From f12c26811022cb0d34dc99689828bd203fcf98f0 Mon Sep 17 00:00:00 2001
From: a-kenji <aks.kenji@protonmail.com>
Date: Wed, 14 Aug 2024 15:50:28 +0200
Subject: [PATCH] clanModules: add garage module

The garage module sets up backups for metadata automatically and
generates keys needed for deployment automatically.

What is still needed in a distributed deployment is sharing of the
generated rpc keys with other garage instances.
---
 clanModules/flake-module.nix   | 11 ++++++-----
 clanModules/garage/README.md   | 10 ++++++++++
 clanModules/garage/default.nix | 33 +++++++++++++++++++++++++++++++++
 docs/mkdocs.yml                |  7 ++++---
 4 files changed, 53 insertions(+), 8 deletions(-)
 create mode 100644 clanModules/garage/README.md
 create mode 100644 clanModules/garage/default.nix

diff --git a/clanModules/flake-module.nix b/clanModules/flake-module.nix
index 8e21351e3..dc9911531 100644
--- a/clanModules/flake-module.nix
+++ b/clanModules/flake-module.nix
@@ -1,24 +1,25 @@
 { ... }:
 {
   flake.clanModules = {
-    iwd = ./iwd;
-    dyndns = ./dyndns;
     borgbackup = ./borgbackup;
     borgbackup-static = ./borgbackup-static;
     deltachat = ./deltachat;
+    dyndns = ./dyndns;
     ergochat = ./ergochat;
+    garage = ./garage;
+    iwd = ./iwd;
     localbackup = ./localbackup;
     localsend = ./localsend;
-    single-disk = ./single-disk;
     matrix-synapse = ./matrix-synapse;
     moonlight = ./moonlight;
-    packages = ./packages;
     mumble = ./mumble;
+    packages = ./packages;
     postgresql = ./postgresql;
     root-password = ./root-password;
+    single-disk = ./single-disk;
     sshd = ./sshd;
-    sunshine = ./sunshine;
     static-hosts = ./static-hosts;
+    sunshine = ./sunshine;
     syncthing = ./syncthing;
     syncthing-static-peers = ./syncthing-static-peers;
     thelounge = ./thelounge;
diff --git a/clanModules/garage/README.md b/clanModules/garage/README.md
new file mode 100644
index 000000000..911ff0abc
--- /dev/null
+++ b/clanModules/garage/README.md
@@ -0,0 +1,10 @@
+---
+description = "S3-compatible object store for small self-hosted geo-distributed deployments"
+---
+
+This module generates garage specific keys automatically.
+When using garage in a distributed deployment the `rpc_key` between connected instances must be shared.
+This is currently still a manual process.
+
+Options: [NixosModuleOptions](https://search.nixos.org/options?channel=unstable&size=50&sort=relevance&type=packages&query=garage)
+Documentation: https://garagehq.deuxfleurs.fr/
diff --git a/clanModules/garage/default.nix b/clanModules/garage/default.nix
new file mode 100644
index 000000000..637068e17
--- /dev/null
+++ b/clanModules/garage/default.nix
@@ -0,0 +1,33 @@
+{ config, pkgs, ... }:
+{
+  systemd.services.garage.serviceConfig = {
+    LoadCredential = [
+      "rpc_secret_path:${config.clan.core.vars.generators.garage.files.rpc_secret.path}"
+      "admin_token_path:${config.clan.core.vars.generators.garage.files.admin_token.path}"
+      "metrics_token_path:${config.clan.core.vars.generators.garage.files.metrics_token.path}"
+    ];
+    Environment = [
+      "GARAGE_ALLOW_WORLD_READABLE_SECRETS=true"
+      "GARAGE_RPC_SECRET_FILE=%d/rpc_secret_path"
+      "GARAGE_ADMIN_TOKEN_FILE=%d/admin_token_path"
+      "GARAGE_METRICS_TOKEN_FILE=%d/metrics_token_path"
+    ];
+  };
+
+  clan.core.vars.generators.garage = {
+    files.rpc_secret = { };
+    files.admin_token = { };
+    files.metrics_token = { };
+    runtimeInputs = [
+      pkgs.coreutils
+      pkgs.openssl
+    ];
+    script = ''
+      openssl rand -hex -out $out/rpc_secret 32
+      openssl rand -base64 -out $out/admin_token 32
+      openssl rand -base64 -out $out/metrics_token 32
+    '';
+  };
+
+  clan.core.state.garage.folders = [ config.services.garage.settings.metadata_dir ];
+}
diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml
index 0537b0654..3a641b56c 100644
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -55,17 +55,19 @@ nav:
   - Reference:
       - reference/index.md
       - Clan Modules:
-          - reference/clanModules/index.md
           - reference/clanModules/borgbackup-static.md
           - reference/clanModules/borgbackup.md
           - reference/clanModules/deltachat.md
-          - reference/clanModules/iwd.md
           - reference/clanModules/dyndns.md
           - reference/clanModules/ergochat.md
+          - reference/clanModules/garage.md
+          - reference/clanModules/index.md
+          - reference/clanModules/iwd.md
           - reference/clanModules/localbackup.md
           - reference/clanModules/localsend.md
           - reference/clanModules/matrix-synapse.md
           - reference/clanModules/moonlight.md
+          - reference/clanModules/mumble.md
           - reference/clanModules/packages.md
           - reference/clanModules/postgresql.md
           - reference/clanModules/root-password.md
@@ -76,7 +78,6 @@ nav:
           - reference/clanModules/syncthing-static-peers.md
           - reference/clanModules/syncthing.md
           - reference/clanModules/thelounge.md
-          - reference/clanModules/mumble.md
           - reference/clanModules/trusted-nix-caches.md
           - reference/clanModules/user-password.md
           - reference/clanModules/xfce.md