commit f0715091856e3641b52e72e1cb90cab33c9088d6 · soopy.moe/gensokyo

+5 -2

creds/sops/renko/default.yaml

···

       2
       2
        
           auth: ENC[AES256_GCM,data:oxbj18DlfPJ+PEdIj6YEdF66ZZNar1l9Mak0Bmqu2AOZWlhCo2aRlrcGfvs7mORplvQmcfh5MwjTqGExjQX4ke28SZ7pszoLMGM3XR2BdedPNsO0KcI/zV19dAL1wijBr1c2qqDJGqqO1P0UzLaUbonl9bskG8L9+lB2pr8aU7z1Unejd/Qq2Ae/3x9Ku82deeP5jGWJkeUae9wADEsBPdbqRbv1bpW5zzmc2A==,iv:x65jPFbodvp3/v09OJ0BIgxMUFOLBkpiKRVMoB8seP4=,tag:wz5UVNBJoSl2994GYjVgpA==,type:str]

     

       3
       3
        
       buildbot:

     

       4
       4
        
           token: ENC[AES256_GCM,data:38NXxDghxuRLPHaDqJ3iUqfewImSNAmMOEcc1+/wt6ser9KKpoO2nZBGrTOJF8DvsHHKYj4hPsBXBRtKVQy2f7eB2RkMjOTWZY/Q9+KgGFy5QEu1YdEPZ897Gk/E6APowQCRfJZ/ExUoxgoUumQSqMy2I++NuPQzlUI10yDDC0HwzLErnfWJDct+XoYdral2OG9GhMI0aglrlLtYHAPG7+dvqGm1N5jhQBrkOw==,iv:yZKW7ssLp+gy204C5ikwh3ivSrEtEl/sH+t17rsaMD0=,tag:umxk8szrR94gDFc7NZP4IA==,type:str]

     

       5
       5
       +
       minio:

     

       6
       6
       +
           root_user: ENC[AES256_GCM,data:yOb0rhdGKjvFe1vX,iv:cKpsXvA660YL0+ut6cOOmXunFhserBOJslVehITNyog=,tag:7Ak5YnVxlGl7bacFWuoyyg==,type:str]

     

       7
       7
       +
           root_pass: ENC[AES256_GCM,data:WR1nmwMZSKyiB+hG9zsYeDIlwLU5evSplS+F8hWnK/F8OdlrUgdgpAr6hHSHNv7k82cOtycKRUq0JlhKFVzQTcjvvGOPt5ftg1lteGJ+Nc0MYm5MHs+jfh3G5M+/9w7wnWgi6pYjWSjGKBPL0pIdR/bTYkzNbPGrYOIqhUjeaKYOXJTF77OypJAkCGijeKcTLkrf0j+5My1k4GiVHWbo09o9EryiJT+YuDdoBw==,iv:wWIk7CuOeN0V1qrICoKNGuXZdbXmK0niFFQvgJJdKNw=,tag:7KS2x+/qkqy5y4LqWNIsVw==,type:str]

     

       5
       8
        
       sops:

     

       6
       9
        
           kms: []

     

       7
       10
        
           gcp_kms: []

     
···

       35
       38
        
                   S2duS3ZmMVZJYW9HOERMc1FadlZIekEKaXDFW+Szv9WlqQMIr6Mc5qYlMyt8M19u

     

       36
       39
        
                   DmMZu5Mzl2bLQK5LQvT/iLktWZZidYKfOuP73HpAFf8iIhYXBOLKMQ==

     

       37
       40
        
                   -----END AGE ENCRYPTED FILE-----

     

       38
       38
       -
           lastmodified: "2025-02-06T14:20:37Z"

     

       39
       39
       -
           mac: ENC[AES256_GCM,data:OPbCYFWnclLA44xSCTOFJ5vhe0HVZh8cdAqdwqLWIqOqM/HSgO1ZSsUR4t12dMaH2eR1mN/UZasn3JEPXIgrBG8bkDdljMXB9QtVcxIErBYauzgVa3FUUha4zJxoZuhUWbLFCzitfF/OBM9u9mabKFudhM9C0yhX6PDG7dvDnC4=,iv:rs3JCJSeoX2IMDgW36wOIup8mzvc3oJ1NZppdnKYWhQ=,tag:4Q7Cyo4/WHF77iaJvuh0aQ==,type:str]

