test upload to internet-visible object store
This commit is contained in:
parent
bd650a228f
commit
394897c844
6 changed files with 97 additions and 21 deletions
|
@ -4,10 +4,11 @@ pipeline:
|
||||||
image: nixpkgs/nix-flakes:latest
|
image: nixpkgs/nix-flakes:latest
|
||||||
pull: true
|
pull: true
|
||||||
commands:
|
commands:
|
||||||
- export AWS_ACCESS_KEY_ID="nix-builder"
|
|
||||||
- export AWS_ACCESS_KEY_ID="nix-builder"
|
- export AWS_ACCESS_KEY_ID="nix-builder"
|
||||||
- export AWS_SECRET_ACCESS_KEY="$MINIO_NIX_BUILDER_KEY"
|
- export AWS_SECRET_ACCESS_KEY="$MINIO_NIX_BUILDER_KEY"
|
||||||
- nix copy --all --to 's3://nix-store?endpoint=bolty:10000&schema=http'
|
- echo $AWS_SECRET_ACCESS_KEY | sha256sum
|
||||||
secrets: [ github_token minio-nix-builder-key ]
|
- echo $AWS_SECRET_ACCESS_KEY | wc
|
||||||
volumes:
|
- echo $GITHUB_TOKEN | sha256sum
|
||||||
- /var/lib/woodpecker/nix-store:/var/build-nix-store
|
- echo $GITHUB_TOKEN | wc
|
||||||
|
- nix copy --all --to 's3://nix-store?endpoint=objects.cyplo.dev&scheme=https®ion=cyplodev'
|
||||||
|
secrets: [ github_token , minio_nix_builder_key ]
|
||||||
|
|
|
@ -11,7 +11,6 @@
|
||||||
../cli.nix
|
../cli.nix
|
||||||
./home-assistant.nix
|
./home-assistant.nix
|
||||||
./matrix-server.nix
|
./matrix-server.nix
|
||||||
./nix-store-server.nix
|
|
||||||
./print-server.nix
|
./print-server.nix
|
||||||
./restic-server.nix
|
./restic-server.nix
|
||||||
./woodpecker-agent.nix
|
./woodpecker-agent.nix
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
networking.firewall.allowedTCPPorts = [10000 10001];
|
|
||||||
services.minio = {
|
|
||||||
enable = true;
|
|
||||||
region = "home";
|
|
||||||
dataDir = ["/var/lib/minio/data"];
|
|
||||||
configDir = "/var/lib/minio/config";
|
|
||||||
listenAddress = ":10000";
|
|
||||||
consoleAddress = ":10001";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -24,6 +24,7 @@
|
||||||
./ssh.nix
|
./ssh.nix
|
||||||
./syncthing-relay.nix
|
./syncthing-relay.nix
|
||||||
./woodpecker.nix
|
./woodpecker.nix
|
||||||
|
./nix-store-server.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
systemd.extraConfig = ''
|
systemd.extraConfig = ''
|
||||||
|
|
52
nixos/boxes/vpsfree1/minio.sops
Normal file
52
nixos/boxes/vpsfree1/minio.sops
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
{
|
||||||
|
"data": "ENC[AES256_GCM,data:rV9BvMKjwi5ZRPXnM3AM2hIm/+jBfAH9/qHiSP8/cfK+/9GbQekBqg1EllR9Bih3ozIt/B804rVD+RfzgpTghjcJF3b0G1oIICaZGpWeVsw/rhV9/kPGgpl7N9buxMA=,iv:6VCjNaqO8gCxvdPPPf4vr76O7lRFSY+sDxgj7jXTK+0=,tag:UeIT7zd/bmYHhtuWuutuLQ==,type:str]",
