test upload to internet-visible object store

This commit is contained in:
Cyryl Płotnicki 2022-12-25 22:27:03 +00:00
parent bd650a228f
commit 394897c844
6 changed files with 97 additions and 21 deletions

View file

@ -4,10 +4,11 @@ pipeline:
image: nixpkgs/nix-flakes:latest
pull: true
commands:
- export AWS_ACCESS_KEY_ID="nix-builder"
- export AWS_ACCESS_KEY_ID="nix-builder"
- export AWS_SECRET_ACCESS_KEY="$MINIO_NIX_BUILDER_KEY"
- nix copy --all --to 's3://nix-store?endpoint=bolty:10000&schema=http'
secrets: [ github_token minio-nix-builder-key ]
volumes:
- /var/lib/woodpecker/nix-store:/var/build-nix-store
- echo $AWS_SECRET_ACCESS_KEY | sha256sum
- echo $AWS_SECRET_ACCESS_KEY | wc
- echo $GITHUB_TOKEN | sha256sum
- echo $GITHUB_TOKEN | wc
- nix copy --all --to 's3://nix-store?endpoint=objects.cyplo.dev&scheme=https&region=cyplodev'
secrets: [ github_token , minio_nix_builder_key ]

View file

@ -11,7 +11,6 @@
../cli.nix
./home-assistant.nix
./matrix-server.nix
./nix-store-server.nix
./print-server.nix
./restic-server.nix
./woodpecker-agent.nix

View file

@ -1,15 +0,0 @@
{
config,
pkgs,
...
}: {
networking.firewall.allowedTCPPorts = [10000 10001];
services.minio = {
enable = true;
region = "home";
dataDir = ["/var/lib/minio/data"];
configDir = "/var/lib/minio/config";
listenAddress = ":10000";
consoleAddress = ":10001";
};
}

View file

@ -24,6 +24,7 @@
./ssh.nix
./syncthing-relay.nix
./woodpecker.nix
./nix-store-server.nix
];
systemd.extraConfig = ''

