Migrate danflix to hetzner

2023-11-19 01:07:45 +00:00
parent 34e893bd68
commit 87ce8e0d1c
12 changed files with 62 additions and 99 deletions
--- a/modules/dungflix/default.nix
+++ b/modules/dungflix/default.nix
@@ -3,21 +3,21 @@
  config,
  ...
 }: let
-  mountdir = "/var/media/dungflix";
+  mountdir = "/var/media/danflix";

  rclone_config = pkgs.writeText "" ''
-    [dungflix]
-    type = b2
+    [danflix-storage-box]
+    type = sftp

-    [dungflix-vault]
+    [danflix-crypto]
    type = crypt
-    remote = dungflix:dungflix-bucket
+    remote = danflix-storage-box:danflix
  '';
 in {
  age.secrets = {
-    dungflix_bucket_account_id.file = ../../secrets/dungflix_bucket_account_id.age;
-    dungflix_bucket_account_key.file = ../../secrets/dungflix_bucket_account_key.age;
-    dungflix_crypt_remote_obscured_pass.file = ../../secrets/dungflix_crypt_remote_obscured_pass.age;
+    danflix_storage_box_crypt_obscured_pw.file = ../../secrets/danflix_storage_box_crypt_obscured_pw.age;
+    danflix_hetzner_storage_box_pub_key.file = ../../secrets/danflix_hetzner_storage_box_pub_key.age;
+    danflix_env_file.file = ../../secrets/danflix_env_file.age;
  };

  services = {
@@ -40,27 +40,27 @@ in {
    MemoryMax = "1G";
  };

-  systemd.services.dungflix-mount = {
-    description = "Mount the Backblaze B2 media store";
+  systemd.services.danflix-mount = {
+    description = "Mount the Hetzner Storage Box media store";
    wantedBy = ["multi-user.target"];
    path = [pkgs.fuse3];
    preStart = ''
      mkdir -p -m 777 ${mountdir}
    '';
+    environment = {
+      "RCLONE_SFTP_KEY_FILE" = config.age.secrets.danflix_hetzner_storage_box_pub_key.path;
+    };
    script = ''
-      export RCLONE_B2_ACCOUNT=''$(cat ${config.age.secrets.dungflix_bucket_account_id.path})
-      export RCLONE_B2_KEY=''$(cat ${config.age.secrets.dungflix_bucket_account_key.path})
-      export RCLONE_CRYPT_PASSWORD=''$(cat ${config.age.secrets.dungflix_crypt_remote_obscured_pass.path})
-      ${pkgs.rclone}/bin/rclone --config="${rclone_config}" mount dungflix-vault: ${mountdir} \
-        --transfers 32 \
-        --vfs-cache-mode full \
-        --vfs-cache-max-age 336h \
-        --vfs-cache-max-size 120G \
-        --allow-other \
-        --no-modtime \
-        --rc \
-        --rc-no-auth \
-        -vv
+      ${pkgs.rclone}/bin/rclone --config="${rclone_config}" mount danflix-crypto: ${mountdir} \
+         --vfs-cache-mode full \
+         --vfs-cache-max-age 336h \
+         --vfs-cache-max-size 60G \
+         --allow-other \
+         --no-modtime \
+         --rc \
+         --rc-addr=localhost:5573 \
+         --rc-no-auth \
+         -v
    '';
    postStart = ''
      sleep 5
@@ -71,6 +71,7 @@ in {
      fusermount -u ${mountdir}
    '';
    serviceConfig = {
+      EnvironmentFile = config.age.secrets.danflix_env_file.path;
      Restart = "on-failure";
    };
  };