services/object-storage: use built-in console

hosts/VEGAS/services/object-storage/default.nix

@@ -1,16 +1,11 @@
 { config, inputs, lib, pkgs, tools, ... }:
 with tools.nginx;
 let
-  addrSplit' = builtins.split ":" config.services.minio.listenAddress;
+  minioPort = config.portsStr.minio;
-  addrSplit = builtins.filter builtins.isString addrSplit';
+  consolePort = config.portsStr.minioConsole;
-  host' = builtins.head addrSplit;
-  host = if host' == "" then "127.0.0.1" else host';
-  port = builtins.head (builtins.tail addrSplit);
-
-  minioConsole = inputs.self.packages.${pkgs.system}.minio-console;
 in
 {
-  reservePortsFor = [ "minioConsole" ];
+  reservePortsFor = [ "minio" "minioConsole" ];
 
   age.secrets.minio-root-credentials = {
     file = ../../../../secrets/minio-root-credentials.age;
@@ -18,17 +13,13 @@ in
     group = "root";
     mode = "0400";
   };
-  age.secrets.minio-console-secrets = {
-    file = ../../../../secrets/minio-console-secrets.age;
-    owner = "root";
-    group = "root";
-    mode = "0400";
-  };
   services.minio = {
     enable = true;
     rootCredentialsFile = config.age.secrets.minio-root-credentials.path;
     dataDir = [ "/srv/storage/objects" ];
     browser = true;
+    listenAddress = "127.0.0.1:${minioPort}";
+    consoleAddress = "127.0.0.1:${consolePort}";
   };
   systemd.services.minio.serviceConfig = {
     Slice = "remotefshost.slice";
@@ -37,35 +28,19 @@ in
     # TODO: vhosts.proxy?
     "object-storage" = vhosts.basic // {
       locations = {
-        "/".proxyPass = "http://${host}:${port}";
+        "/".proxyPass = "http://127.0.0.1:${minioPort}";
-        "= /dashboard".proxyPass = "http://${host}:${port}";
+        "= /dashboard".proxyPass = "http://127.0.0.1:${minioPort}";
       };
       extraConfig = "client_max_body_size 4G;";
     };
     "console.object-storage" = vhosts.basic // {
       locations = {
-        "/".proxyPass = "http://127.0.0.1:${config.portsStr.minioConsole}";
+        "/".proxyPass = "http://127.0.0.1:${consolePort}";
       };
     };
-    "cdn" = lib.recursiveUpdate (vhosts.proxy "http://${host}:${port}/content-delivery$request_uri") {
+    "cdn" = lib.recursiveUpdate (vhosts.proxy "http://127.0.0.1:${minioPort}/content-delivery$request_uri") {
       locations."= /".return = "302 /index.html";
     };
   };
   services.oauth2_proxy.nginx.virtualHosts = [ "console.object-storage.${tools.meta.domain}" ];
-  systemd.services.minio-console = {
-    enable = true;
-    wantedBy = [ "default.target" ];
-    serviceConfig = {
-      ExecStart = "${minioConsole}/bin/console server --port ${config.portsStr.minioConsole}";
-      EnvironmentFile = config.age.secrets.minio-console-secrets.path;
-      DynamicUser = true;
-      User = "minio-console";
-    };
-    environment = {
-      CONSOLE_MINIO_REGION = "us-east-1";
-      # TODO: external or internal?
-      CONSOLE_MINIO_SERVER = "https://object-storage.${tools.meta.domain}";
-    };
-    path = [ pkgs.glibc.bin ];
-  };
 }

secrets/secrets.nix

@@ -29,7 +29,6 @@ in with hosts;
   "ipfs-swarm-key.age".publicKeys = max ++ map systemKeys [ VEGAS prophet ];
   "keycloak-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "matrix-appservice-discord-token.age".publicKeys = max ++ map systemKeys [ VEGAS ];
-  "minio-console-secrets.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "minio-root-credentials.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "nextcloud-adminpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];
   "nextcloud-dbpass.age".publicKeys = max ++ map systemKeys [ VEGAS ];