privatevoid.net/depot
1
1
Fork 0
Code Issues 23 Pull requests 2 Projects 3 Releases Packages Wiki Activity Actions

cluster/services/storage: move prophet storage to S3

Browse source
This commit is contained in:
Max Headroom 2023-11-02 03:22:28 +01:00
parent 25f3b2da0a
commit 10c5d853d7
5 changed files with 16 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
cluster/services/storage/default.nix
View file

@ -44,4 +44,11 @@ in
ipv4 = meshIpForNode name;
};
});
garage = {
keys.storage-prophet = {};
buckets.storage-prophet = {
allow.storage-prophet = [ "read" "write" ];
};
};
}

15
cluster/services/storage/external.nix
View file

@ -1,15 +1,16 @@
{ config, ... }:
{ config, cluster, ... }:
let
inherit (config.networking) hostName;
in
{
services.external-storage = {
underlays.default = {
subUser = "sub1";
credentialsFile = ./secrets/storage-box-credentials.age;
path = "/fs/by-host/${config.networking.hostName}";
};
fileSystems.external = {
mountpoint = "/srv/storage";
encryptionKeyFile = ./secrets/external-storage-encryption-key-${config.networking.hostName}.age;
authFile = ./secrets/external-storage-auth-${hostName}.age;
backend = "s3c://${cluster.config.hostLinks.${hostName}.garageS3.tuple}/storage-${hostName}";
backendOptions = [ "no-ssl" ];
};
};
}

BIN
cluster/services/storage/secrets/external-storage-auth-prophet.age Normal file
View file

Binary file not shown.

BIN
cluster/services/storage/secrets/external-storage-encryption-key-prophet.age
View file

Binary file not shown.

2
secrets.nix
View file

@ -45,7 +45,7 @@ in with hosts;
"cluster/services/patroni/passwords/rewind.age".publicKeys = max ++ map systemKeys [ thunderskin VEGAS prophet ];
"cluster/services/patroni/passwords/superuser.age".publicKeys = max ++ map systemKeys [ thunderskin VEGAS prophet ];
"cluster/services/storage/secrets/heresy-encryption-key.age".publicKeys = max ++ map systemKeys [ VEGAS ];
"cluster/services/storage/secrets/external-storage-encryption-key-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/storage/secrets/external-storage-auth-prophet.age".publicKeys = max ++ map systemKeys [ prophet ];
"cluster/services/storage/secrets/garage-rpc-secret.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
"cluster/services/storage/secrets/storage-box-credentials.age".publicKeys = max ++ map systemKeys [ checkmate VEGAS prophet ];
"cluster/services/wireguard/mesh-keys/checkmate.age".publicKeys = max ++ map systemKeys [ checkmate ];