diff --git a/hosts/m3-atlas/secrets.nix b/hosts/m3-atlas/secrets.nix index 8fe13c4..1cce8a6 100644 --- a/hosts/m3-atlas/secrets.nix +++ b/hosts/m3-atlas/secrets.nix @@ -10,6 +10,9 @@ littlelink-m3tam3re = { file = ../../secrets/littlelink-m3tam3re.age; }; + minio-root-cred = { + file = ../../secrets/minio-root-cred.age; + }; restreamer-env = { file = ../../secrets/restreamer-env.age; }; diff --git a/hosts/m3-atlas/services/default.nix b/hosts/m3-atlas/services/default.nix index 002b1c2..e79e6e3 100644 --- a/hosts/m3-atlas/services/default.nix +++ b/hosts/m3-atlas/services/default.nix @@ -2,6 +2,7 @@ imports = [ ./containers ./gitea.nix + ./minio.nix ./mysql.nix ./postgres.nix ./searx.nix diff --git a/hosts/m3-atlas/services/minio.nix b/hosts/m3-atlas/services/minio.nix new file mode 100644 index 0000000..889c1df --- /dev/null +++ b/hosts/m3-atlas/services/minio.nix @@ -0,0 +1,41 @@ +{config, ...}: { + services.minio = { + enable = true; + region = "eu-central-1"; + consoleAddress = ":3007"; + listenAddress = ":3008"; + browser = true; + rootCredentialsFile = config.age.secrets.minio-root-cred.path; + dataDir = ["/var/storage/s3"]; + }; + # Traefik configuration specific to minio + services.traefik.dynamicConfigOptions.http = { + services.minio-console.loadBalancer.servers = [ + { + url = "http://localhost:3007/"; + } + ]; + services.minio.loadBalancer.servers = [ + { + url = "http://localhost:3008/"; + } + ]; + + routers.minio = { + rule = "Host(`s3.m3tam3re.com`)"; + tls = { + certResolver = "godaddy"; + }; + service = "minio"; + entrypoints = "websecure"; + }; + routers.minio-console = { + rule = "Host(`minio.m3tam3re.com`)"; + tls = { + certResolver = "godaddy"; + }; + service = "minio-console"; + entrypoints = "websecure"; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index 21ecf33..528a5ea 100644 --- a/secrets.nix +++ b/secrets.nix @@ -7,7 +7,6 @@ let # USERS m3tam3re = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC3YEmpYbM+cpmyD10tzNRHEn526Z3LJOzYpWEKdJg8DaYyPbDn9iyVX30Nja2SrW4Wadws0Y8DW+Urs25/wVB6mKl7jgPJVkMi5hfobu3XAz8gwSdjDzRSWJrhjynuaXiTtRYED2INbvjLuxx3X8coNwMw58OuUuw5kNJp5aS2qFmHEYQErQsGT4MNqESe3jvTP27Z5pSneBj45LmGK+RcaSnJe7hG+KRtjuhjI7RdzMeDCX73SfUsal+rHeuEw/mmjYmiIItXhFTDn8ZvVwpBKv7xsJG90DkaX2vaTk0wgJdMnpVIuIRBa4EkmMWOQ3bMLGkLQeK/4FUkNcvQ/4+zcZsg4cY9Q7Fj55DD41hAUdF6SYODtn5qMPsTCnJz44glHt/oseKXMSd556NIw2HOvihbJW7Rwl4OEjGaO/dF4nUw4c9tHWmMn9dLslAVpUuZOb7ykgP0jk79ldT3Dv+2Hj0CdAWT2cJAdFX58KQ9jUPT3tBnObSF1lGMI7t77VU="; - users = [ m3tam3re ]; @@ -23,6 +22,7 @@ in { "secrets/ghost-env.age".publicKeys = systems ++ users; "secrets/littlelink-m3tam3re.age".publicKeys = systems ++ users; "secrets/m3tam3re-secrets.age".publicKeys = systems ++ users; + "secrets/minio-root-cred.age".publicKeys = systems ++ users; "secrets/restreamer-env.age".publicKeys = systems ++ users; "secrets/searx.age".publicKeys = systems ++ users; "secrets/tailscale-key.age".publicKeys = systems ++ users; diff --git a/secrets/baserow-env.age b/secrets/baserow-env.age index 7777a77..5a31031 100644 Binary files a/secrets/baserow-env.age and b/secrets/baserow-env.age differ diff --git a/secrets/ghost-env.age b/secrets/ghost-env.age index 91ebba9..4ae1375 100644 Binary files a/secrets/ghost-env.age and b/secrets/ghost-env.age differ diff --git a/secrets/littlelink-m3tam3re.age b/secrets/littlelink-m3tam3re.age index 3a27ddd..e71b979 100644 Binary files a/secrets/littlelink-m3tam3re.age and b/secrets/littlelink-m3tam3re.age differ diff --git a/secrets/m3tam3re-secrets.age b/secrets/m3tam3re-secrets.age index 71c04e6..866dd4d 100644 Binary files a/secrets/m3tam3re-secrets.age and b/secrets/m3tam3re-secrets.age differ diff --git a/secrets/minio-root-cred.age b/secrets/minio-root-cred.age new file mode 100644 index 0000000..e7ebf02 --- /dev/null +++ b/secrets/minio-root-cred.age @@ -0,0 +1,21 @@ +age-encryption.org/v1 +-> ssh-ed25519 4NLKrw bgUEh/FVWfivAo6uKPiDHEdmfdpD3br6mIrN4/tu2B8 +Clt8sWlK9pyiCBjq3F+10JlPtKwapENMlhEDYRX2bIM +-> ssh-ed25519 5kwcsA x3Q+WtnwvaAUbTW1v+2zmAALSlBaYvFNli3hCHi8wxg +V1T3gO5eWtxdg/ykaLNESXEZ2MYeWqJUt5L+G6cUIZw +-> ssh-ed25519 9d4YIQ 9KzUEMXjzu/qPc6bdArd+KnY7rwbZ6/CEzM+lwF0C0E +8KNfU9QYYyufDhHMgLdrSx6jciukaW7t1I+V9p1Y66o +-> ssh-ed25519 3Bcr1w X8vjb8VCjEI5BJHGWcMJWKwygGvvlVf0BjpijxN2vjM +dslcuK2/dWB8XB5oYycjcv6evB2c2gcrsXQga44m7Rk +-> ssh-rsa DQlE7w +rGLyz1BUE4mMXUiBrpvJkcfHFw6CJKVvqn+6PK3dJ913miQJvPDvAJAzmYb4GPaT +bRy3Igeh+P59OWWVXIdW5V3jZkUdOmkzU8J0+XW+mA7GkuuYgY9DddKwBRsuhZLL +aQJghfobOd5fGEJyU1JmHJE/fD2qaQjspvBr1SgWkTfFGguRR3DBXWEocMW9ggDR +gLrt/exLJz6IVN8oZ7jZ1lNL2xETZtsFckCWZPqgH696DaeOq00Zm2SDIiP4WfyR +yssym4yNtDnmkGGgowr53G0yNDgz0mOHvKsAaVXTYKHUZn6EbWm3YzfSjf93K5YT +sDowkgLVpgaGlbpuNV5QTo4bRxR5E0Nxt48Fz3bqqZ2dhMFK0+jNokeXDS1aoMbM +QItR+fyRgfv65krMnYVNflMBedbp9wUpDrePLOkvu3U6gYOSc2yXr+/WPABJkcMD +SFcgmmUN52zOJk//innJF6lEw38WQXrvWpVtR/rs8YAzsyU4PomD7x1jKrvyvlpJ + +--- /jB268IK9QX/iUEBxzb94wU2LlPT7bl9D9dMbykMaQs +PjdW!cJ9.<5,t ;2Uem! ҸV?lԀ@ټOsc') uF \ No newline at end of file diff --git a/secrets/restreamer-env.age b/secrets/restreamer-env.age index 804ed1d..b15406d 100644 --- a/secrets/restreamer-env.age +++ b/secrets/restreamer-env.age @@ -1,23 +1,21 @@ age-encryption.org/v1 --> ssh-ed25519 4NLKrw rJfd8bz40XuJgInAxML9OuvJ+Pc3hIMpLyvmnHouDHs -++88yaJiOgOiyFtLaJhQ/AXJvQ/9ade5IFFDPN7R5RI --> ssh-ed25519 5kwcsA dHznZFpnGrtLkt/y3gt7gmonZtyj8yHnxsRgGnB6D38 -pgcy6Gb8ou2AqJlxe157PnJpd0HdgTRHvsHjIUHwy80 --> ssh-ed25519 9d4YIQ dXoON+BMGjlxAp5Ab85AYk6zqUebg5ZM/SqfMn+dMCs -ni4mQpfuPT1mwH5U2qV/Uy2HGQzFjdY09l18Q1wmtEg --> ssh-ed25519 3Bcr1w FSohcVWdZOZc4Fb5Z3Swv+qohUlIxTRuIlWBt1YkokY -TbuBZxBecknCKBU1zpGmXhpbkgxeUrllyyUNZ6gWWqI +-> ssh-ed25519 4NLKrw +fDbZ8PGMC76pLG7dhGLdauk0nKmKQHhtYO3Rx3FXGQ +lWWB6D+219qf80vLd/stL3SpHnAraq81itJJrbBejB0 +-> ssh-ed25519 5kwcsA 1+aNJYD8G/7KoU8p/uUTt0DuZi9iEa4sXolUXRRQuwg +EArLBr6A/ESfHt+ep6CyxY3K81/xpvZ5jmheSR3K6tc +-> ssh-ed25519 9d4YIQ UOAcFvPcIU7HcH72s+lbiIgvLpBLbhCqfaqY29xxiGI +GzIQXAhS420geZXLHfOupo9fHI9K404PfcpwgeIb/9s +-> ssh-ed25519 3Bcr1w z39Qerm6t4t/lvfKS1IBn+711weBSuXA9Aa6KyjZ+Sw +V1cwhlfasjftrNonhtf32NS/9HKYW4xw3dRLYtug/Uc -> ssh-rsa DQlE7w -GWrqYdjxBDQzoIHw4AuGtov3zpWC1eu9Y1o+56pXNUJ1r4lq05KtKJ84dKSWrIkS -2OUZIsdeCZK1pFUiMXVZDj+9zYyd+RDiYimSYOvR58irFYi9U14Jtwn+8jWpl0WH -3R3n51+zrf0IHNSuUd8Dt9zq1dHS2ZozBb2kNo3TPAGzGhOl25osTUHDvDKxIg4X -+S4hieNrltwV/Hp1CCZgkByn64u143yNfBaPr1YOUCaFsRMoaWYdbKOw0Gm8ys73 -zK2Bdluh9yfUUBmZrOTzwdHBHJX4l7RR8fBK70CWRwxCP2bYa3XSDBhPtz6SHHKA -hRG+XCROGtLiJGjBqPPgUm9EEMruZSX+D4FpmofofKCvnVXUAXembCtchqIoCUFk -8hxdaYaRac/uB6M5KTkSxS/RAzAFUoCvAn4Vf3csqerxLpifLegtY4FL+ry3aDrx -9wWj9Heaep550sGMlAnL9MXbKloNvrKqWPbtWMm9t47CZ/mMDRzCwgWId++f2Hhc +k+W3+5KMiGuuE3klExo/E8UmZRdgX5MpKKKMuE4V4AvJV0iaQaWKn26/xMK4Apa6 +g6/nIuKq9qjOwXpjaynzZlcwmnknspZNiMloFJDTHVllebRG5M2XkUs+b0jMWAtW +mIZNC7xSBaLnK+9Yo8U635EtzKgDYti7FTV6lsTyIk7rvBPK6YCLu8MtltAtRc6I +sSjn/Kdzz38QJSXapx59T6X+lrG02SVuoBax1YMp5SPzTZEUKJMBoOmmi+T+nI6S +kQ/Ysv3VQsCrjdpnD2MlnHX5YGg1HSiMSnaA8uIsvXhdgTi/8f7yi/WnqJjOHUe/ +UuteiMWesfwdIz3Osm77ApLvKBm9F/nPoK3naaxzucOhFG5DGtt4bM5oj1yFBKw/ +4UTvHF3NWNfJBEW1kUnUM3UFupt+0STjC6Sm9GVZaDGIUb11e2KFC+CxOYGvYir9 +0lti0yU/uucKtO0eWDHeWI0XrJSvnF0JSIonJC3U7S2lagqiDJDJBKYPC4hz2nOD ---- aa8rXiFLzWBOGqG0XMpcomb2/H6J9LRVA6744a9uOIQ -ii1n -=pxUVZMRkN -3"ox,T:q-lU6MHxICϹuKɵizE,mK8` \ No newline at end of file +--- TWONtoVHZagq3ARx1odevztc6jQD2BfW2mnqGqNV8rY +}iP#\S7h {a-֤3P4X<eQ0xNzlZ\4,,j ੎ \ No newline at end of file diff --git a/secrets/searx.age b/secrets/searx.age index dfacff6..8492b49 100644 Binary files a/secrets/searx.age and b/secrets/searx.age differ diff --git a/secrets/tailscale-key.age b/secrets/tailscale-key.age index e1b7b8c..cd6764c 100644 Binary files a/secrets/tailscale-key.age and b/secrets/tailscale-key.age differ diff --git a/secrets/traefik.age b/secrets/traefik.age index 27922e2..06e8686 100644 Binary files a/secrets/traefik.age and b/secrets/traefik.age differ diff --git a/secrets/wg-BR.age b/secrets/wg-BR.age index 5b1b362..e48e0c1 100644 Binary files a/secrets/wg-BR.age and b/secrets/wg-BR.age differ diff --git a/secrets/wg-DE.age b/secrets/wg-DE.age index adcf046..c4ee511 100644 Binary files a/secrets/wg-DE.age and b/secrets/wg-DE.age differ diff --git a/secrets/wg-NL.age b/secrets/wg-NL.age index cd14daa..a66ced5 100644 Binary files a/secrets/wg-NL.age and b/secrets/wg-NL.age differ diff --git a/secrets/wg-NO.age b/secrets/wg-NO.age index 7c38851..bf94fc9 100644 Binary files a/secrets/wg-NO.age and b/secrets/wg-NO.age differ diff --git a/secrets/wg-US.age b/secrets/wg-US.age index 7e43710..60393ed 100644 Binary files a/secrets/wg-US.age and b/secrets/wg-US.age differ