Add minio module for S3-compatible object storage
Label Studio _really_ prefers using a direct object storage model. Can't say I blame them, it makes sense given they are running Python. I had to bump Authentik to not use its default port so that minio could use its own default port. That seemed safest given that Authentik is always proxied but minio/S3 may _not_ be. I'm just not sure.
This commit is contained in:
parent
dbbed7117a
commit
dad759c4b3
5 changed files with 57 additions and 3 deletions
|
|
@ -26,6 +26,7 @@
|
|||
element-web.enable = true;
|
||||
label-studio.enable = true;
|
||||
librechat.enable = true;
|
||||
minio.enable = true;
|
||||
static-websites.enable = true;
|
||||
synapse.enable = true;
|
||||
timecardbot.enable = true;
|
||||
|
|
|
|||
|
|
@ -25,8 +25,8 @@ with lib;
|
|||
listen = {
|
||||
listen_debug = "127.0.0.1:9900";
|
||||
listen_debug_py = "127.0.0.1:9901";
|
||||
listen_http = "127.0.0.1:9000";
|
||||
listen_https = "127.0.0.1:9443";
|
||||
listen_http = "127.0.0.1:10030";
|
||||
listen_https = "127.0.0.1:10031";
|
||||
listen_ldap = "127.0.0.1:3389";
|
||||
listen_ldaps = "127.0.0.1:6636";
|
||||
listen_radius = "127.0.0.1:1812";
|
||||
|
|
@ -35,7 +35,7 @@ with lib;
|
|||
};
|
||||
};
|
||||
services.caddy.virtualHosts."auth.gleipnir.technology".extraConfig = ''
|
||||
reverse_proxy http://127.0.0.1:9000
|
||||
reverse_proxy http://127.0.0.1:10030
|
||||
'';
|
||||
services.postgresql = {
|
||||
ensureDatabases = [ "authentik" ];
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@
|
|||
./fish.nix
|
||||
./label-studio.nix
|
||||
./librechat.nix
|
||||
./minio.nix
|
||||
./openssh.nix
|
||||
./podman.nix
|
||||
./restic
|
||||
|
|
|
|||
29
modules/system/minio.nix
Normal file
29
modules/system/minio.nix
Normal file
|
|
@ -0,0 +1,29 @@
|
|||
{ lib, config, nixpkgs, pkgs, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.myModules.minio.enable = mkEnableOption "custom minio configuration";
|
||||
config = mkIf config.myModules.minio.enable {
|
||||
services.caddy.virtualHosts."s3.gleipnir.technology".extraConfig = ''
|
||||
reverse_proxy http://localhost:10080
|
||||
'';
|
||||
services.minio = {
|
||||
certificatesDir = "/mnt/bigdisk/minio/certificates";
|
||||
configDir = "/mnt/bigdisk/minio/config";
|
||||
consoleAddress = "127.0.0.1:10080";
|
||||
enable = true;
|
||||
dataDir = ["/mnt/bigdisk/minio/data"];
|
||||
rootCredentialsFile = "/var/run/secrets/minio-env";
|
||||
};
|
||||
sops.secrets.minio-env = {
|
||||
format = "dotenv";
|
||||
group = "minio";
|
||||
mode = "0440";
|
||||
owner = "minio";
