89 lines
1.9 KiB
Nix
89 lines
1.9 KiB
Nix
{ pkgs, config, lib, ...}: let
|
|
mkLocalMinio = {
|
|
path, n
|
|
}: {
|
|
autoStart = true;
|
|
|
|
privateNetwork = true;
|
|
hostBridge = "br0";
|
|
localAddress = "10.0.0.${toString (10+n)}/24";
|
|
|
|
# If true it registers a new node very time
|
|
# need to find where it stores the state
|
|
ephemeral = false;
|
|
|
|
bindMounts = {
|
|
"/mnt/disk1/minio" = {
|
|
hostPath = path;
|
|
isReadOnly = false;
|
|
};
|
|
"/rootCreds" = {
|
|
hostPath = config.sops.secrets.minioRoot.path;
|
|
isReadOnly = true;
|
|
};
|
|
};
|
|
|
|
config = {pkgs, config, ...}: {
|
|
system.stateVersion = "22.11";
|
|
|
|
networking.defaultGateway = "10.0.0.1";
|
|
|
|
networking.firewall = {
|
|
allowedTCPPorts = [
|
|
9000
|
|
7501
|
|
];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
minio
|
|
minio-client
|
|
];
|
|
|
|
services.minio = {
|
|
enable = true;
|
|
listenAddress = ":9000";
|
|
consoleAddress = ":7501";
|
|
|
|
dataDir = [
|
|
];
|
|
|
|
rootCredentialsFile = "/rootCreds";
|
|
};
|
|
systemd.services.minio.after = ["tailscale_autologin.service"];
|
|
systemd.services.minio.preStart = ''
|
|
sleep 2s
|
|
'';
|
|
systemd.services.minio.environment = {
|
|
MINIO_VOLUMES = "/mnt/disk1/minio";
|
|
# Expandable later, but each pool must have more than 1 disk.
|
|
# https://github.com/minio/minio/issues/16711
|
|
MINIO_SERVER_URL = "http://100.64.0.4:9000";
|
|
MINIO_PROMETHEUS_URL = "http://100.64.0.4:9999";
|
|
MINIO_PROMETHEUS_JOB_ID = "minio-job";
|
|
};
|
|
};
|
|
};
|
|
in {
|
|
imports = [
|
|
../../modules/containerHeadscale.nix
|
|
];
|
|
|
|
sops.secrets.minioRoot = {
|
|
owner = "root";
|
|
mode = "0444";
|
|
};
|
|
|
|
containers = {
|
|
minio1 = mkLocalMinio {
|
|
path = "/mass/minio";
|
|
n = 1;
|
|
};
|
|
};
|
|
services.headscale.containers = {
|
|
minio1 = {
|
|
|
|
};
|
|
};
|
|
}
|