diff options
| author | Alex Auvolat <alex@adnab.me> | 2021-12-30 13:27:39 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2021-12-30 13:27:39 +0100 |
| commit | a6c4828cb66eb74ef2320f9fa06b59ae299e5c5f (patch) | |
| tree | 5ded6485f84fb80dcf3def315762b9a61ef74c39 | |
| parent | 424e7ae22ca6c2c44574821eff9600997ab96252 (diff) | |
| download | nixcfg-a6c4828cb66eb74ef2320f9fa06b59ae299e5c5f.tar.gz nixcfg-a6c4828cb66eb74ef2320f9fa06b59ae299e5c5f.zip | |
Add systemd service to mount garage
| -rw-r--r-- | .gitignore | 2 | ||||
| -rw-r--r-- | app/bad.csi-s3/deploy/csi-s3.hcl (renamed from app/csi-s3/deploy/csi-s3.hcl) | 0 | ||||
| -rw-r--r-- | app/im/deploy/im.hcl | 4 | ||||
| -rw-r--r-- | configuration.nix | 19 | ||||
| -rwxr-xr-x | deploy.sh | 9 | ||||
| -rw-r--r-- | secrets/rclone.conf.sample | 8 |
6 files changed, 38 insertions, 4 deletions
@@ -1 +1,3 @@ notes/ +secrets/* +!secrets/*.sample diff --git a/app/csi-s3/deploy/csi-s3.hcl b/app/bad.csi-s3/deploy/csi-s3.hcl index 8e70c6a..8e70c6a 100644 --- a/app/csi-s3/deploy/csi-s3.hcl +++ b/app/bad.csi-s3/deploy/csi-s3.hcl diff --git a/app/im/deploy/im.hcl b/app/im/deploy/im.hcl index 734669a..3cf4e95 100644 --- a/app/im/deploy/im.hcl +++ b/app/im/deploy/im.hcl @@ -29,7 +29,7 @@ job "im" { driver = "docker" config { - image = "litestream/litestream" + image = "litestream/litestream:0.3.7" args = [ "restore", "-config", "/etc/litestream.yml", "/ephemeral/homeserver.db" ] @@ -109,7 +109,7 @@ job "im" { task "replicate-db" { driver = "docker" config { - image = "litestream/litestream" + image = "litestream/litestream:0.3.7" args = [ "replicate", "-config", "/etc/litestream.yml" ] diff --git a/configuration.nix b/configuration.nix index c9fecd0..bb44c40 100644 --- a/configuration.nix +++ b/configuration.nix @@ -176,6 +176,7 @@ in htop links git + rclone docker docker-compose ]; @@ -243,6 +244,24 @@ in ]; }; + # Mount Garage using Rclone + systemd.services.mountgarage = { + enable = true; + description = "Mount the Garage data store"; + path = [ + pkgs.fuse + pkgs.rclone + ]; + unitConfig = { + Type = "simple"; + }; + serviceConfig = { + ExecStartPre = "${pkgs.bash}/bin/sh -c \"mkdir -p /mnt/garage-staging; fusermount -u /mnt/garage-staging || exit 0\""; + ExecStart = "${pkgs.rclone}/bin/rclone --config /root/rclone.conf mount --vfs-cache-mode full --vfs-cache-max-size 1G --cache-dir /root/mountgarage-cache staging: /mnt/garage-staging"; + }; + wantedBy = [ "multi-user.target" ]; + }; + # Open ports in the firewall. networking.firewall = { enable = true; @@ -19,10 +19,15 @@ for NIXHOST in $NIXHOSTLIST; do echo "==== DOING $NIXHOST ====" - echo "generating NixOS config" + echo "Sending NixOS config files" + cat configuration.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/configuration.nix > /dev/null cat node/$NIXHOST.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/node.nix > /dev/null cat node/$NIXHOST.site.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/site.nix > /dev/null - echo "rebuilding NixOS" + + echo "Sending secret files" + test -f secrets/rclone.conf && (cat secrets/rclone.conf | ssh -F ssh_config $SSH_DEST sudo tee /root/rclone.conf > /dev/null) + + echo "Rebuilding NixOS" ssh -F ssh_config $SSH_DEST sudo nixos-rebuild switch done diff --git a/secrets/rclone.conf.sample b/secrets/rclone.conf.sample new file mode 100644 index 0000000..048bdba --- /dev/null +++ b/secrets/rclone.conf.sample @@ -0,0 +1,8 @@ +[staging] +type = s3 +provider = Other +env_auth = false +access_key_id = GK... +secret_access_key = ... +endpoint = http://127.0.0.1:3990 +region = garage-staging |