&vylH^KL-;%dmU!@@l?(jtn|GxSr_b6tZSi%qNCO&m*0yaLla z^ewm!-$@C1mn|H-%IBSPq=>S@#H))HlPfn}2s!V2l=)~{N!;804FR>Twt5@d<@~hn z@4Hqf<0!a;MP}-!mzkGX8hPuk)!Yr5B{Mf>&fKdf7{WM;zcCq4zWCwN!G(smc|z`% GJO==e7tw?O literal 0 HcmV?d00001 diff --git a/systems/x86_64-linux/pluto/sec/zc_key.age b/systems/x86_64-linux/pluto/sec/zc_key.age new file mode 100644 index 0000000000000000000000000000000000000000..e8ace9b4648e3912bdfa91e68c723ae3af80298c GIT binary patch literal 607 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7aj!}@PFL{p_ek*w zNjGtE&GPUo_KwJ|D#*?9_NuHb33PQWFfk7aFDl6|$oBHfFyYEGDi86j%#ElBPcktz zFDx{1&-4ljG)?p_2@22;w+Jf=46iIG(zo;r_e8g?Slch6Do`OcJlwg+!oV-d(K5<1 z%iO>yDBLqNTRSwz&#&AvKO)H4D>yC5t31p-B%LeCH89(>%E`IJA|NcqEif=U!XVAk z$vq;p$~ey_GAP)w$jQksDaWErAH%jv*OIEFK!vbSi!`I$K%;<6->S$&&nQE~qOwG< zd~<_L0}n4Z!y*sQTrZFGR0I8B11>ic|2zXDeW&aKZI`^_l8PcjlXPRhl1wA*oaCso z+_Wr5$1Jyqf+C+t4BLWy{nFCX6$~sKqoQ0g@{(NhEqsECbKQ$VTyxFKD$NT#0}Wj> zeSIUVoZKpMwbLprxRN~#+``jColDKa-4ip5l8Z|sj7)v~y!_px%!^He(hZFD3(DLI zGeUz+xO8=O6$&Gxii0ftL;T&ei#^>k!m|vt3j@r33W9=y3#v+U{qhZy!~ByhwDrp^ zxDLIOJ$r5kL(-Hp8Fn6_&y-I{Me|MT{`}~3wtZWtu|$!1RACI0&fn<~@r#qr)f;@W zTypV)u36`XCuhv>g%xzoR6A-Y9wZP|$dj<2Cw93xL(s~fA6IcO^`Fl-KXFv{{U3J# DKL*cV literal 0 HcmV?d00001