m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
b7dd7f2bf7d155add3a3d2e99f5285f6e7ed6579
nixos-config/hosts/m3-atlas/services/rustfs.nix
m3ta-chiron b7dd7f2bf7 feat: migrate m3-atlas from MinIO to RustFS 
- Replace minio.nix with rustfs.nix using rustfs-flake NixOS module
- Add rustfs flake input (github:rustfs/rustfs-flake)
- Reuse same ports (API: 3008, Console: 3007) and data dir (/var/storage/s3)
- Add separate agenix secrets for access-key and secret-key
- Keep Traefik routes unchanged (s3.m3tam3re.com, minio.m3tam3re.com)
- MinIO had 6 unfixed CVEs and is abandoned upstream
2026-05-02 11:44:32 +02:00

57 lines
1.3 KiB
Nix
Raw Blame History

{
config,
inputs,
pkgs,
...
}: {
services.rustfs = {
enable = true;
package = inputs.rustfs.packages.${pkgs.stdenv.hostPlatform.system}.default;
# Reuse existing MinIO data directory
volumes = "/var/storage/s3";
# Keep same ports as MinIO to avoid changing Traefik and client configs
address = ":3008";
consoleEnable = true;
consoleAddress = ":3007";
# Credentials via agenix
accessKeyFile = config.age.secrets.rustfs-access-key.path;
secretKeyFile = config.age.secrets.rustfs-secret-key.path;
logLevel = "info";
};
# Traefik configuration — same routes as before
services.traefik.dynamicConfigOptions.http = {
services.minio-console.loadBalancer.servers = [
{
url = "http://localhost:3007/";
}
];
services.minio.loadBalancer.servers = [
{
url = "http://localhost:3008/";
}
];
routers.minio = {
rule = "Host(`s3.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "minio";
entrypoints = "websecure";
};
routers.minio-console = {
rule = "Host(`minio.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "minio-console";
entrypoints = "websecure";
};
};
}
Reference in New Issue View Git Blame Copy Permalink