systems/palatine-hill/garage.nix

{
  config,
  pkgs,
  ...
}:

let
  vars = import ./vars.nix;
  basePath = "${vars.primary_minio}/garage";
in
{
  services.garage = {
    enable = true;
    package = pkgs.garage;
    logLevel = "info";
    settings = {
      metadata_dir = "${basePath}/meta";
      data_dir = "${basePath}/data";
      db_engine = "sqlite";
      replication_factor = 1;

      rpc_bind_addr = "127.0.0.1:8504";
      rpc_public_addr = "127.0.0.1:8504";
      rpc_secret_file = config.sops.secrets."garage/rpc-secret".path;

      s3_api = {
        api_bind_addr = "127.0.0.1:8502";
        s3_region = "us-east-1";
        root_domain = ".s3.nayeonie.com";
      };

      admin = {
        api_bind_addr = "127.0.0.1:8503";
        admin_token_file = config.sops.secrets."garage/admin-token".path;
      };
    };
  };

  systemd.tmpfiles.rules = [
    "d ${basePath}/meta 0750 garage garage -"
    "d ${basePath}/data 0750 garage garage -"
  ];

  systemd.services.garage = {
    unitConfig.RequiresMountsFor = [
      vars.primary_minio
      basePath
      "${basePath}/meta"
      "${basePath}/data"
    ];
    preStart = ''
      mkdir -p ${basePath}/meta ${basePath}/data
      chown -R garage:garage ${basePath}/meta ${basePath}/data
    '';
    serviceConfig = {
      PermissionsStartOnly = true;
      DynamicUser = false;
      User = "garage";
      Group = "garage";
    };
  };

  users.groups.garage = { };
  users.users.garage = {
    isSystemUser = true;
    group = "garage";
  };

  sops.secrets = {
    "garage/rpc-secret" = {
      owner = "garage";
      group = "garage";
      mode = "0400";
      restartUnits = [ "garage.service" ];
    };
    "garage/admin-token" = {
      owner = "garage";
      group = "garage";
      mode = "0400";
      restartUnits = [ "garage.service" ];
    };
  };
}
add garage 2026-05-02 12:11:02 -04:00			`{`
			`config,`
			`pkgs,`
			`...`
			`}:`

			`let`
			`vars = import ./vars.nix;`
			`basePath = "${vars.primary_minio}/garage";`
			`in`
			`{`
			`services.garage = {`
			`enable = true;`
			`package = pkgs.garage;`
			`logLevel = "info";`
			`settings = {`
			`metadata_dir = "${basePath}/meta";`
			`data_dir = "${basePath}/data";`
			`db_engine = "sqlite";`
			`replication_factor = 1;`

			`rpc_bind_addr = "127.0.0.1:8504";`
			`rpc_public_addr = "127.0.0.1:8504";`
			`rpc_secret_file = config.sops.secrets."garage/rpc-secret".path;`

			`s3_api = {`
			`api_bind_addr = "127.0.0.1:8502";`
			`s3_region = "us-east-1";`
			`root_domain = ".s3.nayeonie.com";`
			`};`

			`admin = {`
			`api_bind_addr = "127.0.0.1:8503";`
			`admin_token_file = config.sops.secrets."garage/admin-token".path;`
			`};`
			`};`
			`};`

			`systemd.tmpfiles.rules = [`
			`"d ${basePath}/meta 0750 garage garage -"`
			`"d ${basePath}/data 0750 garage garage -"`
			`];`

garage fixes 2026-05-05 00:40:12 -04:00			`systemd.services.garage = {`
			`unitConfig.RequiresMountsFor = [`
			`vars.primary_minio`
			`basePath`
			`"${basePath}/meta"`
			`"${basePath}/data"`
			`];`
			`preStart = ''`
			`mkdir -p ${basePath}/meta ${basePath}/data`
garage fixes 2026-05-05 01:04:40 -04:00			`chown -R garage:garage ${basePath}/meta ${basePath}/data`
garage fixes 2026-05-05 00:40:12 -04:00			`'';`
garage fixes 2026-05-05 01:04:40 -04:00			`serviceConfig = {`
			`PermissionsStartOnly = true;`
			`DynamicUser = false;`
			`User = "garage";`
			`Group = "garage";`
			`};`
			`};`

			`users.groups.garage = { };`
			`users.users.garage = {`
			`isSystemUser = true;`
			`group = "garage";`
garage fixes 2026-05-05 00:40:12 -04:00			`};`

add garage 2026-05-02 12:11:02 -04:00			`sops.secrets = {`
garage fixes 2026-05-05 01:08:00 -04:00			`"garage/rpc-secret" = {`
			`owner = "garage";`
			`group = "garage";`
			`mode = "0400";`
			`restartUnits = [ "garage.service" ];`
			`};`
			`"garage/admin-token" = {`
			`owner = "garage";`
			`group = "garage";`
			`mode = "0400";`
			`restartUnits = [ "garage.service" ];`
			`};`
add garage 2026-05-02 12:11:02 -04:00			`};`
			`}`