nixos/hosts/architect/minio.nix

{ config, lib, pkgs, ... }:

let
  domain = "s3.giugl.io";

  utilities = import ./utilities.nix { inherit lib config; };
  inherit (utilities) architectInterfaceAddress;
in
{
  services = {
    minio = {
      enable = true;
      package = pkgs.minio_legacy_fs;
    };

    nginx.virtualHosts.${domain} = {
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:9000";
        extraConfig = ''
          client_max_body_size 500M;
          allow ${config.architect.networks.lan.net};
          allow ${config.architect.networks.tailscale.net};
          deny all;
        '';
      };
    };
  };

  networking.extraHosts = ''
    ${architectInterfaceAddress "lan"} ${domain}
    ${architectInterfaceAddress "wireguard"} ${domain}
    ${architectInterfaceAddress "tailscale"} ${domain}
  '';
}
minio: Use legacy package 2023-06-01 20:08:28 +01:00			`{ config, lib, pkgs, ... }:`
removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00
			`let`
			`domain = "s3.giugl.io";`
architect: services use new networking attrset 2023-05-12 22:05:10 +01:00
			`utilities = import ./utilities.nix { inherit lib config; };`
			`inherit (utilities) architectInterfaceAddress;`
Formatting 2023-02-11 02:29:48 +00:00			`in`
			`{`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`services = {`
minio: Use legacy package 2023-06-01 20:08:28 +01:00			`minio = {`
			`enable = true;`
			`package = pkgs.minio_legacy_fs;`
			`};`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00
removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00			`nginx.virtualHosts.${domain} = {`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
calibre, gitea, invidious, matrix, minio, navidrome, nitter: Use 127.0.0.1 instead of localhost, avoiding ipv6 listening adddress 2022-11-11 18:12:24 +00:00			`proxyPass = "http://127.0.0.1:9000";`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`extraConfig = ''`
minio: Allow body of 500M. Allow manduria-wg 2023-01-01 12:33:52 +00:00			`client_max_body_size 500M;`
architect: services use new networking attrset 2023-05-12 22:05:10 +01:00			`allow ${config.architect.networks.lan.net};`
			`allow ${config.architect.networks.tailscale.net};`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`deny all;`
			`'';`
			`};`
			`};`
			`};`
minio: Use legacy package 2023-06-01 20:08:28 +01:00
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`networking.extraHosts = ''`
architect: services use new networking attrset 2023-05-12 22:05:10 +01:00			`${architectInterfaceAddress "lan"} ${domain}`
			`${architectInterfaceAddress "wireguard"} ${domain}`
			`${architectInterfaceAddress "tailscale"} ${domain}`
moving to flakes, wip. no home-manager 2021-07-13 09:53:22 +01:00			`'';`
			`}`