homelab framework module init (everything is a mess)

2025-07-28 02:05:13 +02:00 · 2025-07-28 02:05:13 +02:00 · bcbcc8b17b
commit bcbcc8b17b
parent 0347f4d325
94 changed files with 7289 additions and 436 deletions
--- a/machines/photos/minio.nix
+++ b/machines/photos/minio.nix
@ -1,6 +1,35 @@
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  sops.secrets."ente/minio/root_user" = {};
+  sops.secrets."ente/minio/root_password" = {};
+
+  sops.templates."minio-root-credentials".content = ''
+    MINIO_ROOT_USER=${config.sops.placeholder."ente/minio/root_user"}
+    MINIO_ROOT_PASSWORD=${config.sops.placeholder."ente/minio/root_password"}
+  '';
+
  services.minio = {
    enable = true;
-    rootCredentialsFile = "/etc/nixos/minio-root-credentials";
+    rootCredentialsFile = config.sops.templates."minio-root-credentials".path;
  };
+
+  systemd.services.minio = {
+    environment.MINIO_SERVER_URL = "https://ente-minio-api.procopius.dk";
+    postStart = ''
+      # Wait until minio is up
+      ${lib.getExe pkgs.curl} --retry 5 --retry-connrefused --fail --no-progress-meter -o /dev/null "http://localhost:9000/minio/health/live"
+
+      # Make sure bucket exists
+      mkdir -p ${lib.escapeShellArg config.services.minio.dataDir}/ente
+    '';
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    9000
+    9001
+  ];
 }