dotfiles/meta/linode/subterranean-animism/minio.nix

{ config, pkgs, ... }:

let
  private = import ./private.nix;
  minioCredentialsFile = "/etc/nixos/minio-credentials";
in {
  environment.systemPackages = with pkgs; [
    minio-client
  ];

  # https://github.com/NixOS/nixpkgs/blob/nixos-21.11/nixos/modules/services/web-servers/minio.nix
  services.minio = {
    enable = true;
    rootCredentialsFile = minioCredentialsFile;
  };

  services.nginx = {
    virtualHosts."${private.minioHost}" = {
      addSSL = true;
      enableACME = true;

      extraConfig = ''
        # To allow special characters in headers
        ignore_invalid_headers off;
        # Allow any size file to be uploaded.
        # Set to a value such as 1000m; to restrict file size to a specific value
        client_max_body_size 0;
        # To disable buffering
        proxy_buffering off;
      '';

      locations."/" = {
        proxyPass = "http://localhost:9001";
        extraConfig = ''
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header Host $host;

          proxy_connect_timeout 300;
          # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
          proxy_http_version 1.1;
          proxy_set_header Connection "";
          chunked_transfer_encoding off;
        '';
      };
    };
  };
}
[meta] get started on subterranean-animism 3 years ago			`{ config, pkgs, ... }:`

			`let`
			`private = import ./private.nix;`
			`minioCredentialsFile = "/etc/nixos/minio-credentials";`
			`in {`
			`environment.systemPackages = with pkgs; [`
			`minio-client`
			`];`

			`# https://github.com/NixOS/nixpkgs/blob/nixos-21.11/nixos/modules/services/web-servers/minio.nix`
			`services.minio = {`
			`enable = true;`
			`rootCredentialsFile = minioCredentialsFile;`
			`};`

			`services.nginx = {`
			`virtualHosts."${private.minioHost}" = {`
			`addSSL = true;`
			`enableACME = true;`

			`extraConfig = ''`
			`# To allow special characters in headers`
			`ignore_invalid_headers off;`
			`# Allow any size file to be uploaded.`
			`# Set to a value such as 1000m; to restrict file size to a specific value`
			`client_max_body_size 0;`
			`# To disable buffering`
			`proxy_buffering off;`
			`'';`

			`locations."/" = {`
			`proxyPass = "http://localhost:9001";`
			`extraConfig = ''`
			`proxy_set_header X-Real-IP $remote_addr;`
			`proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto $scheme;`
			`proxy_set_header Host $host;`

			`proxy_connect_timeout 300;`
			`# Default is HTTP/1, keepalive is only enabled in HTTP/1.1`
			`proxy_http_version 1.1;`
			`proxy_set_header Connection "";`
			`chunked_transfer_encoding off;`
			`'';`
			`};`
			`};`
			`};`
			`}`