yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

clanModules/garage: Migrate to vars

Browse Source 
Part of the #2511 migration.
This commit is contained in:
a-kenji
2025-02-15 15:53:30 +07:00
committed by clan-bot
parent 0c7173afd0
commit 66e166068e
2 changed files with 22 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
clanModules/garage/README.md
View File

@@ -3,8 +3,7 @@ description = "S3-compatible object store for small self-hosted geo-distributed
--- ---
This module generates garage specific keys automatically. This module generates garage specific keys automatically.
When using garage in a distributed deployment the `rpc_key` between connected instances must be shared. Also shares the `rpc_secret` between instances.
This is currently still a manual process.
Options: [NixosModuleOptions](https://search.nixos.org/options?channel=unstable&size=50&sort=relevance&type=packages&query=garage) Options: [NixosModuleOptions](https://search.nixos.org/options?channel=unstable&size=50&sort=relevance&type=packages&query=garage)
Documentation: https://garagehq.deuxfleurs.fr/ Documentation: https://garagehq.deuxfleurs.fr/

49
clanModules/garage/default.nix
View File

@@ -2,9 +2,9 @@
{ {
systemd.services.garage.serviceConfig = { systemd.services.garage.serviceConfig = {
LoadCredential = [ LoadCredential = [
"rpc_secret_path:${config.clan.core.facts.services.garage.secret.garage_rpc_secret.path}" "rpc_secret_path:${config.clan.core.vars.generators.garage-shared.files.rpc_secret.path}"
"admin_token_path:${config.clan.core.facts.services.garage.secret.garage_admin_token.path}" "admin_token_path:${config.clan.core.vars.generators.garage.files.admin_token.path}"
"metrics_token_path:${config.clan.core.facts.services.garage.secret.garage_metrics_token.path}" "metrics_token_path:${config.clan.core.vars.generators.garage.files.metrics_token.path}"
]; ];
Environment = [ Environment = [
"GARAGE_ALLOW_WORLD_READABLE_SECRETS=true" "GARAGE_ALLOW_WORLD_READABLE_SECRETS=true"
@@ -14,37 +14,30 @@
]; ];
}; };
clan.core.facts.services.garage = { clan.core.vars.generators.garage = {
secret.garage_rpc_secret = { }; files.admin_token = { };
secret.garage_admin_token = { }; files.metrics_token = { };
secret.garage_metrics_token = { }; runtimeInputs = [
generator.path = [
pkgs.coreutils pkgs.coreutils
pkgs.openssl pkgs.openssl
]; ];
generator.script = '' script = ''
openssl rand -hex -out $secrets/garage_rpc_secret 32 openssl rand -base64 -out $out/admin_token 32
openssl rand -base64 -out $secrets/garage_admin_token 32 openssl rand -base64 -out $out/metrics_token 32
openssl rand -base64 -out $secrets/garage_metrics_token 32
''; '';
}; };
# TODO: Vars is not in a useable state currently clan.core.vars.generators.garage-shared = {
# Move back, once it is implemented. share = true;
# clan.core.vars.generators.garage = { files.rpc_secret = { };
# files.rpc_secret = { }; runtimeInputs = [
# files.admin_token = { }; pkgs.coreutils
# files.metrics_token = { }; pkgs.openssl
# runtimeInputs = [ ];
# pkgs.coreutils script = ''
# pkgs.openssl openssl rand -hex -out $out/rpc_secret 32
# ]; '';
# script = '' };
# openssl rand -hex -out $out/rpc_secret 32
# openssl rand -base64 -out $out/admin_token 32
# openssl rand -base64 -out $out/metrics_token 32
# '';
# };
clan.core.state.garage.folders = [ config.services.garage.settings.metadata_dir ]; clan.core.state.garage.folders = [ config.services.garage.settings.metadata_dir ];
} }