aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--.gitignore2
-rw-r--r--app/bad.csi-s3/deploy/csi-s3.hcl (renamed from app/csi-s3/deploy/csi-s3.hcl)0
-rw-r--r--app/im/deploy/im.hcl4
-rw-r--r--configuration.nix19
-rwxr-xr-xdeploy.sh9
-rw-r--r--secrets/rclone.conf.sample8
6 files changed, 38 insertions, 4 deletions
diff --git a/.gitignore b/.gitignore
index e61812f..f19976d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,3 @@
notes/
+secrets/*
+!secrets/*.sample
diff --git a/app/csi-s3/deploy/csi-s3.hcl b/app/bad.csi-s3/deploy/csi-s3.hcl
index 8e70c6a..8e70c6a 100644
--- a/app/csi-s3/deploy/csi-s3.hcl
+++ b/app/bad.csi-s3/deploy/csi-s3.hcl
diff --git a/app/im/deploy/im.hcl b/app/im/deploy/im.hcl
index 734669a..3cf4e95 100644
--- a/app/im/deploy/im.hcl
+++ b/app/im/deploy/im.hcl
@@ -29,7 +29,7 @@ job "im" {
driver = "docker"
config {
- image = "litestream/litestream"
+ image = "litestream/litestream:0.3.7"
args = [
"restore", "-config", "/etc/litestream.yml", "/ephemeral/homeserver.db"
]
@@ -109,7 +109,7 @@ job "im" {
task "replicate-db" {
driver = "docker"
config {
- image = "litestream/litestream"
+ image = "litestream/litestream:0.3.7"
args = [
"replicate", "-config", "/etc/litestream.yml"
]
diff --git a/configuration.nix b/configuration.nix
index c9fecd0..bb44c40 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -176,6 +176,7 @@ in
htop
links
git
+ rclone
docker
docker-compose
];
@@ -243,6 +244,24 @@ in
];
};
+ # Mount Garage using Rclone
+ systemd.services.mountgarage = {
+ enable = true;
+ description = "Mount the Garage data store";
+ path = [
+ pkgs.fuse
+ pkgs.rclone
+ ];
+ unitConfig = {
+ Type = "simple";
+ };
+ serviceConfig = {
+ ExecStartPre = "${pkgs.bash}/bin/sh -c \"mkdir -p /mnt/garage-staging; fusermount -u /mnt/garage-staging || exit 0\"";
+ ExecStart = "${pkgs.rclone}/bin/rclone --config /root/rclone.conf mount --vfs-cache-mode full --vfs-cache-max-size 1G --cache-dir /root/mountgarage-cache staging: /mnt/garage-staging";
+ };
+ wantedBy = [ "multi-user.target" ];
+ };
+
# Open ports in the firewall.
networking.firewall = {
enable = true;
diff --git a/deploy.sh b/deploy.sh
index 989e4dd..e4470c0 100755
--- a/deploy.sh
+++ b/deploy.sh
@@ -19,10 +19,15 @@ for NIXHOST in $NIXHOSTLIST; do
echo "==== DOING $NIXHOST ===="
- echo "generating NixOS config"
+ echo "Sending NixOS config files"
+
cat configuration.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/configuration.nix > /dev/null
cat node/$NIXHOST.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/node.nix > /dev/null
cat node/$NIXHOST.site.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/site.nix > /dev/null
- echo "rebuilding NixOS"
+
+ echo "Sending secret files"
+ test -f secrets/rclone.conf && (cat secrets/rclone.conf | ssh -F ssh_config $SSH_DEST sudo tee /root/rclone.conf > /dev/null)
+
+ echo "Rebuilding NixOS"
ssh -F ssh_config $SSH_DEST sudo nixos-rebuild switch
done
diff --git a/secrets/rclone.conf.sample b/secrets/rclone.conf.sample
new file mode 100644
index 0000000..048bdba
--- /dev/null
+++ b/secrets/rclone.conf.sample
@@ -0,0 +1,8 @@
+[staging]
+type = s3
+provider = Other
+env_auth = false
+access_key_id = GK...
+secret_access_key = ...
+endpoint = http://127.0.0.1:3990
+region = garage-staging