kay/minio: initHEADmaster

1 files changed, 36 insertions, 0 deletions

diff --git a/os/kay/modules/minio.nix b/os/kay/modules/minio.nix
new file mode 100644
index 0000000..d440e50
--- /dev/null
+++ b/os/kay/modules/minio.nix
@@ -0,0 +1,36 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  email = config.global.userdata.email;
+in
+{
+  sops.secrets."misc/default_password" = { };
+  systemd.services.minio.serviceConfig.LoadCredential = [
+    "password:${config.sops.secrets."misc/default_password".path}"
+  ];
+
+  services.minio = {
+    enable = true;
+    consoleAddress = ":9003";
+
+    package = pkgs.stdenv.mkDerivation {
+      name = "minio-with-secrets";
+      dontUnpack = true;
+      buildInputs = with pkgs; [
+        makeWrapper
+        minio
+      ];
+      installPhase = ''
+        mkdir -p $out/bin
+        makeWrapper ${lib.getExe pkgs.minio} $out/bin/minio \
+          --run 'echo "Seting Minio Secrets"' \
+          --set MINIO_ROOT_USER ${email} \
+          --run 'export MINIO_ROOT_PASSWORD="$(cat "$CREDENTIALS_DIRECTORY"/password)"'
+      '';
+    };
+  };
+}