From 6128d0ae613122e0fdc9925fd029a9f238b4ea2e Mon Sep 17 00:00:00 2001 From: m3tam3re Date: Sat, 9 May 2026 10:17:14 +0200 Subject: [PATCH] chore: udate m3-atlas --- .beads/hooks/post-checkout | 4 +- .beads/hooks/post-merge | 4 +- .beads/hooks/pre-commit | 4 +- .beads/hooks/pre-push | 4 +- .beads/hooks/prepare-commit-msg | 4 +- .beads/issues.jsonl | 6 +- .gitignore | 2 + flake.lock | 193 +++++------------- flake.nix | 8 +- hosts/m3-atlas/secrets.nix | 2 + hosts/m3-atlas/services/default.nix | 2 +- .../services/{minio.nix => rustfs.nix} | 31 ++- hosts/m3-hermes/services/hermes-agent.nix | 2 +- secrets.nix | 2 + secrets/rustfs-access-key.age | 31 +++ secrets/rustfs-secret-key.age | 32 +++ 16 files changed, 167 insertions(+), 164 deletions(-) rename hosts/m3-atlas/services/{minio.nix => rustfs.nix} (55%) create mode 100644 secrets/rustfs-access-key.age create mode 100644 secrets/rustfs-secret-key.age diff --git a/.beads/hooks/post-checkout b/.beads/hooks/post-checkout index 8740e4f..d485872 100755 --- a/.beads/hooks/post-checkout +++ b/.beads/hooks/post-checkout @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# --- BEGIN BEADS INTEGRATION v1.0.2 --- +# --- BEGIN BEADS INTEGRATION v1.0.3 --- # This section is managed by beads. Do not remove these markers. if command -v bd >/dev/null 2>&1; then export BD_GIT_HOOK=1 @@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then fi if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi fi -# --- END BEADS INTEGRATION v1.0.2 --- +# --- END BEADS INTEGRATION v1.0.3 --- diff --git a/.beads/hooks/post-merge b/.beads/hooks/post-merge index 79487b2..5aa3315 100755 --- a/.beads/hooks/post-merge +++ b/.beads/hooks/post-merge @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# --- BEGIN BEADS INTEGRATION v1.0.2 --- +# --- BEGIN BEADS INTEGRATION v1.0.3 --- # This section is managed by beads. Do not remove these markers. if command -v bd >/dev/null 2>&1; then export BD_GIT_HOOK=1 @@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then fi if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi fi -# --- END BEADS INTEGRATION v1.0.2 --- +# --- END BEADS INTEGRATION v1.0.3 --- diff --git a/.beads/hooks/pre-commit b/.beads/hooks/pre-commit index bae3803..d7ac3d9 100755 --- a/.beads/hooks/pre-commit +++ b/.beads/hooks/pre-commit @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# --- BEGIN BEADS INTEGRATION v1.0.2 --- +# --- BEGIN BEADS INTEGRATION v1.0.3 --- # This section is managed by beads. Do not remove these markers. if command -v bd >/dev/null 2>&1; then export BD_GIT_HOOK=1 @@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then fi if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi fi -# --- END BEADS INTEGRATION v1.0.2 --- +# --- END BEADS INTEGRATION v1.0.3 --- diff --git a/.beads/hooks/pre-push b/.beads/hooks/pre-push index 490f66e..5af9e7b 100755 --- a/.beads/hooks/pre-push +++ b/.beads/hooks/pre-push @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# --- BEGIN BEADS INTEGRATION v1.0.2 --- +# --- BEGIN BEADS INTEGRATION v1.0.3 --- # This section is managed by beads. Do not remove these markers. if command -v bd >/dev/null 2>&1; then export BD_GIT_HOOK=1 @@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then fi if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi fi -# --- END BEADS INTEGRATION v1.0.2 --- +# --- END BEADS INTEGRATION v1.0.3 --- diff --git a/.beads/hooks/prepare-commit-msg b/.beads/hooks/prepare-commit-msg index e10a4fe..f0aec3c 100755 --- a/.beads/hooks/prepare-commit-msg +++ b/.beads/hooks/prepare-commit-msg @@ -1,5 +1,5 @@ #!/usr/bin/env sh -# --- BEGIN BEADS INTEGRATION v1.0.2 --- +# --- BEGIN BEADS INTEGRATION v1.0.3 --- # This section is managed by beads. Do not remove these markers. if command -v bd >/dev/null 2>&1; then export BD_GIT_HOOK=1 @@ -21,4 +21,4 @@ if command -v bd >/dev/null 2>&1; then fi if [ $_bd_exit -ne 0 ]; then exit $_bd_exit; fi fi -# --- END BEADS INTEGRATION v1.0.2 --- +# --- END BEADS INTEGRATION v1.0.3 --- diff --git a/.beads/issues.jsonl b/.beads/issues.jsonl index 16e5be1..5de9830 100644 --- a/.beads/issues.jsonl +++ b/.beads/issues.jsonl @@ -1,3 +1,3 @@ -{"id":"home-profile-restructuring-edz","title":"Create copy-hermes-skills systemd service","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:44:42Z","started_at":"2026-04-26T12:36:30Z","closed_at":"2026-04-26T12:44:42Z","close_reason":"Created systemd service in hosts/m3-hermes/services/hermes-agent.nix - copies skills to /var/lib/hermes/.agents/skills before hermes-agent starts","labels":["hermes-agent","nixos"],"dependencies":[{"issue_id":"home-profile-restructuring-edz","depends_on_id":"home-profile-restructuring-ycz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0} -{"id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkOpencodeSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkOpencodeSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0} -{"id":"home-profile-restructuring-cxa","title":"Verify skills available at /var/lib/hermes/.agents/skills","status":"closed","priority":2,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:50:58Z","started_at":"2026-04-26T12:38:15Z","closed_at":"2026-04-26T12:50:58Z","close_reason":"Manually verified - skills are present at /var/lib/hermes/.agents/skills on m3-hermes","labels":["hermes-agent","testing"],"dependencies":[{"issue_id":"home-profile-restructuring-cxa","depends_on_id":"home-profile-restructuring-edz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0} +{"_type":"issue","id":"home-profile-restructuring-edz","title":"Create copy-hermes-skills systemd service","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:44:42Z","started_at":"2026-04-26T12:36:30Z","closed_at":"2026-04-26T12:44:42Z","close_reason":"Created systemd service in hosts/m3-hermes/services/hermes-agent.nix - copies skills to /var/lib/hermes/.agents/skills before hermes-agent starts","labels":["hermes-agent","nixos"],"dependencies":[{"issue_id":"home-profile-restructuring-edz","depends_on_id":"home-profile-restructuring-ycz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":1,"comment_count":0} +{"_type":"issue","id":"home-profile-restructuring-ycz","title":"Build hermes-agent skills using mkOpencodeSkills","status":"closed","priority":1,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":2,"created_at":"2026-04-26T12:30:09Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:35:15Z","started_at":"2026-04-26T12:31:35Z","closed_at":"2026-04-26T12:35:15Z","close_reason":"Added inputs to module signature and defined hermesSkills via inputs.agents.lib.mkOpencodeSkills with basecamp, anthropic, and kestra external skills. Verified with nixos-rebuild dry-run --flake .#m3-hermes (no errors).","labels":["hermes-agent","nixos"],"dependency_count":0,"dependent_count":1,"comment_count":0} +{"_type":"issue","id":"home-profile-restructuring-cxa","title":"Verify skills available at /var/lib/hermes/.agents/skills","status":"closed","priority":2,"issue_type":"task","assignee":"m3tm3re","owner":"p@m3ta.dev","estimated_minutes":1,"created_at":"2026-04-26T12:30:10Z","created_by":"m3tm3re","updated_at":"2026-04-26T12:50:58Z","started_at":"2026-04-26T12:38:15Z","closed_at":"2026-04-26T12:50:58Z","close_reason":"Manually verified - skills are present at /var/lib/hermes/.agents/skills on m3-hermes","labels":["hermes-agent","testing"],"dependencies":[{"issue_id":"home-profile-restructuring-cxa","depends_on_id":"home-profile-restructuring-edz","type":"blocks","created_at":"2026-04-26T14:30:57Z","created_by":"m3tm3re","metadata":"{}"}],"dependency_count":1,"dependent_count":0,"comment_count":0} diff --git a/.gitignore b/.gitignore index 3231ed5..a84341b 100644 --- a/.gitignore +++ b/.gitignore @@ -26,6 +26,7 @@ Thumbs.db opencode.json # AI agent state +.claude/ .sidecar/ .sidecar-* .sisyphus/ @@ -39,6 +40,7 @@ opencode.json .pi* .worktrees/ docs/plans/ +CLAUDE.md # Beads / Dolt files (added by bd init) .dolt/ diff --git a/flake.lock b/flake.lock index d14aef7..33e4a13 100644 --- a/flake.lock +++ b/flake.lock @@ -126,11 +126,7 @@ }, "basecamp": { "inputs": { - "nixpkgs": [ - "m3ta-home", - "m3ta-nixpkgs", - "nixpkgs" - ] + "nixpkgs": ["m3ta-home", "m3ta-nixpkgs", "nixpkgs"] }, "locked": { "lastModified": 1774505501, @@ -149,10 +145,7 @@ }, "basecamp_2": { "inputs": { - "nixpkgs": [ - "m3ta-nixpkgs", - "nixpkgs" - ] + "nixpkgs": ["m3ta-nixpkgs", "nixpkgs"] }, "locked": { "lastModified": 1774505501, @@ -171,14 +164,8 @@ }, "blueprint": { "inputs": { - "nixpkgs": [ - "llm-agents", - "nixpkgs" - ], - "systems": [ - "llm-agents", - "systems" - ] + "nixpkgs": ["llm-agents", "nixpkgs"], + "systems": ["llm-agents", "systems"] }, "locked": { "lastModified": 1776249299, @@ -196,22 +183,10 @@ }, "bun2nix": { "inputs": { - "flake-parts": [ - "llm-agents", - "flake-parts" - ], - "nixpkgs": [ - "llm-agents", - "nixpkgs" - ], - "systems": [ - "llm-agents", - "systems" - ], - "treefmt-nix": [ - "llm-agents", - "treefmt-nix" - ] + "flake-parts": ["llm-agents", "flake-parts"], + "nixpkgs": ["llm-agents", "nixpkgs"], + "systems": ["llm-agents", "systems"], + "treefmt-nix": ["llm-agents", "treefmt-nix"] }, "locked": { "lastModified": 1777369708, @@ -230,10 +205,7 @@ }, "darwin": { "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] + "nixpkgs": ["agenix", "nixpkgs"] }, "locked": { "lastModified": 1744478979, @@ -252,11 +224,7 @@ }, "darwin_2": { "inputs": { - "nixpkgs": [ - "m3ta-home", - "agenix", - "nixpkgs" - ] + "nixpkgs": ["m3ta-home", "agenix", "nixpkgs"] }, "locked": { "lastModified": 1744478979, @@ -275,9 +243,7 @@ }, "disko": { "inputs": { - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": ["nixpkgs"] }, "locked": { "lastModified": 1777713215, @@ -295,10 +261,7 @@ }, "flake-parts": { "inputs": { - "nixpkgs-lib": [ - "hermes-agent", - "nixpkgs" - ] + "nixpkgs-lib": ["hermes-agent", "nixpkgs"] }, "locked": { "lastModified": 1772408722, @@ -316,10 +279,7 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": [ - "llm-agents", - "nixpkgs" - ] + "nixpkgs-lib": ["llm-agents", "nixpkgs"] }, "locked": { "lastModified": 1777988971, @@ -337,11 +297,7 @@ }, "flake-parts_3": { "inputs": { - "nixpkgs-lib": [ - "m3ta-home", - "nur", - "nixpkgs" - ] + "nixpkgs-lib": ["m3ta-home", "nur", "nixpkgs"] }, "locked": { "lastModified": 1733312601, @@ -359,10 +315,7 @@ }, "flake-parts_4": { "inputs": { - "nixpkgs-lib": [ - "nur", - "nixpkgs" - ] + "nixpkgs-lib": ["nur", "nixpkgs"] }, "locked": { "lastModified": 1733312601, @@ -422,10 +375,7 @@ }, "home-manager": { "inputs": { - "nixpkgs": [ - "agenix", - "nixpkgs" - ] + "nixpkgs": ["agenix", "nixpkgs"] }, "locked": { "lastModified": 1745494811, @@ -443,9 +393,7 @@ }, "home-manager_2": { "inputs": { - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": ["nixpkgs"] }, "locked": { "lastModified": 1778248595, @@ -463,10 +411,7 @@ }, "home-manager_3": { "inputs": { - "nixpkgs": [ - "hyprpanel", - "nixpkgs" - ] + "nixpkgs": ["hyprpanel", "nixpkgs"] }, "locked": { "lastModified": 1750798083, @@ -484,11 +429,7 @@ }, "home-manager_4": { "inputs": { - "nixpkgs": [ - "m3ta-home", - "agenix", - "nixpkgs" - ] + "nixpkgs": ["m3ta-home", "agenix", "nixpkgs"] }, "locked": { "lastModified": 1745494811, @@ -506,10 +447,7 @@ }, "home-manager_5": { "inputs": { - "nixpkgs": [ - "m3ta-home", - "nixpkgs" - ] + "nixpkgs": ["m3ta-home", "nixpkgs"] }, "locked": { "lastModified": 1778248595, @@ -527,10 +465,7 @@ }, "hyprlang": { "inputs": { - "nixpkgs": [ - "rose-pine-hyprcursor", - "nixpkgs" - ], + "nixpkgs": ["rose-pine-hyprcursor", "nixpkgs"], "systems": "systems_5" }, "locked": { @@ -596,9 +531,7 @@ "home-manager": "home-manager_5", "m3ta-nixpkgs": "m3ta-nixpkgs", "nix-colors": "nix-colors", - "nixpkgs": [ - "nixpkgs" - ], + "nixpkgs": ["nixpkgs"], "nur": "nur" }, "locked": { @@ -619,10 +552,7 @@ "inputs": { "agents": "agents_2", "basecamp": "basecamp", - "nixpkgs": [ - "m3ta-home", - "nixpkgs" - ], + "nixpkgs": ["m3ta-home", "nixpkgs"], "nixpkgs-master": "nixpkgs-master", "openspec": "openspec" }, @@ -1054,10 +984,7 @@ }, "npm-lockfile-fix": { "inputs": { - "nixpkgs": [ - "hermes-agent", - "nixpkgs" - ] + "nixpkgs": ["hermes-agent", "nixpkgs"] }, "locked": { "lastModified": 1775903712, @@ -1095,9 +1022,7 @@ "nur_2": { "inputs": { "flake-parts": "flake-parts_4", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": ["nixpkgs"] }, "locked": { "lastModified": 1778308643, @@ -1115,11 +1040,7 @@ }, "openspec": { "inputs": { - "nixpkgs": [ - "m3ta-home", - "m3ta-nixpkgs", - "nixpkgs" - ] + "nixpkgs": ["m3ta-home", "m3ta-nixpkgs", "nixpkgs"] }, "locked": { "lastModified": 1778120451, @@ -1137,10 +1058,7 @@ }, "openspec_2": { "inputs": { - "nixpkgs": [ - "m3ta-nixpkgs", - "nixpkgs" - ] + "nixpkgs": ["m3ta-nixpkgs", "nixpkgs"] }, "locked": { "lastModified": 1778120451, @@ -1158,10 +1076,7 @@ }, "pyproject-build-systems": { "inputs": { - "nixpkgs": [ - "hermes-agent", - "nixpkgs" - ], + "nixpkgs": ["hermes-agent", "nixpkgs"], "pyproject-nix": "pyproject-nix", "uv2nix": "uv2nix" }, @@ -1181,11 +1096,7 @@ }, "pyproject-nix": { "inputs": { - "nixpkgs": [ - "hermes-agent", - "pyproject-build-systems", - "nixpkgs" - ] + "nixpkgs": ["hermes-agent", "pyproject-build-systems", "nixpkgs"] }, "locked": { "lastModified": 1769936401, @@ -1203,10 +1114,7 @@ }, "pyproject-nix_2": { "inputs": { - "nixpkgs": [ - "hermes-agent", - "nixpkgs" - ] + "nixpkgs": ["hermes-agent", "nixpkgs"] }, "locked": { "lastModified": 1772865871, @@ -1224,11 +1132,7 @@ }, "pyproject-nix_3": { "inputs": { - "nixpkgs": [ - "hermes-agent", - "uv2nix", - "nixpkgs" - ] + "nixpkgs": ["hermes-agent", "uv2nix", "nixpkgs"] }, "locked": { "lastModified": 1771518446, @@ -1265,6 +1169,7 @@ "nixpkgs-stable": "nixpkgs-stable", "nur": "nur_2", "rose-pine-hyprcursor": "rose-pine-hyprcursor", + "rustfs": "rustfs", "skills-anthropic": "skills-anthropic", "skills-basecamp": "skills-basecamp", "skills-kestra": "skills-kestra", @@ -1292,6 +1197,24 @@ "type": "github" } }, + "rustfs": { + "inputs": { + "nixpkgs": ["nixpkgs"] + }, + "locked": { + "lastModified": 1777635550, + "narHash": "sha256-QHknn6JYNb4+8ztMl7Ngk3Px3r2FRUPwbbrswYuHSpA=", + "owner": "rustfs", + "repo": "rustfs-flake", + "rev": "efaad834053c41ac618804fb4e7612cea455848e", + "type": "github" + }, + "original": { + "owner": "rustfs", + "repo": "rustfs-flake", + "type": "github" + } + }, "skills-anthropic": { "flake": false, "locked": { @@ -1464,10 +1387,7 @@ }, "treefmt-nix": { "inputs": { - "nixpkgs": [ - "llm-agents", - "nixpkgs" - ] + "nixpkgs": ["llm-agents", "nixpkgs"] }, "locked": { "lastModified": 1775636079, @@ -1503,11 +1423,7 @@ }, "uv2nix": { "inputs": { - "nixpkgs": [ - "hermes-agent", - "pyproject-build-systems", - "nixpkgs" - ], + "nixpkgs": ["hermes-agent", "pyproject-build-systems", "nixpkgs"], "pyproject-nix": [ "hermes-agent", "pyproject-build-systems", @@ -1530,10 +1446,7 @@ }, "uv2nix_2": { "inputs": { - "nixpkgs": [ - "hermes-agent", - "nixpkgs" - ], + "nixpkgs": ["hermes-agent", "nixpkgs"], "pyproject-nix": "pyproject-nix_3" }, "locked": { diff --git a/flake.nix b/flake.nix index 3604a86..1f2744e 100644 --- a/flake.nix +++ b/flake.nix @@ -74,6 +74,11 @@ flake = false; }; hermes-agent.url = "github:NousResearch/hermes-agent/v2026.5.7"; + + rustfs = { + url = "github:rustfs/rustfs-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { @@ -99,7 +104,7 @@ in { packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system}); - overlays = builtins.removeAttrs allOverlays ["mkLlmAgentsOverlay"]; + overlays = removeAttrs allOverlays ["mkLlmAgentsOverlay"]; lib.mkLlmAgentsOverlay = allOverlays.mkLlmAgentsOverlay; homeManagerModules = import ./modules/home-manager; @@ -127,6 +132,7 @@ inputs.disko.nixosModules.disko agenix.nixosModules.default m3ta-nixpkgs.nixosModules.default + inputs.rustfs.nixosModules.rustfs ]; }; m3-kratos = nixpkgs.lib.nixosSystem { diff --git a/hosts/m3-atlas/secrets.nix b/hosts/m3-atlas/secrets.nix index 1a8e166..35fc004 100644 --- a/hosts/m3-atlas/secrets.nix +++ b/hosts/m3-atlas/secrets.nix @@ -10,6 +10,8 @@ kestra-env = {file = ../../secrets/kestra-env.age;}; littlelink-m3tam3re = {file = ../../secrets/littlelink-m3tam3re.age;}; minio-root-cred = {file = ../../secrets/minio-root-cred.age;}; + rustfs-access-key = {file = ../../secrets/rustfs-access-key.age;}; + rustfs-secret-key = {file = ../../secrets/rustfs-secret-key.age;}; n8n-env = {file = ../../secrets/n8n-env.age;}; netbird-auth-secret = { file = ../../secrets/netbird-auth-secret.age; diff --git a/hosts/m3-atlas/services/default.nix b/hosts/m3-atlas/services/default.nix index 806e523..bdca969 100644 --- a/hosts/m3-atlas/services/default.nix +++ b/hosts/m3-atlas/services/default.nix @@ -4,7 +4,7 @@ ./containers ./gitea.nix ./gitea-actions-runner.nix - ./minio.nix + ./rustfs.nix ./mysql.nix ./netbird.nix ./n8n.nix diff --git a/hosts/m3-atlas/services/minio.nix b/hosts/m3-atlas/services/rustfs.nix similarity index 55% rename from hosts/m3-atlas/services/minio.nix rename to hosts/m3-atlas/services/rustfs.nix index 889c1df..d42e37d 100644 --- a/hosts/m3-atlas/services/minio.nix +++ b/hosts/m3-atlas/services/rustfs.nix @@ -1,14 +1,29 @@ -{config, ...}: { - services.minio = { +{ + config, + inputs, + pkgs, + ... +}: { + services.rustfs = { enable = true; - region = "eu-central-1"; + package = inputs.rustfs.packages.