cluster/services/storage: move prophet storage to S3
This commit is contained in:
parent
25f3b2da0a
commit
10c5d853d7
5 changed files with 16 additions and 8 deletions
|
@ -44,4 +44,11 @@ in
|
|||
ipv4 = meshIpForNode name;
|
||||
};
|
||||
});
|
||||
|
||||
garage = {
|
||||
keys.storage-prophet = {};
|
||||
buckets.storage-prophet = {
|
||||
allow.storage-prophet = [ "read" "write" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,15 +1,16 @@
|
|||
{ config, ... }:
|
||||
{ config, cluster, ... }:
|
||||
|
||||
let
|
||||
inherit (config.networking) hostName;
|
||||
in
|
||||
|
||||
{
|
||||
services.external-storage = {
|
||||
underlays.default = {
|
||||
subUser = "sub1";
|
||||
credentialsFile = ./secrets/storage-box-credentials.age;
|
||||
path = "/fs/by-host/${config.networking.hostName}";
|
||||
};
|
||||
fileSystems.external = {
|
||||
mountpoint = "/srv/storage";
|
||||
encryptionKeyFile = ./secrets/external-storage-encryption-key-${config.networking.hostName}.age;
|
||||
authFile = ./secrets/external-storage-auth-${hostName}.age;
|
||||
backend = "s3c://${cluster.config.hostLinks.${hostName}.garageS3.tuple}/storage-${hostName}";
|
||||
backendOptions = [ "no-ssl" ];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Binary file not shown.
Binary file not shown.
|
@ -45,7 +45,7 @@ in with hosts;
|
|||
"cluster/services/patroni/passwords/rewind.age".publicKeys = max ++ map systemKeys [ thunderskin VEGAS prophet ];
|
||||
"cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ thunderskin VEGAS prophet ];
|
||||
"cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
|
||||
"cluster/services/storage/secrets/external-storage-encryption-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
||||
"cluster/services/storage/secrets/external-storage-auth-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
|
||||
"cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
|
||||
"cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
|
||||
"cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];
|
||||
|
|
Loading…
Reference in a new issue