summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorsinanmohd <sinan@sinanmohd.com>2025-06-21 09:37:21 +0530
committersinanmohd <sinan@sinanmohd.com>2025-06-21 09:37:21 +0530
commit0d5b9ed74d9efbb11cda074b2e690c9e6dac8272 (patch)
tree796248641b32b7a3eee252c3cc6fc14b3c23a4b2
parent8550c0e84133accdf60d01433b1fbd6ce52d1baf (diff)
kay/minio: initHEADmaster
Diffstat
-rw-r--r--os/kay/configuration.nix1
-rw-r--r--os/kay/modules/dns/sinanmohd.com.zone4
-rw-r--r--os/kay/modules/minio.nix36
-rw-r--r--os/kay/modules/www.nix44
4 files changed, 84 insertions, 1 deletions
diff --git a/os/kay/configuration.nix b/os/kay/configuration.nix
index a7765a8..ff9b225 100644
--- a/os/kay/configuration.nix
+++ b/os/kay/configuration.nix
@@ -19,6 +19,7 @@
./modules/immich.nix
./modules/observability
./modules/alina.nix
+ ./modules/minio.nix
];
networking.hostName = "kay";
diff --git a/os/kay/modules/dns/sinanmohd.com.zone b/os/kay/modules/dns/sinanmohd.com.zone
index 5880c01..0307cd6 100644
--- a/os/kay/modules/dns/sinanmohd.com.zone
+++ b/os/kay/modules/dns/sinanmohd.com.zone
@@ -2,7 +2,7 @@ $ORIGIN sinanmohd.com.
$TTL 2d
@ IN SOA ns1 hostmaster (
- 2025062000 ; serial
+ 2025062100 ; serial
2h ; refresh
5m ; retry
1d ; expire
@@ -47,5 +47,7 @@ immich IN CNAME @
sliding IN CNAME @
grafana IN CNAME @
stalwart IN CNAME @
+minio IN CNAME @
+s3 IN CNAME @
_acme-challenge IN NS ns1
diff --git a/os/kay/modules/minio.nix b/os/kay/modules/minio.nix
new file mode 100644
index 0000000..d440e50
--- /dev/null
+++ b/os/kay/modules/minio.nix
@@ -0,0 +1,36 @@
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
+let
+ email = config.global.userdata.email;
+in
+{
+ sops.secrets."misc/default_password" = { };
+ systemd.services.minio.serviceConfig.LoadCredential = [
+ "password:${config.sops.secrets."misc/default_password".path}"
+ ];
+
+ services.minio = {
+ enable = true;
+ consoleAddress = ":9003";
+
+ package = pkgs.stdenv.mkDerivation {
+ name = "minio-with-secrets";
+ dontUnpack = true;
+ buildInputs = with pkgs; [
+ makeWrapper
+ minio
+ ];
+ installPhase = ''
+ mkdir -p $out/bin
+ makeWrapper ${lib.getExe pkgs.minio} $out/bin/minio \
+ --run 'echo "Seting Minio Secrets"' \
+ --set MINIO_ROOT_USER ${email} \
+ --run 'export MINIO_ROOT_PASSWORD="$(cat "$CREDENTIALS_DIRECTORY"/password)"'
+ '';
+ };
+ };
+}
diff --git a/os/kay/modules/www.nix b/os/kay/modules/www.nix
index 1e1eb79..6b8e285 100644
--- a/os/kay/modules/www.nix
+++ b/os/kay/modules/www.nix
@@ -169,6 +169,50 @@ in
};
};
+ "s3.${domain}" = defaultOpts // {
+ extraConfig = ''
+ # Allow special characters in headers
+ ignore_invalid_headers off;
+ # Allow any size file to be uploaded.
+ # Set to a value such as 1000m; to restrict file size to a specific value
+ client_max_body_size 0;
+ # Disable buffering
+ proxy_buffering off;
+ proxy_request_buffering off;
+ '';
+ locations."/" = {
+ proxyWebsockets = true;
+ proxyPass = "http://127.0.0.1:9000";
+ extraConfig = ''
+ proxy_connect_timeout 300;
+ chunked_transfer_encoding off;
+ '';
+ };
+ };
+
+ "minio.${domain}" = defaultOpts // {
+ extraConfig = ''
+ # Allow special characters in headers
+ ignore_invalid_headers off;
+ # Allow any size file to be uploaded.
+ # Set to a value such as 1000m; to restrict file size to a specific value
+ client_max_body_size 0;
+ # Disable buffering
+ proxy_buffering off;
+ proxy_request_buffering off;
+ '';
+ locations."/" = {
+ proxyWebsockets = true;
+ proxyPass = "http://127.0.0.1:9003";
+ extraConfig = ''
+ # This is necessary to pass the correct IP to be hashed
+ real_ip_header X-Real-IP;
+ proxy_connect_timeout 300;
+ chunked_transfer_encoding off;
+ '';
+ };
+ };
+
"mta-sts.${domain}" = defaultOpts // {
extraConfig = ''
ssl_early_data on;