     

       41
       41
       +
           lastmodified: "2025-02-13T17:40:39Z"

     

       42
       42
       +
           mac: ENC[AES256_GCM,data:91bqz+E6GInVIiZ67UR3u+ZGs7BjKgck5gNazotgNT+h9WzXLjR4ASahi3ZRmLb8aAJ/dkkq++oXDYnSN3r2NB4z0UXfD+7/Ic7ZxTjOcj7GiN6enVSndEdtupyc2qhCqRolQbGloaAkUj86QeB8CvoOM/rg26ErKEXIx07MYm4=,iv:XWfTe2vKiMSuV0gUKdn+rygC98ZVNO8f6uGhFLHJs2o=,tag:YJdBi6uzo8EJqU/6cLPzew==,type:str]

     

       40
       43
        
           pgp: []

     

       41
       44
        
           unencrypted_suffix: _unencrypted

     

       42
       45
        
           version: 3.9.4

+1

systems/renko/configuration.nix

···

       2
       2
        
         imports = [

     

       3
       3
        
           ./gui

     

       4
       4
        
           ./development

     

       5
       5
       +
           ./services

     

       5
       6
        
         ];

     

       6
       7
        
       

     

       7
       8
        
         gensokyo = {

+5

systems/renko/hardware-configuration.nix

···

       21
       21
        
           fsType = "btrfs";

     

       22
       22
        
         };

     

       23
       23
        
       

     

       24
       24
       +
         fileSystems."/var/lib/minio/data" = {

     

       25
       25
       +
           label = "MINIO0";

     

       26
       26
       +
           fsType = "xfs";

     

       27
       27
       +
         };

     

       28
       28
       +
       

     

       24
       29
        
         boot.initrd.luks.devices."gock".device = "/dev/disk/by-uuid/9d57daa1-f152-443d-992c-b58cbfa57ec1";

     

       25
       30
        
       

     

       26
       31
        
         fileSystems."/efi" = {

+5

systems/renko/services/default.nix

···

       1
       1
       +
       {...}: {

     

       2
       2
       +
         imports = [

     

       3
       3
       +
           ./minio.nix

     

       4
       4
       +
         ];

     

       5
       5
       +
       }

+28

systems/renko/services/minio.nix

···

       1
       1
       +
       {

     

       2
       2
       +
         _utils,

     

       3
       3
       +
         config,

     

       4
       4
       +
         ...

     

       5
       5
       +
       }: let

     

       6
       6
       +
         secrets = _utils.setupSecrets config {

     

       7
       7
       +
           namespace = "minio";

     

       8
       8
       +
           secrets = [

     

       9
       9
       +
             "root_user"

     

       10
       10
       +
             "root_pass"

     

       11
       11
       +
           ];

     

       12
       12
       +
         };

     

       13
       13
       +
       in {

     

       14
       14
       +
         imports = [

     

       15
       15
       +
           secrets.generate

     

       16
       16
       +
           (secrets.mkTemplate "minio.env" ''

     

       17
       17
       +
             MINIO_ROOT_USER=${secrets.placeholder "root_user"}

     

       18
       18
       +
             MINIO_ROOT_PASSWORD=${secrets.placeholder "root_pass"}

     

       19
       19
       +
           '')

     

       20
       20
       +
         ];

     

       21
       21
       +
       

     

       22
       22
       +
         services.minio = {

     

       23
       23
       +
           enable = true;

     

       24
       24
       +
           region = "ap-east-1";

     

       25
       25
       +
           listenAddress = ":26531"; # will be proxied by koumakan

     

       26
       26
       +
           rootCredentialsFile = secrets.getTemplate "minio.env";

     

       27
       27
       +
         };

     

       28
       28
       +
       }