|
||||||
|
"sops": {
|
||||||
|
"kms": null,
|
||||||
|
"gcp_kms": null,
|
||||||
|
"azure_kv": null,
|
||||||
|
"hc_vault": null,
|
||||||
|
"age": [
|
||||||
|
{
|
||||||
|
"recipient": "age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdWxTMktqSzdPRGZwNUNL\nY093cUZQTjdneUNzKzhKQktNSm9zelBkWkVNCmRMcG1PMDlXWjJzeWMydFJZVXFO\ndWFqY3l5ZVRwL1QxTG1LdXhFbTcxaGcKLS0tIEdxU3llYnM2WTcreDJ5ZUpIdHli\nTG9NMk43UjYxMmJjUEFRWXllZm9waW8KcnUXPHfN6EKjqM545Zcn+P4IQvRwRIGt\nUcnAy0EcjbuORFccNVzAGHxEmgRK5tTgQg74tmILae/gJBuWx0NSZg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZR1krYUdrQzBxYmNreTN3\neGQ5enB1WlNSMVl2WFBtUVJMckRVN25Uakd3CnMzb05ML2hkbDhIb0VrQVYwbkhm\neXoxWUJMLzdTRU94cDNRT2dOYjdjM1EKLS0tIDdyOXZyVEJIb1VOd3Y0Mzk0ZDNw\nSTFXcFF1Ry85Tm1HaUllQ0tYTXlOV2MKqew16SiHRmcRpZuTthzc/g4NTEXhzPvm\nHR2v9BQ4fITSCBPztIGBGqQpAcgowVVX0mK+rwUqPzQF1MFHXZWg8g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aWptd0FnVERsMjJDLzBo\nQlVVTXZNUzZkWUNLc1dTamI0czI3MHduRW04Cm9mc211REt1cDVJZVhKNkJiMENv\nakozQ0pyWFpRd01PR0NTenJtNDNna0EKLS0tIHZ3Zlk1R1FUVEdkenVDQlJoRVQv\nTXJBbktZdDBFWGhjOFZQVmY1UkZmWUUKsvLDTknIrV1ek6ZSfVimvkOg1A/mvb1u\n4wj4tTgmWPURHzuN1h6TrwitTI65ai+TkxT3EHpHg2RdVxdAL3RwVg==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYWliWGRVc3BLQ005cFlX\nRmNISDhiRnNmYk5vUFZ4NW9wYnp3ekZYWnk0CktHQm1MakZFaFlWRUlZUlNCOXl4\neGphNzZaWnIzL1hieWp0c0xvakJETzQKLS0tIFBuc3o0eFU3U0pkR1A4R1Bvdmc2\neURUbHhLM3dDcGJzOUFFWmtZZHJhY2cKOXjOUhXCd6e5YBxtAchLo/v46rAXMznX\n9xfVwdiNQtdGzOjG0zhXuvh/TzJfPUJ9f4UcwlhxxQXyHrVIsN+NNQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZGphdFkvTXBjMXBuR3F0\nejBNZmtDT0tUdTVWeURvNmxNWUVWb3NQK3dvCmVJV2dlMWlQMTNRVWtZTlRUblgy\nWWRkUk9zU1luUk9vRkhzVDFab2NYMzAKLS0tIHlzOTc0R0lYTDhTQ1lRL1ZHL0NP\nUytTRXhqdlE2MnlsMlNTamt3OS9LVEEKqlqd08N0hWdLmf3UqD12bVLm4AAGHYa1\n/iUgvJycBhm1j/GjhRDfUz5vTnlIiaDqb/J7dNjZduE0shWQiHDsiA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqN1RrL3VSSkpmZXVlUWtE\nVDBnTUlhUE9UNjhreDRrckZIODBZb3I5WDBZClFYM0FnN05ob0crS3VSeEtPNVhP\ndWRoL0E1SXNOcU5pSS9ES01IWHpDKzAKLS0tIFZJRmROV21nQUhWOE9xVklaS0JI\nSmxDZDJTckY2MiszdlJXbmdDU3k4R2MKhRJVDbfDgiXjWz+pi8dPA7Cj6JvdAFfa\nX/a3LTC1vM9Qok1X0Tm9P/UFRg1+Njf/3p1LH7JwWZWEIk2upmztvQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VmpqOVdRL09BRDRob0t3\nK2NvZGFvcndNdFFNNGFsVnA3U2RlekE0YVFBClA1aHBrYmFGdnFWYVhSS1RpWGdo\nZC80aDA1YUgxa0QrMi9Xa0NFV29pa3MKLS0tIGY3dzY3M01ad0kzcjJxalE4R2tM\nQlZqeUZqeHF4bG5qQ3FJcm01QmRyTEkKDEH0DE+p7OlmR+SrUmzVL1/rNE/