m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

feat: migrate m3-atlas from MinIO to RustFS

Browse Source 
- Replace minio.nix with rustfs.nix using rustfs-flake NixOS module
- Add rustfs flake input (github:rustfs/rustfs-flake)
- Reuse same ports (API: 3008, Console: 3007) and data dir (/var/storage/s3)
- Add separate agenix secrets for access-key and secret-key
- Keep Traefik routes unchanged (s3.m3tam3re.com, minio.m3tam3re.com)
- MinIO had 6 unfixed CVEs and is abandoned upstream
This commit is contained in:
m3ta-chiron
2026-05-02 11:44:32 +02:00
parent 90e417525b
commit b7dd7f2bf7
8 changed files with 467 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/m3-atlas/secrets.nix
View File

@@ -10,6 +10,8 @@
kestra-env = {file = ../../secrets/kestra-env.age;};
littlelink-m3tam3re = {file = ../../secrets/littlelink-m3tam3re.age;};
minio-root-cred = {file = ../../secrets/minio-root-cred.age;};
rustfs-access-key = {file = ../../secrets/rustfs-access-key.age;};
rustfs-secret-key = {file = ../../secrets/rustfs-secret-key.age;};
n8n-env = {file = ../../secrets/n8n-env.age;};
netbird-auth-secret = {
file = ../../secrets/netbird-auth-secret.age;

2
hosts/m3-atlas/services/default.nix
View File

@@ -4,7 +4,7 @@
./containers
./gitea.nix
./gitea-actions-runner.nix
./minio.nix
./rustfs.nix
./mysql.nix
./netbird.nix
./n8n.nix

31
hosts/m3-atlas/services/minio.nix → hosts/m3-atlas/services/rustfs.nix
View File

@@ -1,14 +1,29 @@
{config, ...}: {
services.minio = {
{
config,
inputs,
pkgs,
...
}: {
services.rustfs = {
enable = true;
region = "eu-central-1";
package = inputs.rustfs.packages.${pkgs.stdenv.hostPlatform.system}.default;
# Reuse existing MinIO data directory
volumes = "/var/storage/s3";
# Keep same ports as MinIO to avoid changing Traefik and client configs
address = ":3008";
consoleEnable = true;
consoleAddress = ":3007";
listenAddress = ":3008";
browser = true;
rootCredentialsFile = config.age.secrets.minio-root-cred.path;
dataDir = ["/var/storage/s3"];
# Credentials via agenix
accessKeyFile = config.age.secrets.rustfs-access-key.path;
secretKeyFile = config.age.secrets.rustfs-secret-key.path;
logLevel = "info";
};
# Traefik configuration specific to minio
# Traefik configuration — same routes as before
services.traefik.dynamicConfigOptions.http = {
services.minio-console.loadBalancer.servers = [
{