diff --git a/host/corp/configuration.nix b/host/corp/configuration.nix index f25dfa2..9b47550 100644 --- a/host/corp/configuration.nix +++ b/host/corp/configuration.nix @@ -26,6 +26,7 @@ element-web.enable = true; label-studio.enable = true; librechat.enable = true; + minio.enable = true; static-websites.enable = true; synapse.enable = true; timecardbot.enable = true; diff --git a/modules/system/authentik.nix b/modules/system/authentik.nix index 6d87aa3..87fa92c 100644 --- a/modules/system/authentik.nix +++ b/modules/system/authentik.nix @@ -25,8 +25,8 @@ with lib; listen = { listen_debug = "127.0.0.1:9900"; listen_debug_py = "127.0.0.1:9901"; - listen_http = "127.0.0.1:9000"; - listen_https = "127.0.0.1:9443"; + listen_http = "127.0.0.1:10030"; + listen_https = "127.0.0.1:10031"; listen_ldap = "127.0.0.1:3389"; listen_ldaps = "127.0.0.1:6636"; listen_radius = "127.0.0.1:1812"; @@ -35,7 +35,7 @@ with lib; }; }; services.caddy.virtualHosts."auth.gleipnir.technology".extraConfig = '' - reverse_proxy http://127.0.0.1:9000 + reverse_proxy http://127.0.0.1:10030 ''; services.postgresql = { ensureDatabases = [ "authentik" ]; diff --git a/modules/system/default.nix b/modules/system/default.nix index 2a2efef..7f9b1de 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -14,6 +14,7 @@ ./fish.nix ./label-studio.nix ./librechat.nix + ./minio.nix ./openssh.nix ./podman.nix ./restic diff --git a/modules/system/minio.nix b/modules/system/minio.nix new file mode 100644 index 0000000..7e643c7 --- /dev/null +++ b/modules/system/minio.nix @@ -0,0 +1,29 @@ +{ lib, config, nixpkgs, pkgs, ... }: +with lib; +{ + options.myModules.minio.enable = mkEnableOption "custom minio configuration"; + config = mkIf config.myModules.minio.enable { + services.caddy.virtualHosts."s3.gleipnir.technology".extraConfig = '' + reverse_proxy http://localhost:10080 + ''; + services.minio = { + certificatesDir = "/mnt/bigdisk/minio/certificates"; + configDir = "/mnt/bigdisk/minio/config"; + consoleAddress = "127.0.0.1:10080"; + enable = true; + dataDir = ["/mnt/bigdisk/minio/data"]; + rootCredentialsFile = "/var/run/secrets/minio-env"; + }; + sops.secrets.minio-env = { + format = "dotenv"; + group = "minio"; + mode = "0440"; + owner = "minio"; + restartUnits = ["minio.service"]; + sopsFile = ../../secrets/minio.env; + }; + #systemd.tmpfiles.rules = [ + #"d /mnt/bigdisk/minio 0755 minio minio" + #]; + }; +} diff --git a/secrets/minio.env b/secrets/minio.env new file mode 100644 index 0000000..7f10881 --- /dev/null +++ b/secrets/minio.env @@ -0,0 +1,23 @@ +MINIO_BROWSER_REDIRECT_URL=ENC[AES256_GCM,data:C2FUvvKDYBs8T8awUjGxcOmbi0YW1nZaF20g5/fF,iv:G0lGNVCimUYKScGU8wA36gJcAkVIJAOIB2f1xvQBZr8=,tag:FRzKstCYW/RHa/6LJzBxyw==,type:str] +MINIO_ROOT_USER=ENC[AES256_GCM,data:FWHZVWGWMY4NEd/lp6FNuy1VQ38SnIR288q3oZ7mrvb0AXc2,iv:hI4kZM/JlOK6qGE4Xi29Vrjaudk53b0v/wOd9EKgx6k=,tag:H8gopq1obn5Y0fPNreFU8w==,type:str] +MINIO_ROOT_PASSWORD=ENC[AES256_GCM,data:c+TiLy6KE7MpMQ2DXgPB41BIJqwpHsj/k8QbdUOP3KVQ2gET,iv:e2BJMKjUeKeWOlWL8yg/gTijmf7a0OF0Hu75tUQ8/K4=,tag:jENZIAh3wi3/SQDPv8Gi/A==,type:str] +MINIO_IDENTITY_OPENID_CONFIG_URL=ENC[AES256_GCM,data:0jgUN5XUzbpl+doSbVSnMXpoJtJy4CXvTJ864bCksTTHKciGcWMIDoK/xBDjcjPQ9Ny3M6RyOhouLOp7Zz4SIVKbqJQj5eGHKTBu2LSlnZx4gg==,iv:QJQDfqWYcupF14qE4mXmE2L13njpjgh5SSDbcS+gxto=,tag:QP5RVKF3JTDwPblBfPIElA==,type:str] +MINIO_IDENTITY_OPENID_CLIENT_ID=ENC[AES256_GCM,data:2dDnsk5pr/YZVLO6MeO+N1mOdFMUZaYhtNUtBM4bg51ysIEwRWEIZA==,iv:oWeGcXVxrZ5wqdCp5/BAdm4DlWZOf9kH6FhjE3wpZew=,tag:f3J5EH+RgXAA2TmO+UArCg==,type:str] +MINIO_IDENTITY_OPENID_CLIENT_SECRET=ENC[AES256_GCM,data:20wnwfCA+eeMyQl4kZbTqYjixIsAQ9qjNLZXqJaOuI75CrhU/T/DZ+sR8O+yLCB6twyShbvYLPz/uLjyh7V5b+ypkS+Ql4o9uZ2h1xHhtk9MwkyJkTF3SnEDI9ehUvgmkWvPy7SB/q48W5U22Ujx3MwLcDM8Kh7+5PLF3GQDi2M=,iv:p6JXHkjNxuLPRaxS91rspwlLNxxPPBHlT/AXxK3fsVg=,tag:goWn/hsSQzx5QHaBPG8vdg==,type:str] +MINIO_IDENTITY_OPENID_DISPLAY_NAME=ENC[AES256_GCM,data:VeWvfk89zYiaoPD6Cm299luW,iv:R99ylbdgizL0CFWtKaPisOQiWkHfpmEI4ge4Yg+XZzw=,tag:VhbSv3f09bKQFHGp1Q8jtw==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlczY3WTFzb0ptNjBkY3Bt\naVk0ZU1SbWk1Y2xENFp6YTlXNUgzaGplMndNCm1JUXdRcVY0SytQWmFKOW5JRkxM\ndUVxYTVGMFpEWTNSWTJwbnNYcWptNXMKLS0tIHk0YTNMbzlvaHhwODlHeTRXWi9C\nb1JMVXdFaTFkeDVVVmxaU0ZXbWZFM0EK2jWRxg19oSXRYXKqpwK74SdP+LP+17zn\njyh/jXHK9dJ8TfqUk1+STVZfFfaKv/QXLl1EYkDY2iMwZMtTZQc/PQ==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=age1fnkhk9rv7r8gh84vxnhvndk4fgh20qcj4hvnfhdpumcydl6m6vrse50lrz +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dUY1MFQrNnVzWTV0Nkt5\nbFZEdGdPaVlrQXkwcGZBMXMzZURUMXFTamdZCnZTb2tOblpQMEg4cndEOEpvcUtL\nZkgyRDEyQXZXeVdkZHEydGFwZmlMT1UKLS0tIFd4cUdXU2lmYnI4M00xNVRBdFc0\nVURweDlINkp4ZnF2Y3YxMS9EN2J0NmsKgt4VjROqaoDKsUmoPMMY+JfyPgawCqYa\nsUTbRRbYrFRrmCih9lRpwy7WaEDyIHd8kJwm9qsneym6gSQQ4XbThg==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=age1x704pjnueguchkl54ly8w4w26ltys5900v7xnl7w3zlgasus09jszz45t8 +sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDN1lVeWJROTZzWmllRndW\nZWwzUzIyelBkbGltZHM0NjNGd1psZERTRlZvCjBpUUtMWnhlcm1ieXR1bDNNdWlQ\nY0tFc1VhQlkyZ3hrR1VnQnczbWVSM0kKLS0tIFVVcmM3c3pjbVlwaDA3S2NwVHA2\nU21lb1JhRlgwN3ZmdXdWOTk5NmQxSEUKaiRUbl9/mX458ZjeGWQh9qMzwzDczgwf\nhZDw9DyzDUinVjgh1AM3SucSY5BJApFfJC1PHhKt3Kf/n74L1CQXpg==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_2__map_recipient=age15y4k929zaj9fdg3vd40pa40tgvrgv9mn22xfummn5zxfmkcw5d0st6prjx +sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaMmMzWlVrc3JsQ2IrNFUw\nQWRGcDNZV1dXVVBqajM4R253bGxKZHlzSTBFCkVySGhnRW1kUmxPVWZESGNMSlJB\ndWYrRi9RaWVJaW90ME9zd3B5MUsvazgKLS0tIHd5blVHamcyNHVIZmtjV2M0dHVQ\nS3lWUkhMaHFvdC9Sc20rWFBnUUZQbzgK1yIYy1ZtppSvvCq6JPOvzWWAMVJioFCC\njJlK9iIn7fAtzOntR55Bv0fh0B0ld8kIK0+EDXiAvULwiYk+OWlW3w==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_3__map_recipient=age1ck44jqpuz3zlthquvuh7wsemrjrgfzhn462sk7rlfetwxpgy0uqs79xn2h +sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQWwvemw3UUZ6Ny9ETjlx\nL0dqciszWC9pWFBBUVBhdHZhci9WMmFCN1JRCkFvbFg3R2l5aHMwYVFwUVVtZE9E\nSnZQbWw5RHdqenh1MXNOc21ZeVpIcGsKLS0tIGdteGpydDJxTEY2NXJ6eHNGR0NL\nS0V1VGNsUndtZkZQNkRDMi8vQmx6SDQKv5ZI4u6fEz6xndpVN/kLZDukvTgz+w2p\nnj1bG72SlK6tHEYZhTPOoG1HA779PaBikEZbxSh58EKADiScMh+ORA==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_4__map_recipient=age1t3ryfktuhr3cysf49m9q2n8fkjf9ajjjnhztxw9hz8paxgk4lpcq065jge +sops_age__list_5__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiKzVKUlFRZXJad0VSUlNv\nTFVxYk91ZVUrNVFKYWJCSkQyWmhoUXVmd21FCmJUeENtaS8xTGxWMGs3T1hpNTBF\ndTBxM0ZTeHFxbStCckNkdWI1bDBHbGcKLS0tIHBUV1JIREJITTN3NEQ1ZTFJVnFM\nektnRDJsS0c5bkRzMVpubTdCdFlZajgKSyzgndvE6WuK+TCM7U1PZqYomKmGY/T9\nb7DsyVKpVJbHXuc2QH74bCLex4gWTMq+fcCitFppAgSqRgOR2HER+Q==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_5__map_recipient=age1j90h7hcp4fctr2xwj4zf9cxuelm43wkujvryc9hk6rzzc37rwdmss035w7 +sops_lastmodified=2025-10-01T19:24:59Z +sops_mac=ENC[AES256_GCM,data:Ux7w31FYj9ittlzwbfEtSb5uHX9mPGLvcvWUahiVWLoB0skTptIEz9jpoLwNKDG4PmCBPiafn55tIFY4pegWV8T2LFrou6EuDX/neT3TmAJzrJH2pYGria+LmNBU2I/8Cdt+8anse/9VKmvjXXyskh4Py10LVne+k9BH61M7N78=,iv:ki245jSmOa1bJ7yfgzF/p4Z5qdoFes9ViW/jUETdXw8=,tag:0TdSR1MfUL1kEdWojKnOiA==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.10.2