nixos/modules/services/web-servers/minio.nix at 17.09-beta · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs
lol
nixpkgs / nixos / modules / services / web-servers / minio.nix
at 17.09-beta 3.2 kB view raw
  1{ config, lib, pkgs, ... }:
  2
  3with lib;
  4
  5let
  6  cfg = config.services.minio;
  7in
  8{
  9  meta.maintainers = [ maintainers.bachp ];
 10
 11  options.services.minio = {
 12    enable = mkEnableOption "Minio Object Storage";
 13
 14    listenAddress = mkOption {
 15      default = ":9000";
 16      type = types.str;
 17      description = "Listen on a specific IP address and port.";
 18    };
 19
 20    dataDir = mkOption {
 21      default = "/var/lib/minio/data";
 22      type = types.path;
 23      description = "The data directory, for storing the objects.";
 24    };
 25
 26    configDir = mkOption {
 27      default = "/var/lib/minio/config";
 28      type = types.path;
 29      description = "The config directory, for the access keys and other settings.";
 30    };
 31
 32    accessKey = mkOption {
 33      default = "";
 34      type = types.str;
 35      description = ''
 36        Access key of 5 to 20 characters in length that clients use to access the server.
 37        This overrides the access key that is generated by minio on first startup and stored inside the
 38        <literal>configDir</literal> directory.
 39      '';
 40    };
 41
 42    secretKey = mkOption {
 43      default = "";
 44      type = types.str;
 45      description = ''
 46        Specify the Secret key of 8 to 40 characters in length that clients use to access the server.
 47        This overrides the secret key that is generated by minio on first startup and stored inside the
 48        <literal>configDir</literal> directory.
 49      '';
 50    };
 51
 52    region = mkOption {
 53      default = "us-east-1";
 54      type = types.str;
 55      description = ''
 56        The physical location of the server. By default it is set to us-east-1, which is same as AWS S3's and Minio's default region.
 57      '';
 58    };
 59
 60    browser = mkOption {
 61      default = true;
 62      type = types.bool;
 63      description = "Enable or disable access to web UI.";
 64    };
 65
 66    package = mkOption {
 67      default = pkgs.minio;
 68      defaultText = "pkgs.minio";
 69      type = types.package;
 70      description = "Minio package to use.";
 71    };
 72  };
 73
 74  config = mkIf cfg.enable {
 75    systemd.services.minio = {
 76      description = "Minio Object Storage";
 77      after = [ "network.target" ];
 78      wantedBy = [ "multi-user.target" ];
 79      preStart = ''
 80        # Make sure directories exist with correct owner
 81        mkdir -p ${cfg.configDir}
 82        chown -R minio:minio ${cfg.configDir}
 83        mkdir -p ${cfg.dataDir}
 84        chown minio:minio ${cfg.dataDir}
 85      '';
 86      serviceConfig = {
 87        PermissionsStartOnly = true;
 88        ExecStart = "${cfg.package}/bin/minio server --address ${cfg.listenAddress} --config-dir=${cfg.configDir} ${cfg.dataDir}";
 89        Type = "simple";
 90        User = "minio";
 91        Group = "minio";
 92        LimitNOFILE = 65536;
 93      };
 94      environment = {
 95        MINIO_REGION = "${cfg.region}";
 96        MINIO_BROWSER = "${if cfg.browser then "on" else "off"}";
 97      } // optionalAttrs (cfg.accessKey != "") {
 98        MINIO_ACCESS_KEY = "${cfg.accessKey}";
 99      } // optionalAttrs (cfg.secretKey != "") {
100        MINIO_SECRET_KEY = "${cfg.secretKey}";
101      };
102    };
103
104    users.extraUsers.minio = {
105      group = "minio";
106      uid = config.ids.uids.minio;
107    };
108
109    users.extraGroups.minio.gid = config.ids.uids.minio;
110  };
111}