feat: add minio (#161)

* feat: add minio * fix: minio's reverse proxy * fix: minio secrets & reverse proxy
2026-04-19 23:41:21 +02:00 · 2024-09-02 18:28:56 +08:00
parent 2ff2c56fae
commit 07b74cd2e5
4 changed files with 58 additions and 3 deletions
--- a/hosts/idols-aquamarine/caddy.nix
+++ b/hosts/idols-aquamarine/caddy.nix
@@ -91,6 +91,38 @@ in {
      encode zstd gzip
      reverse_proxy http://localhost:9093
    '';
+    virtualHosts."minio.writefor.fun".extraConfig = ''
+      ${hostCommonConfig}
+      encode zstd gzip
+      reverse_proxy http://localhost:9096 {
+        header_up Host {http.request.host}
+        header_up X-Real-IP {http.request.remote.host}
+        header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
+        header_up X-Forwarded-Proto {scheme}
+        transport http {
+            dial_timeout 300s
+            read_timeout 300s
+            write_timeout 300s
+        }
+      }
+    '';
+    virtualHosts."minio-ui.writefor.fun".extraConfig = ''
+      ${hostCommonConfig}
+      encode zstd gzip
+      reverse_proxy http://localhost:9097 {
+        header_up Host {http.request.host}
+        header_up X-Real-IP {http.request.remote.host}
+        header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
+        header_up X-Forwarded-Proto {scheme}
+        header_up Upgrade {http.request.header.Upgrade}
+        header_up Connection {http.request.header.Connection}
+        transport http {
+            dial_timeout 300s
+            read_timeout 300s
+            write_timeout 300s
+        }
+      }
+    '';
  };
  networking.firewall.allowedTCPPorts = [80 443];

--- a/hosts/idols-aquamarine/minio.nix
+++ b/hosts/idols-aquamarine/minio.nix
@@ -0,0 +1,18 @@
+{config, ...}: let
+  dataDir = ["/data/apps/minio/data"];
+  configDir = "/data/apps/minio/config";
+in {
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/web-servers/minio.nix
+  services.minio = {
+    enable = true;
+    browser = true; # Enable or disable access to web UI.
+
+    inherit dataDir configDir;
+    listenAddress = "127.0.0.1:9096";
+    consoleAddress = "127.0.0.1:9097"; # Web UI
+    region = "us-east-1"; # default to us-east-1, same as AWS S3.
+
+    # File containing the MINIO_ROOT_USER, default is “minioadmin”, and MINIO_ROOT_PASSWORD (length >= 8), default is “minioadmin”;
+    rootCredentialsFile = config.age.secrets."minio.env".path;
+  };
+}