{ config, pkgs, ... }: let api_domain = "s3.luj.fr"; in { services.garage = { enable = true; package = pkgs.garage_1_0_1; settings = { replication_factor = 1; db_engine = "lmdb"; compression_level = 0; s3_api = { s3_region = "paris"; api_bind_addr = "[::]:3900"; root_domain = ".${api_domain}"; }; s3_web = { bind_addr = "127.0.0.1:3902"; root_domain = ".cdn.luj.fr"; index = "index.html"; }; rpc_bind_addr = "[::]:3901"; rpc_public_addr = "127.0.0.1:3901"; admin.api_bind_addr = "127.0.0.1:3903"; }; environmentFile = config.age.secrets."garage-env-file".path; }; age.secrets."garage-env-file".file = ../../secrets/garage-env-file.age; services.nginx.virtualHosts."${api_domain}" = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:3900"; extraConfig = '' proxy_max_temp_file_size 0; client_max_body_size 5G; ''; }; }; services.nginx.virtualHosts."cdn.luj.fr" = { enableACME = true; forceSSL = true; serverAliases = [ "luj.fr" ]; locations."/".extraConfig = '' proxy_pass http://127.0.0.1:3902; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; ''; }; machine.meta.zones."luj.fr".A = [ config.machine.meta.ips.public.ipv4 ]; machine.meta.zones."luj.fr".AAAA = [ config.machine.meta.ips.public.ipv6 ]; machine.meta.probes.monitors."s3.luj.fr - IPv4".accepted_statuscodes = [ "403" ]; machine.meta.probes.monitors."s3.luj.fr - IPv6".accepted_statuscodes = [ "403" ]; machine.meta.probes.monitors."cdn.luj.fr - IPv4".accepted_statuscodes = [ "404" ]; machine.meta.probes.monitors."cdn.luj.fr - IPv6".accepted_statuscodes = [ "404" ]; machine.meta.probes.monitors = { "luj.fr - IPv4" = { url = "https://${config.machine.meta.ips.public.ipv4}"; type = "http"; accepted_statuscodes = [ "200-299" ]; notificationIDList = [ 1 ]; headers = '' { "Host": "luj.fr" } ''; }; "luj.fr - IPv6" = { url = "https://[${config.machine.meta.ips.public.ipv6}]"; type = "http"; accepted_statuscodes = [ "200-299" ]; notificationIDList = [ 1 ]; headers = '' { "Host": "luj.fr" } ''; }; }; }