NBH+n\nsRUKodw+/k4b+qlLFl6TBL/OJ8zBi+WlxcKCCfaKldYUZK8tBQL0pQ==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRjVPOHJoMlFZRUdHNFRm\nY084NXNWOVhEUmZwRXlmS29JN2YraFJaaFU4ClkvSkNHZExYQXp3VGVSbmJXeHBZ\nVGdvL2VnWG80Sk5OS1NMQWpVVEhySm8KLS0tICtiSU9OYk51RGtYYTR4WTg5UEJZ\nV1FZZWpWejVBYXE5cnkvbHY2SG1LUGcKLQpYLeyjI7o5/g6BZTxpeGyTgZ2y6PRm\nxqe1BEYru4DOZ24W10ivUh+K2R6KC0SM0e3sQoDilPKG+n4wmEr1bw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscy9rSytHd0VrM0VrcHo4\nMUtIT3BZYWtvb3RJNER2Ykx4TGlHcFZDM1Y4CkhOWTlPN0ZwRjdJN2JnMnF4MkZG\nODE2VGlqZXRKS2lEdXJBVXY5SHpsbjQKLS0tIFAra1JWNzVXVWpnaHlDamFnK29k\nUzgwdE5oU3c1dXhuUmJ0a3Jpc2JNQnMKmj8TU894VDHC37IqwFXn6WxmcNZXZwd+\npgyhIJMsK0fxihYOFk8HP0yVu6LHWT5VwEk3y6obiH/e79bFqoacww==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"lastmodified": "2022-12-25T21:58:29Z",
|
||||||
|
"mac": "ENC[AES256_GCM,data:6+iTqSB22pIGWnpH2BoyA/NKul99wzYjc2XkhgIhHyOks77A8Q/5Al2Cx+0nPO/c/CDHzLmmgq1u+mu93S9hyAyUgdeH5ZYLxZAUHa1E+YKuAkMOHfv4F3H75K7PWoToZpoRLDMo7Kx7YXfx8MKFnKr9bOTSvc0DUFI9nmyIKLw=,iv:CCqNpmAb2Y/yQx2YaQ2LfmvvZnNCmqKZECzHuWRXJVo=,tag:mDSgzazfJKqXIrYfPypiIA==,type:str]",
|
||||||
|
"pgp": null,
|
||||||
|
"unencrypted_suffix": "_unencrypted",
|
||||||
|
"version": "3.7.3"
|
||||||
|
}
|
||||||
|
}
|
38
nixos/boxes/vpsfree1/nix-store-server.nix
Normal file
38
nixos/boxes/vpsfree1/nix-store-server.nix
Normal file
|
@ -0,0 +1,38 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
domain = "objects.cyplo.dev";
|
||||||
|
adminDomain = "objects-admin.cyplo.dev";
|
||||||
|
objectsPort = 10000;
|
||||||
|
adminPort = 10001;
|
||||||
|
in {
|
||||||
|
services.nginx = {
|
||||||
|
virtualHosts = {
|
||||||
|
"${domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {proxyPass = "http://127.0.0.1:" + toString objectsPort;};
|
||||||
|
};
|
||||||
|
"${adminDomain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {proxyPass = "http://127.0.0.1:" + toString adminPort;};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
sops.secrets."minio-env" = {
|
||||||
|
sopsFile = ./minio.sops;
|
||||||
|
format = "binary";
|
||||||
|
};
|
||||||
|
services.minio = {
|
||||||
|
enable = true;
|
||||||
|
region = "cyplodev";
|
||||||
|
dataDir = ["/var/lib/minio/data"];
|
||||||
|
configDir = "/var/lib/minio/config";
|
||||||
|
listenAddress = ":${toString objectsPort}";
|
||||||
|
consoleAddress = ":${toString adminPort}";
|
||||||
|
rootCredentialsFile = "${config.sops.secrets.minio-env.path}";
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue