cluster/services/storage: expose garage

cluster/services/storage/default.nix

@@ -24,6 +24,7 @@ in
         ./garage.nix
         ./garage-options.nix
         ./garage-layout.nix
+        ./garage-gateway.nix
         {
           services.garage = {
             inherit (config.garage) buckets keys;
@@ -51,4 +52,6 @@ in
       allow.storage-prophet = [ "read" "write" ];
     };
   };
+
+  dns.records.garage.consulService = "garage";
 }

cluster/services/storage/garage-gateway.nix

@@ -0,0 +1,52 @@
+{ config, cluster, depot, lib, ... }:
+
+let
+  inherit (depot.lib.meta) domain;
+in
+
+{
+  links.garageMetrics.protocol = "http";
+
+  services.garage.settings.admin.api_bind_addr = config.links.garageMetrics.tuple;
+
+  services.nginx.virtualHosts = {
+    "garage.${domain}" = depot.lib.nginx.vhosts.basic // {
+      locations = {
+        "/".proxyPass = cluster.config.hostLinks.${config.networking.hostName}.garageS3.url;
+
+        "= /".proxyPass = config.links.garageMetrics.tuple;
+      };
+    };
+  };
+  security.acme.certs."garage.${domain}" = {
+    dnsProvider = "pdns";
+    webroot = lib.mkForce null;
+  };
+
+  consul.services.garage = {
+    mode = "external";
+    definition = rec {
+      name = "garage";
+      address = depot.reflection.interfaces.primary.addrPublic;
+      port = 443;
+      checks = [
+        rec {
+          name = "Frontend";
+          id = "service:garage:frontend";
+          interval = "60s";
+          http = "https://${address}/health";
+          tls_server_name = "garage.${domain}";
+          header.Host = lib.singleton tls_server_name;
+          method = "HEAD";
+        }
+        {
+          name = "Garage Node";
+          id = "service:garage:node";
+          interval = "5s";
+          http = "${config.links.garageMetrics.url}/health";
+          method = "HEAD";
+        }
+      ];
+    };
+  };
+}