View file

@ -0,0 +1,52 @@
{
"data": "ENC[AES256_GCM,data:rV9BvMKjwi5ZRPXnM3AM2hIm/+jBfAH9/qHiSP8/cfK+/9GbQekBqg1EllR9Bih3ozIt/B804rVD+RfzgpTghjcJF3b0G1oIICaZGpWeVsw/rhV9/kPGgpl7N9buxMA=,iv:6VCjNaqO8gCxvdPPPf4vr76O7lRFSY+sDxgj7jXTK+0=,tag:UeIT7zd/bmYHhtuWuutuLQ==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": [
{
"recipient": "age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMdWxTMktqSzdPRGZwNUNL\nY093cUZQTjdneUNzKzhKQktNSm9zelBkWkVNCmRMcG1PMDlXWjJzeWMydFJZVXFO\ndWFqY3l5ZVRwL1QxTG1LdXhFbTcxaGcKLS0tIEdxU3llYnM2WTcreDJ5ZUpIdHli\nTG9NMk43UjYxMmJjUEFRWXllZm9waW8KcnUXPHfN6EKjqM545Zcn+P4IQvRwRIGt\nUcnAy0EcjbuORFccNVzAGHxEmgRK5tTgQg74tmILae/gJBuWx0NSZg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZR1krYUdrQzBxYmNreTN3\neGQ5enB1WlNSMVl2WFBtUVJMckRVN25Uakd3CnMzb05ML2hkbDhIb0VrQVYwbkhm\neXoxWUJMLzdTRU94cDNRT2dOYjdjM1EKLS0tIDdyOXZyVEJIb1VOd3Y0Mzk0ZDNw\nSTFXcFF1Ry85Tm1HaUllQ0tYTXlOV2MKqew16SiHRmcRpZuTthzc/g4NTEXhzPvm\nHR2v9BQ4fITSCBPztIGBGqQpAcgowVVX0mK+rwUqPzQF1MFHXZWg8g==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6aWptd0FnVERsMjJDLzBo\nQlVVTXZNUzZkWUNLc1dTamI0czI3MHduRW04Cm9mc211REt1cDVJZVhKNkJiMENv\nakozQ0pyWFpRd01PR0NTenJtNDNna0EKLS0tIHZ3Zlk1R1FUVEdkenVDQlJoRVQv\nTXJBbktZdDBFWGhjOFZQVmY1UkZmWUUKsvLDTknIrV1ek6ZSfVimvkOg1A/mvb1u\n4wj4tTgmWPURHzuN1h6TrwitTI65ai+TkxT3EHpHg2RdVxdAL3RwVg==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwYWliWGRVc3BLQ005cFlX\nRmNISDhiRnNmYk5vUFZ4NW9wYnp3ekZYWnk0CktHQm1MakZFaFlWRUlZUlNCOXl4\neGphNzZaWnIzL1hieWp0c0xvakJETzQKLS0tIFBuc3o0eFU3U0pkR1A4R1Bvdmc2\neURUbHhLM3dDcGJzOUFFWmtZZHJhY2cKOXjOUhXCd6e5YBxtAchLo/v46rAXMznX\n9xfVwdiNQtdGzOjG0zhXuvh/TzJfPUJ9f4UcwlhxxQXyHrVIsN+NNQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlZGphdFkvTXBjMXBuR3F0\nejBNZmtDT0tUdTVWeURvNmxNWUVWb3NQK3dvCmVJV2dlMWlQMTNRVWtZTlRUblgy\nWWRkUk9zU1luUk9vRkhzVDFab2NYMzAKLS0tIHlzOTc0R0lYTDhTQ1lRL1ZHL0NP\nUytTRXhqdlE2MnlsMlNTamt3OS9LVEEKqlqd08N0hWdLmf3UqD12bVLm4AAGHYa1\n/iUgvJycBhm1j/GjhRDfUz5vTnlIiaDqb/J7dNjZduE0shWQiHDsiA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqN1RrL3VSSkpmZXVlUWtE\nVDBnTUlhUE9UNjhreDRrckZIODBZb3I5WDBZClFYM0FnN05ob0crS3VSeEtPNVhP\ndWRoL0E1SXNOcU5pSS9ES01IWHpDKzAKLS0tIFZJRmROV21nQUhWOE9xVklaS0JI\nSmxDZDJTckY2MiszdlJXbmdDU3k4R2MKhRJVDbfDgiXjWz+pi8dPA7Cj6JvdAFfa\nX/a3LTC1vM9Qok1X0Tm9P/UFRg1+Njf/3p1LH7JwWZWEIk2upmztvQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2VmpqOVdRL09BRDRob0t3\nK2NvZGFvcndNdFFNNGFsVnA3U2RlekE0YVFBClA1aHBrYmFGdnFWYVhSS1RpWGdo\nZC80aDA1YUgxa0QrMi9Xa0NFV29pa3MKLS0tIGY3dzY3M01ad0kzcjJxalE4R2tM\nQlZqeUZqeHF4bG5qQ3FJcm01QmRyTEkKDEH0DE+p7OlmR+SrUmzVL1/rNE/NBH+n\nsRUKodw+/k4b+qlLFl6TBL/OJ8zBi+WlxcKCCfaKldYUZK8tBQL0pQ==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJRjVPOHJoMlFZRUdHNFRm\nY084NXNWOVhEUmZwRXlmS29JN2YraFJaaFU4ClkvSkNHZExYQXp3VGVSbmJXeHBZ\nVGdvL2VnWG80Sk5OS1NMQWpVVEhySm8KLS0tICtiSU9OYk51RGtYYTR4WTg5UEJZ\nV1FZZWpWejVBYXE5cnkvbHY2SG1LUGcKLQpYLeyjI7o5/g6BZTxpeGyTgZ2y6PRm\nxqe1BEYru4DOZ24W10ivUh+K2R6KC0SM0e3sQoDilPKG+n4wmEr1bw==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBscy9rSytHd0VrM0VrcHo4\nMUtIT3BZYWtvb3RJNER2Ykx4TGlHcFZDM1Y4CkhOWTlPN0ZwRjdJN2JnMnF4MkZG\nODE2VGlqZXRKS2lEdXJBVXY5SHpsbjQKLS0tIFAra1JWNzVXVWpnaHlDamFnK29k\nUzgwdE5oU3c1dXhuUmJ0a3Jpc2JNQnMKmj8TU894VDHC37IqwFXn6WxmcNZXZwd+\npgyhIJMsK0fxihYOFk8HP0yVu6LHWT5VwEk3y6obiH/e79bFqoacww==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2022-12-25T21:58:29Z",
"mac": "ENC[AES256_GCM,data:6+iTqSB22pIGWnpH2BoyA/NKul99wzYjc2XkhgIhHyOks77A8Q/5Al2Cx+0nPO/c/CDHzLmmgq1u+mu93S9hyAyUgdeH5ZYLxZAUHa1E+YKuAkMOHfv4F3H75K7PWoToZpoRLDMo7Kx7YXfx8MKFnKr9bOTSvc0DUFI9nmyIKLw=,iv:CCqNpmAb2Y/yQx2YaQ2LfmvvZnNCmqKZECzHuWRXJVo=,tag:mDSgzazfJKqXIrYfPypiIA==,type:str]",
"pgp": null,
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}

View file

@ -0,0 +1,38 @@
{
config,
pkgs,
...
}: let
domain = "objects.cyplo.dev";
adminDomain = "objects-admin.cyplo.dev";
objectsPort = 10000;
adminPort = 10001;
in {
services.nginx = {
virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {proxyPass = "http://127.0.0.1:" + toString objectsPort;};
};
"${adminDomain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {proxyPass = "http://127.0.0.1:" + toString adminPort;};
};
};
};
sops.secrets."minio-env" = {
sopsFile = ./minio.sops;
format = "binary";
};
services.minio = {
enable = true;
region = "cyplodev";
dataDir = ["/var/lib/minio/data"];
configDir = "/var/lib/minio/config";
listenAddress = ":${toString objectsPort}";
consoleAddress = ":${toString adminPort}";
rootCredentialsFile = "${config.sops.secrets.minio-env.path}";
};
}