|
||||
restartUnits = ["minio.service"];
|
||||
sopsFile = ../../secrets/minio.env;
|
||||
};
|
||||
#systemd.tmpfiles.rules = [
|
||||
#"d /mnt/bigdisk/minio 0755 minio minio"
|
||||
#];
|
||||
};
|
||||
}
|
||||
23
secrets/minio.env
Normal file
23
secrets/minio.env
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
MINIO_BROWSER_REDIRECT_URL=ENC[AES256_GCM,data:C2FUvvKDYBs8T8awUjGxcOmbi0YW1nZaF20g5/fF,iv:G0lGNVCimUYKScGU8wA36gJcAkVIJAOIB2f1xvQBZr8=,tag:FRzKstCYW/RHa/6LJzBxyw==,type:str]
|
||||
MINIO_ROOT_USER=ENC[AES256_GCM,data:FWHZVWGWMY4NEd/lp6FNuy1VQ38SnIR288q3oZ7mrvb0AXc2,iv:hI4kZM/JlOK6qGE4Xi29Vrjaudk53b0v/wOd9EKgx6k=,tag:H8gopq1obn5Y0fPNreFU8w==,type:str]
|
||||
MINIO_ROOT_PASSWORD=ENC[AES256_GCM,data:c+TiLy6KE7MpMQ2DXgPB41BIJqwpHsj/k8QbdUOP3KVQ2gET,iv:e2BJMKjUeKeWOlWL8yg/gTijmf7a0OF0Hu75tUQ8/K4=,tag:jENZIAh3wi3/SQDPv8Gi/A==,type:str]
|
||||
MINIO_IDENTITY_OPENID_CONFIG_URL=ENC[AES256_GCM,data:0jgUN5XUzbpl+doSbVSnMXpoJtJy4CXvTJ864bCksTTHKciGcWMIDoK/xBDjcjPQ9Ny3M6RyOhouLOp7Zz4SIVKbqJQj5eGHKTBu2LSlnZx4gg==,iv:QJQDfqWYcupF14qE4mXmE2L13njpjgh5SSDbcS+gxto=,tag:QP5RVKF3JTDwPblBfPIElA==,type:str]
|
||||
MINIO_IDENTITY_OPENID_CLIENT_ID=ENC[AES256_GCM,data:2dDnsk5pr/YZVLO6MeO+N1mOdFMUZaYhtNUtBM4bg51ysIEwRWEIZA==,iv:oWeGcXVxrZ5wqdCp5/BAdm4DlWZOf9kH6FhjE3wpZew=,tag:f3J5EH+RgXAA2TmO+UArCg==,type:str]
|
||||
MINIO_IDENTITY_OPENID_CLIENT_SECRET=ENC[AES256_GCM,data:20wnwfCA+eeMyQl4kZbTqYjixIsAQ9qjNLZXqJaOuI75CrhU/T/DZ+sR8O+yLCB6twyShbvYLPz/uLjyh7V5b+ypkS+Ql4o9uZ2h1xHhtk9MwkyJkTF3SnEDI9ehUvgmkWvPy7SB/q48W5U22Ujx3MwLcDM8Kh7+5PLF3GQDi2M=,iv:p6JXHkjNxuLPRaxS91rspwlLNxxPPBHlT/AXxK3fsVg=,tag:goWn/hsSQzx5QHaBPG8vdg==,type:str]
|
||||
MINIO_IDENTITY_OPENID_DISPLAY_NAME=ENC[AES256_GCM,data:VeWvfk89zYiaoPD6Cm299luW,iv:R99ylbdgizL0CFWtKaPisOQiWkHfpmEI4ge4Yg+XZzw=,tag:VhbSv3f09bKQFHGp1Q8jtw==,type:str]
|
||||
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlczY3WTFzb0ptNjBkY3Bt\naVk0ZU1SbWk1Y2xENFp6YTlXNUgzaGplMndNCm1JUXdRcVY0SytQWmFKOW5JRkxM\ndUVxYTVGMFpEWTNSWTJwbnNYcWptNXMKLS0tIHk0YTNMbzlvaHhwODlHeTRXWi9C\nb1JMVXdFaTFkeDVVVmxaU0ZXbWZFM0EK2jWRxg19oSXRYXKqpwK74SdP+LP+17zn\njyh/jXHK9dJ8TfqUk1+STVZfFfaKv/QXLl1EYkDY2iMwZMtTZQc/PQ==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_0__map_recipient=age1fnkhk9rv7r8gh84vxnhvndk4fgh20qcj4hvnfhdpumcydl6m6vrse50lrz
|
||||
sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3dUY1MFQrNnVzWTV0Nkt5\nbFZEdGdPaVlrQXkwcGZBMXMzZURUMXFTamdZCnZTb2tOblpQMEg4cndEOEpvcUtL\nZkgyRDEyQXZXeVdkZHEydGFwZmlMT1UKLS0tIFd4cUdXU2lmYnI4M00xNVRBdFc0\nVURweDlINkp4ZnF2Y3YxMS9EN2J0NmsKgt4VjROqaoDKsUmoPMMY+JfyPgawCqYa\nsUTbRRbYrFRrmCih9lRpwy7WaEDyIHd8kJwm9qsneym6gSQQ4XbThg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_1__map_recipient=age1x704pjnueguchkl54ly8w4w26ltys5900v7xnl7w3zlgasus09jszz45t8
|
||||
sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDN1lVeWJROTZzWmllRndW\nZWwzUzIyelBkbGltZHM0NjNGd1psZERTRlZvCjBpUUtMWnhlcm1ieXR1bDNNdWlQ\nY0tFc1VhQlkyZ3hrR1VnQnczbWVSM0kKLS0tIFVVcmM3c3pjbVlwaDA3S2NwVHA2\nU21lb1JhRlgwN3ZmdXdWOTk5NmQxSEUKaiRUbl9/mX458ZjeGWQh9qMzwzDczgwf\nhZDw9DyzDUinVjgh1AM3SucSY5BJApFfJC1PHhKt3Kf/n74L1CQXpg==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_2__map_recipient=age15y4k929zaj9fdg3vd40pa40tgvrgv9mn22xfummn5zxfmkcw5d0st6prjx
|
||||
sops_age__list_3__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaMmMzWlVrc3JsQ2IrNFUw\nQWRGcDNZV1dXVVBqajM4R253bGxKZHlzSTBFCkVySGhnRW1kUmxPVWZESGNMSlJB\ndWYrRi9RaWVJaW90ME9zd3B5MUsvazgKLS0tIHd5blVHamcyNHVIZmtjV2M0dHVQ\nS3lWUkhMaHFvdC9Sc20rWFBnUUZQbzgK1yIYy1ZtppSvvCq6JPOvzWWAMVJioFCC\njJlK9iIn7fAtzOntR55Bv0fh0B0ld8kIK0+EDXiAvULwiYk+OWlW3w==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_3__map_recipient=age1ck44jqpuz3zlthquvuh7wsemrjrgfzhn462sk7rlfetwxpgy0uqs79xn2h
|
||||
sops_age__list_4__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQWwvemw3UUZ6Ny9ETjlx\nL0dqciszWC9pWFBBUVBhdHZhci9WMmFCN1JRCkFvbFg3R2l5aHMwYVFwUVVtZE9E\nSnZQbWw5RHdqenh1MXNOc21ZeVpIcGsKLS0tIGdteGpydDJxTEY2NXJ6eHNGR0NL\nS0V1VGNsUndtZkZQNkRDMi8vQmx6SDQKv5ZI4u6fEz6xndpVN/kLZDukvTgz+w2p\nnj1bG72SlK6tHEYZhTPOoG1HA779PaBikEZbxSh58EKADiScMh+ORA==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_4__map_recipient=age1t3ryfktuhr3cysf49m9q2n8fkjf9ajjjnhztxw9hz8paxgk4lpcq065jge
|
||||
sops_age__list_5__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiKzVKUlFRZXJad0VSUlNv\nTFVxYk91ZVUrNVFKYWJCSkQyWmhoUXVmd21FCmJUeENtaS8xTGxWMGs3T1hpNTBF\ndTBxM0ZTeHFxbStCckNkdWI1bDBHbGcKLS0tIHBUV1JIREJITTN3NEQ1ZTFJVnFM\nektnRDJsS0c5bkRzMVpubTdCdFlZajgKSyzgndvE6WuK+TCM7U1PZqYomKmGY/T9\nb7DsyVKpVJbHXuc2QH74bCLex4gWTMq+fcCitFppAgSqRgOR2HER+Q==\n-----END AGE ENCRYPTED FILE-----\n
|
||||
sops_age__list_5__map_recipient=age1j90h7hcp4fctr2xwj4zf9cxuelm43wkujvryc9hk6rzzc37rwdmss035w7
|
||||
sops_lastmodified=2025-10-01T19:24:59Z
|
||||
sops_mac=ENC[AES256_GCM,data:Ux7w31FYj9ittlzwbfEtSb5uHX9mPGLvcvWUahiVWLoB0skTptIEz9jpoLwNKDG4PmCBPiafn55tIFY4pegWV8T2LFrou6EuDX/neT3TmAJzrJH2pYGria+LmNBU2I/8Cdt+8anse/9VKmvjXXyskh4Py10LVne+k9BH61M7N78=,iv:ki245jSmOa1bJ7yfgzF/p4Z5qdoFes9ViW/jUETdXw8=,tag:0TdSR1MfUL1kEdWojKnOiA==,type:str]
|
||||
sops_unencrypted_suffix=_unencrypted
|
||||
sops_version=3.10.2
|
||||
Loading…
Add table
Add a link
Reference in a new issue