cluster/services/storage: expose garage

This commit is contained in:
Max Headroom 2023-11-03 20:40:34 +01:00
parent 13d1dd572f
commit 024dcc78b0
2 changed files with 55 additions and 0 deletions

View file

@ -24,6 +24,7 @@ in
./garage.nix ./garage.nix
./garage-options.nix ./garage-options.nix
./garage-layout.nix ./garage-layout.nix
./garage-gateway.nix
{ {
services.garage = { services.garage = {
inherit (config.garage) buckets keys; inherit (config.garage) buckets keys;
@ -51,4 +52,6 @@ in
allow.storage-prophet = [ "read" "write" ]; allow.storage-prophet = [ "read" "write" ];
}; };
}; };
dns.records.garage.consulService = "garage";
} }

View file

@ -0,0 +1,52 @@
{ config, cluster, depot, lib, ... }:
let
inherit (depot.lib.meta) domain;
in
{
links.garageMetrics.protocol = "http";
services.garage.settings.admin.api_bind_addr = config.links.garageMetrics.tuple;
services.nginx.virtualHosts = {
"garage.${domain}" = depot.lib.nginx.vhosts.basic // {
locations = {
"/".proxyPass = cluster.config.hostLinks.${config.networking.hostName}.garageS3.url;
"= /".proxyPass = config.links.garageMetrics.tuple;
};
};
};
security.acme.certs."garage.${domain}" = {
dnsProvider = "pdns";
webroot = lib.mkForce null;
};
consul.services.garage = {
mode = "external";
definition = rec {
name = "garage";
address = depot.reflection.interfaces.primary.addrPublic;
port = 443;
checks = [
rec {
name = "Frontend";
id = "service:garage:frontend";
interval = "60s";
http = "https://${address}/health";
tls_server_name = "garage.${domain}";
header.Host = lib.singleton tls_server_name;
method = "HEAD";
}
{
name = "Garage Node";
id = "service:garage:node";
interval = "5s";
http = "${config.links.garageMetrics.url}/health";
method = "HEAD";
}
];
};
};
}