Migrate garage from clanModule to clanService

2025-06-04 00:50:57 +02:00
parent 15f5de5bcd
commit 0a0ed236ad
21 changed files with 244 additions and 0 deletions
--- a/clanServices/flake-module.nix
+++ b/clanServices/flake-module.nix
@@ -4,6 +4,7 @@
    ./admin/flake-module.nix
    ./deltachat/flake-module.nix
    ./ergochat/flake-module.nix
+    ./garage/flake-module.nix
    ./auto-upgrade/flake-module.nix
    ./hello-world/flake-module.nix
    ./wifi/flake-module.nix
--- a/clanServices/garage/default.nix
+++ b/clanServices/garage/default.nix
@@ -0,0 +1,55 @@
+{ ... }:
+{
+  _class = "clan.service";
+  manifest.name = "clan-core/garage";
+  manifest.description = "S3-compatible object store for small self-hosted geo-distributed deployments";
+  manifest.categories = [ "System" ];
+
+  roles.default = {
+
+    perInstance.nixosModule =
+      { config, pkgs, ... }:
+      {
+        systemd.services.garage.serviceConfig = {
+          LoadCredential = [
+            "rpc_secret_path:${config.clan.core.vars.generators.garage-shared.files.rpc_secret.path}"
+            "admin_token_path:${config.clan.core.vars.generators.garage.files.admin_token.path}"
+            "metrics_token_path:${config.clan.core.vars.generators.garage.files.metrics_token.path}"
+          ];
+          Environment = [
+            "GARAGE_ALLOW_WORLD_READABLE_SECRETS=true"
+            "GARAGE_RPC_SECRET_FILE=%d/rpc_secret_path"
+            "GARAGE_ADMIN_TOKEN_FILE=%d/admin_token_path"
+            "GARAGE_METRICS_TOKEN_FILE=%d/metrics_token_path"
+          ];
+        };
+
+        clan.core.vars.generators.garage = {
+          files.admin_token = { };
+          files.metrics_token = { };
+          runtimeInputs = [
+            pkgs.coreutils
+            pkgs.openssl
+          ];
+          script = ''
+            openssl rand -base64 -out "$out"/admin_token 32
+            openssl rand -base64 -out "$out"/metrics_token 32
+          '';
+        };
+
+        clan.core.vars.generators.garage-shared = {
+          share = true;
+          files.rpc_secret = { };
+          runtimeInputs = [
+            pkgs.coreutils
+            pkgs.openssl
+          ];
+          script = ''
+            openssl rand -hex -out "$out"/rpc_secret 32
+          '';
+        };
+
+        clan.core.state.garage.folders = [ config.services.garage.settings.metadata_dir ];
+      };
+  };
+}
--- a/clanServices/garage/flake-module.nix
+++ b/clanServices/garage/flake-module.nix
@@ -0,0 +1,6 @@
+{ lib, ... }:
+{
+  clan.modules = {
+    garage = lib.modules.importApply ./default.nix { };
+  };
+}