starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-04-24 01:38:28 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

feat: add minio (#161)

Browse Source 
* feat: add minio

* fix: minio's reverse proxy

* fix: minio secrets & reverse proxy
This commit is contained in:
Ryan Yin
2024-09-02 18:28:56 +08:00
committed by GitHub
parent 2ff2c56fae
commit 07b74cd2e5
4 changed files with 58 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
flake.lock generated
View File

@@ -470,10 +470,10 @@
"mysecrets": { "mysecrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1723827270, "lastModified": 1725269346,
"narHash": "sha256-nBq/Sp7u+riKV7xNWq85+owzUGfWdpKdq3qR/0PYTSU=", "narHash": "sha256-VR/gaksXhlNIrnaQg2+uccKn8ZXag8gx6hh1yHARbE4=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "f80a6c11f7b27e257e07f294b45c64a1369438a4", "rev": "4f3ddacef411d4c3d59011a3bd6c14a1dcf19c07",
"shallow": true, "shallow": true,
"type": "git", "type": "git",
"url": "ssh://git@github.com/ryan4yin/nix-secrets.git" "url": "ssh://git@github.com/ryan4yin/nix-secrets.git"

32
hosts/idols-aquamarine/caddy.nix
View File

@@ -91,6 +91,38 @@ in {
encode zstd gzip encode zstd gzip
reverse_proxy http://localhost:9093 reverse_proxy http://localhost:9093
''; '';
virtualHosts."minio.writefor.fun".extraConfig = ''
${hostCommonConfig}
encode zstd gzip
reverse_proxy http://localhost:9096 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
header_up X-Forwarded-Proto {scheme}
transport http {
dial_timeout 300s
read_timeout 300s
write_timeout 300s
}
}
'';
virtualHosts."minio-ui.writefor.fun".extraConfig = ''
${hostCommonConfig}
encode zstd gzip
reverse_proxy http://localhost:9097 {
header_up Host {http.request.host}
header_up X-Real-IP {http.request.remote.host}
header_up X-Forwarded-For {http.request.header.X-Forwarded-For}
header_up X-Forwarded-Proto {scheme}
header_up Upgrade {http.request.header.Upgrade}
header_up Connection {http.request.header.Connection}
transport http {
dial_timeout 300s
read_timeout 300s
write_timeout 300s
}
}
'';
}; };
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [80 443];

18
hosts/idols-aquamarine/minio.nix Normal file
View File

@@ -0,0 +1,18 @@
{config, ...}: let
dataDir = ["/data/apps/minio/data"];
configDir = "/data/apps/minio/config";
in {
# https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/web-servers/minio.nix
services.minio = {
enable = true;
browser = true; # Enable or disable access to web UI.
inherit dataDir configDir;
listenAddress = "127.0.0.1:9096";
consoleAddress = "127.0.0.1:9097"; # Web UI
region = "us-east-1"; # default to us-east-1, same as AWS S3.
# File containing the MINIO_ROOT_USER, default is “minioadmin”, and MINIO_ROOT_PASSWORD (length >= 8), default is “minioadmin”;
rootCredentialsFile = config.age.secrets."minio.env".path;
};
}

5
secrets/nixos.nix
View File

@@ -206,6 +206,11 @@ in {
mode = "0400"; mode = "0400";
owner = "sftpgo"; owner = "sftpgo";
}; };
"minio.env" = {
file = "${mysecrets}/server/minio.env.age";
mode = "0400";
owner = "minio";
};
}; };
}) })