${pkgs.stdenv.hostPlatform.system}.default; + + # Reuse existing MinIO data directory + volumes = "/var/storage/s3"; + + # Keep same ports as MinIO to avoid changing Traefik and client configs + address = ":3008"; + consoleEnable = true; consoleAddress = ":3007"; - listenAddress = ":3008"; - browser = true; - rootCredentialsFile = config.age.secrets.minio-root-cred.path; - dataDir = ["/var/storage/s3"]; + + # Credentials via agenix + accessKeyFile = config.age.secrets.rustfs-access-key.path; + secretKeyFile = config.age.secrets.rustfs-secret-key.path; + + logLevel = "info"; }; - # Traefik configuration specific to minio + + # Traefik configuration — same routes as before services.traefik.dynamicConfigOptions.http = { services.minio-console.loadBalancer.servers = [ { diff --git a/hosts/m3-hermes/services/hermes-agent.nix b/hosts/m3-hermes/services/hermes-agent.nix index 51dbca4..f81ab8c 100644 --- a/hosts/m3-hermes/services/hermes-agent.nix +++ b/hosts/m3-hermes/services/hermes-agent.nix @@ -78,7 +78,7 @@ in { enable = true; addToSystemPackages = true; - extraPackages = with pkgs; [docker git tea]; + extraPackages = with pkgs; [docker git tea nix]; # Secrets via agenix environmentFiles = [ diff --git a/secrets.nix b/secrets.nix index d421e14..de36853 100644 --- a/secrets.nix +++ b/secrets.nix @@ -23,6 +23,8 @@ in { "secrets/kestra-config.age".publicKeys = systems ++ users; "secrets/kestra-env.age".publicKeys = systems ++ users; "secrets/minio-root-cred.age".publicKeys = systems ++ users; + "secrets/rustfs-access-key.age".publicKeys = systems ++ users; + "secrets/rustfs-secret-key.age".publicKeys = systems ++ users; "secrets/n8n-env.age".publicKeys = systems ++ users; "secrets/netbird-auth-secret.age".publicKeys = systems ++ users; "secrets/netbird-db-password.age".publicKeys = systems ++ users; diff --git a/secrets/rustfs-access-key.age b/secrets/rustfs-access-key.age new file mode 100644 index 0000000..58e125c --- /dev/null +++ b/secrets/rustfs-access-key.age @@ -0,0 +1,31 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBnRjhF +SHhTS2YrOHF1OWM1Zm04elkzVWpST0hhN0RhOWZBZGpBYmNTVnk4Cm9SMm5NcWdV +Rnh0TVpqTlFSaGtaMnBrSGorUEhDd1RibWs1VUt5RGtqaVEKLT4gc3NoLWVkMjU1 +MTkgNWt3Y3NBIFV5OWhMU204L25nR3ZLOWl1a1ppZkUvcTNJTDhlNmE3eXpJMjRL +NWdsWDQKNGhVYUhwRWRndjFYVEVIT3N2WE1WVncyV1Q1Q1BoNkhraVU5Q2s4UmtB +OAotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgVkRwdGtHVTlTMUVMOFZrdUNHZHc5UWo3 +WWtRaXJPY0p2QWZOUEtjWDVCYwpYQmh3ejdLOWdmM3dZbWJuRU1EYlRYZ2tJL3VY +OURUKzhRY2dtcVRQZnBnCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyAyOFI4YllyWlox +V09BbERmRm4yd1Y5dlh0UGphK05DMGpsWXJQTmwrVlRVCjdqNE4yVHFKWFV3NXlr +bm40M1BpNGNNNDdJOXMyak5EUWdMa0hrb3lJY3cKLT4gc3NoLWVkMjU1MTkgYzRO +UWxBICsxb3poQit6VGRtWmZXUWUxMmRGWUN6RGVOeUxEZjdvZldTTE5XSFpDRVkK +bFNWLzFpazJLM0Q2R0NKU2FaS25ldEQ1RUZQM2RpektaT1NhRnJtS0JFcwotPiBz +c2gtcnNhIERRbEU3dwpFMVdKYnhiTWF4MCtJMFNHVGtOZGNBdlVDYWRRR252dVd6 +NW1vNFRtbENLbHB2cHo1aE43M3RiZGh1QkVQVzBECjlvRnhYbjlpWWFFTEFFc1cw +NjFVSENsVWJHdWdGV3ZEY2tOcXkvUm9SSFE4VWw5eHVUSnV6SmxCRU9TNUdpRjMK +aGNhdHcvay85N0ZQNksydEhkcXNkc0h6dkRMRXlzUCtNNGM1V2tXb28wQ05valBH +TUdJa3V1bEdYRUZveFNwbwpIbWRnZmtQMDREd08rRkx3OERwRVZZNVlnSXlNNlFH +SkFoQWVEN1NzL0lqeVkvZllPdUkvbWZkU2NxNjQyYTIvCnJ4QmZ1SlpGNkp3UXFD +SUdFMFY5RWVadTd5QmM1U2tIZ3dLQ2ZZKzF0WTE3K09aN3FYWUVBYkErVlNpblNU +QzgKNENEZStFeitaYmE5Q1MyQ0lWSFlZb2hJdlBVNkhUUjBFWkxsWmZqdHNYb3Fk +VVJMMzg2V2xWdnNCNndGSWdpbAoyUHZ1WXR5UG04ZmZOdVluU2J6VUhKZ0xMZ0lS +R3YrY3RIRHJCby8yVWxIMWpGNWlJK1h4eXdRUXExT3pleWc3CnRmQVl1Yk1IUUFJ +blNoUGxVUUlVOG9FSE5CMDVidmZhSWJmWTFsY0lFcWpZU213cmcxNzFvb29XaklC +MnhpSkwKCi0+IHNzaC1lZDI1NTE5IENTTXloZyBOMDNYdGlvL3Y5QUp2YlNlUDZu +RXFyTkFWbFFsN1oweEErSS9Ccmh0WmwwClpzTWw1aXNqVXdaTVFrTTJ6Y0FWbVpR +TXk4cTNUUElkeGF1VUZ0U3RWcEEKLT4gTyUkcSZASGstZ3JlYXNlCnYwSGdsbE5h +d2JLOAotLS0gcjB3WU1rNDhBY1VxalpBNVJRSTJFZ0NhWEZlSW15UHphMnRHTjBj +aGptRQpiZ/2f41GnSHdg+EXeRwxHOHc/RNfEwlKhEB/Weq8tQ2Xf/jJ21WiWsTIm +g7Sq9EO6JyYMTJ/qlccpytfkU/qkouyR+z3prQcP7NWTcg== +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/rustfs-secret-key.age b/secrets/rustfs-secret-key.age new file mode 100644 index 0000000..f941274 --- /dev/null +++ b/secrets/rustfs-secret-key.age @@ -0,0 +1,32 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDROTEtydyBQd3FZ +dUFYOFhoUGdBejZKYjRnVmNvYU85LzdJS1lVZFNRS3pTeS9hT0c4Cndwc3pHdStQ +N1QvU0NSbGJhNEJCOE83eThhSFBrbDJPU0tDbmhIM3lwcjQKLT4gc3NoLWVkMjU1 +MTkgNWt3Y3NBIHdaS3UvRUdFb3pITmZGdTNEaUtXdnlUMWFuNk5ZcFV0VVIwNllN +S2c5Rm8KV0x3Z2NjcUdLWmFEUExDT2EwbjFhQ2Y2TXNoaUc1d052RnJmM3VOSDVr +VQotPiBzc2gtZWQyNTUxOSA5ZDRZSVEgOG1URGlNekltV0YyQ2Y2NFdPL2tSWDlG +UnNLc2wrSllNWFd6aU9LWGN3YwpXUEthT3NNVHZJMUJndiswUVNFNWZjZnBDS3ZH +dXBJV1FSNEpPRGxQd0JrCi0+IHNzaC1lZDI1NTE5IDNCY3IxdyAvSTlFMitYZFVQ +ZER6ZDI5OEorTE5TRTdlcllPSmpkUjU5SkV2N0xQY1JBCmJPNFN5NEovdHBVVDRl +T0czS0g2dEgyTXhIMmtJVFRONDQ3enpLbFhJT3MKLT4gc3NoLWVkMjU1MTkgYzRO +UWxBIDBUV2RYajBTMkZ4WnV4ZUVCeHFZay9vRGR2dkcxaXBPOWxsZ05IZm1KVDAK +am56blp1ajlzc0NSYjY5NFdGNlNzQ0NNQzZPeVRtWTc1Z0lEYzc2TGNFMAotPiBz +c2gtcnNhIERRbEU3dwpOMGowMWFoRzhsTGp0U0RqeHUyckZvQU9EVkQxUXE1b0U0 +N2hPU2NZY2huNm5kREg5SExCZGYzaTUwdWs4MjlsCjhONjVOWnZDZjFRU2k2K2Uz +dnVmWVd5MCt6bFk4UVU3UEdsWXZMOHlZMktzWWR4SFJ6Vzh4dDFpYWNYRVQ2UmsK +aW5iODV0WDYyQWN4K1ROZUVjdE40MGlxZDlXdnZVRVZBc04zdVRaOE9RTUJPUWxa +YnJjZEg3OGcxNHVEVkR0MgpGUWh6NHV4WTcxUEZwUU52QkdsOE5hZy9XWFpjQUFP +bDZzUjd3ZXFTTmpDN3ViZ0dpL3BOTFpBL3k2aUs3Qm9HCkVDeXZ2M0dQcWJwaXdm +N2E1R2pjcWY2V1dYaEFNMVc3MG9ndDRLd0tVdkxHSUxwL2REazE2Unc1Z3JjUHJh +NDgKamVqZjdkU0hCTVhqcjRsL1NtYkxxd3BId0lsRTRRUTNrZ05mcE1ZRkFSUlBW +VVdkd2VSNzJMQVJEM2QyVkMzSQoxRGVOOUtzdGVOMTBLVk8zN2xjT3lvYm0vSXpQ +VElTaS84SUxIekVybGYxV0ttZldVWHhyVVEvdzRFK3RibVFGCjV3bzltRjFTb0pu +bGJQaTJ1Mlgxd0hNN2VvS0p3eDd4WHNkaTkwV3MwWTdLWUxnNzJjLzBBZzZsck5h +Zk1UUDcKCi0+IHNzaC1lZDI1NTE5IENTTXloZyByQ1cwWm50UTY1bkp2NWZFeFVU +T0htZDFWUUFsdlBSOVVNY3RTZnNwdjE0CjBySlExb1dnTGJKZy9MT25Oa2hZdDJZ +Um9PZWlpOVA5bTBRM2wvVHJJaG8KLT4gWS1ncmVhc2UgWydtCnF4dzJjR2luMHBS +S2p3bUE2bVl2R2FaQ2hRK3greGMKLS0tIDhSdFFGaGlGRVV2VFZKcTNWYnNtbUQr +blprSjUyMjJwQkhBbVBCTmVhQ0kKUITtRYOYPDGGQlKrEp/JVUP8jTcptZxVaVcd +AmxviaG76EuXQeK/VgrGKoi+bZwHbpCbXBT2H8DBuSPgXdG3aQDQn2QgZylMnhmM +wzU= +-----END AGE ENCRYPTED FILE-----