From d4b034c8704293af024889e09c4440729888bcbb Mon Sep 17 00:00:00 2001
From: ahuston-0 <aliceghuston@gmail.com>
Date: Mon, 24 Jun 2024 20:22:39 -0400
Subject: [PATCH] add minio

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
---
 systems/palatine-hill/configuration.nix |  1 +
 systems/palatine-hill/minio.nix         | 24 ++++++++++++++++++++++++
 systems/palatine-hill/secrets.yaml      |  6 ++++--
 3 files changed, 29 insertions(+), 2 deletions(-)
 create mode 100644 systems/palatine-hill/minio.nix

diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix
index b9712cc..dac0950 100644
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@@ -9,6 +9,7 @@
     ./attic.nix
     ./docker.nix
     ./hydra.nix
+    ./minio.nix
     ./networking.nix
     ./nextcloud.nix
     ./zfs.nix
diff --git a/systems/palatine-hill/minio.nix b/systems/palatine-hill/minio.nix
new file mode 100644
index 0000000..edc3396
--- /dev/null
+++ b/systems/palatine-hill/minio.nix
@@ -0,0 +1,24 @@
+{ config, ... }:
+
+let
+  base_path = "/ZFS/ZFS-primary/minio";
+in
+{
+  services.minio = {
+    enable = true;
+    credentialsFile = config.sops.secrets."minio/credentials".path;
+    listAddress = ":8500";
+    dataDir = [ "${base_path}/data" ];
+    consoleAddress = ":8501";
+    configDir = "${base_path}/config";
+  };
+
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      "minio/credentials" = {
+        owner = "minio";
+      };
+    };
+  };
+}
diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml
index a078954..0787d53 100644
--- a/systems/palatine-hill/secrets.yaml
+++ b/systems/palatine-hill/secrets.yaml
@@ -9,6 +9,8 @@ postgres:
     init: ENC[AES256_GCM,data:Pq24kdMXLAbePqIHPiJx3xXYEm2UbY598iNDf+z2k1HDhStHAd10CCyJYEgppCw2lkDNY54A3PQ=,iv:RE9DQ9Xw4tDFBD67dk3ggyqYqoGVhZf5kO53WoF3fJ4=,tag:dZwZfgI2H9JTClkyUI1MqQ==,type:str]
 upsmon:
     password: ENC[AES256_GCM,data:0tZKzQOYaij9jdnDTv61ma8i,iv:GEqlCOOUHTjUzfz+X5lCnqcX9SjAG6bVc8Luv97wnSg=,tag:XLvsucW6sIMHKG2AHmxZEw==,type:str]
+minio:
+    credentials: ENC[AES256_GCM,data:b14PLOUvJOUV+0Etdle4xJbOn5Pq5LNEqdJwuvixw+uN7wM955PQzJ0NdK0OBzCi9aozLLDYvjjYmA==,iv:9LELjvzT4J07thcjmc9WZG+UT7nEtEE982/nH9eWQfw=,tag:aDr2BctLZq7xcsgbjAQqDA==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -24,8 +26,8 @@ sops:
             bTdhU1VVMWdWVzBkTDB4MkxFcWtQSTQKsASNOoF5NjJLIedaBUWCMx1uJziEZZSx
             AlaF0gp4bNP4G58rndIe8XtsM10BseGvM512kMGWd3XbQPz3firk5w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-04-28T00:49:06Z"
-    mac: ENC[AES256_GCM,data:qWRMwTPmLiEMRJEpEU1WIrN6+gPQzWjn08JZfdbmqEqZGKLgQOkFnskbUtApj6xGtziDEIgSY7IKPmG2DjbQHO4C3u2TeRr9du37QNtTJPqV1gdLhkNx7uWniXTxn2/c+POiRA6qPy5j/q4+kVt9RCGp2q8LmUeYAGTtgfuBr1o=,iv:BxNMhRP21GNiL7OEs+pHuA8zsd914ELoJuO5nRX2kcA=,tag:qRZ9+eDfM/uyA6sk/6bhqg==,type:str]
+    lastmodified: "2024-06-25T00:21:49Z"
+    mac: ENC[AES256_GCM,data:wKPCV/qJqbaX3KQV3NezNf/1MrCOqncl9xUu5bzzsUCA4hPR1Hzc+FNbvwBHYmCUxBtNZFi7UP1cNWOy6drzZwWFUZAkNIgzadfnwsCEeJm5R/5PDPPqRBFZ3dUrfxBXscUpApouhECBTAKGLqW16PrU5GWWOB/i0GAwPp0iHc0=,iv:li5SBTONcw2mOayXinRY46jCOtISxdBOKinSYfqVDLU=,tag:aSIWdKmDuVfwvDTDZMOK0Q==,type:str]
     pgp:
         - created_at: "2024-06-19T16:27:11Z"
           enc: |-