Add systemd service to mount garage

2021-12-30 13:27:39 +01:00 · 2021-12-30 13:27:39 +01:00 · a6c4828cb6
commit a6c4828cb6
parent 424e7ae22c
6 changed files with 38 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,3 @@
 notes/
+secrets/*
+!secrets/*.sample
--- a/app/bad.csi-s3/deploy/csi-s3.hcl
+++ b/app/bad.csi-s3/deploy/csi-s3.hcl
--- a/app/im/deploy/im.hcl
+++ b/app/im/deploy/im.hcl
@ -29,7 +29,7 @@ job "im" {

      driver = "docker"
      config {
-        image = "litestream/litestream"
+        image = "litestream/litestream:0.3.7"
        args = [
 		      "restore", "-config", "/etc/litestream.yml", "/ephemeral/homeserver.db"
        ]
@ -109,7 +109,7 @@ job "im" {
    task "replicate-db" {
      driver = "docker"
      config {
-        image = "litestream/litestream"
+        image = "litestream/litestream:0.3.7"
        args = [
 		      "replicate", "-config", "/etc/litestream.yml"
        ]
--- a/configuration.nix
+++ b/configuration.nix
@ -176,6 +176,7 @@ in
    htop
    links
    git
+    rclone
    docker
    docker-compose
  ];
@ -243,6 +244,24 @@ in
    ];
  };

+  # Mount Garage using Rclone
+  systemd.services.mountgarage = {
+    enable = true;
+    description = "Mount the Garage data store";
+    path = [
+      pkgs.fuse
+      pkgs.rclone
+    ];
+    unitConfig = {
+      Type = "simple";
+    };
+    serviceConfig = {
+      ExecStartPre = "${pkgs.bash}/bin/sh -c \"mkdir -p /mnt/garage-staging; fusermount -u /mnt/garage-staging || exit 0\"";
+      ExecStart = "${pkgs.rclone}/bin/rclone --config /root/rclone.conf mount --vfs-cache-mode full --vfs-cache-max-size 1G --cache-dir /root/mountgarage-cache staging: /mnt/garage-staging";
+    };
+    wantedBy = [ "multi-user.target" ];
+  };
+
  # Open ports in the firewall.
  networking.firewall = {
    enable = true;
--- a/deploy.sh
+++ b/deploy.sh
@ -19,10 +19,15 @@ for NIXHOST in $NIXHOSTLIST; do

 	echo "==== DOING $NIXHOST ===="

-	echo "generating NixOS config"
+	echo "Sending NixOS config files"
+
 	cat configuration.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/configuration.nix > /dev/null
 	cat node/$NIXHOST.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/node.nix > /dev/null
 	cat node/$NIXHOST.site.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/site.nix > /dev/null
-	echo "rebuilding NixOS"
+
+	echo "Sending secret files"
+	test -f secrets/rclone.conf && (cat secrets/rclone.conf | ssh -F ssh_config $SSH_DEST sudo tee /root/rclone.conf > /dev/null)
+
+	echo "Rebuilding NixOS"
 	ssh -F ssh_config $SSH_DEST sudo nixos-rebuild switch
 done
--- a/secrets/rclone.conf.sample
+++ b/secrets/rclone.conf.sample
@ -0,0 +1,8 @@
+[staging]
+type = s3
+provider = Other
+env_auth = false
+access_key_id = GK...
+secret_access_key = ...
+endpoint = http://127.0.0.1:3990
+region = garage-staging