Initial work on switching to garage

.env.example

@@ -148,3 +148,24 @@ PIPE_PROTOCOL=http
 PIPE_DEBUG=1
 
 TUNS_CONSOLE_SECRET=
+
+GARAGE_CADDYFILE=./caddy/Caddyfile.garage
+GARAGE_METRICS_TOKEN=secret
+GARAGE_ADMIN_TOKEN=secret
+
+# Garage requires a random secret for the RPC server. This was generated with:
+# openssl rand -hex 32
+# A different one is used in production.
+GARAGE_RPC_SECRET=69da4443f998314dfda3341ceb77205316a36e2323599f6932fba2c21185c7ef
+
+# For the garage webui
+API_ADMIN_KEY=${GARAGE_ADMIN_TOKEN}
+API_BASE_URL="http://garage:3903"
+S3_ENDPOINT_URL="http://garage:3900"
+
+# Configure the storage type. These are dev only fixtures.
+STORAGE_TYPE=garage
+GARAGE_URL=http://garage:3900
+GARAGE_ADMIN_URL=http://garage:3903
+GARAGE_ROOT_USER=GK03c0bc4880d00a540d929ee9
+GARAGE_ROOT_PASSWORD=88a01d80ba28c04f2c7013445506bdcd883cb44aa32e63731bcd42971697f171

.github/actions/test/action.yml

@@ -17,5 +17,5 @@ runs:
     - name: Run tests
       shell: bash
       run: |
-        PICO_SECRET="danger" go test -v ./... -cover -race -coverprofile=coverage.out
+        STORAGE_TYPE="memory" PICO_SECRET="danger" go test -v ./... -cover -race -coverprofile=coverage.out
         go tool cover -func=coverage.out -o=coverage.out

Makefile

@@ -3,6 +3,7 @@ PGHOST?="db"
 PGUSER?="postgres"
 PORT?="5432"
 DB_CONTAINER?=pico-postgres-1
+GARAGE_CONTAINER?=pico-garage-1
 DOCKER_TAG?=$(shell git log --format="%H" -n 1)
 DOCKER_PLATFORM?=linux/amd64,linux/arm64
 DOCKER_CMD?=docker
@@ -25,9 +26,13 @@ lint:
 .PHONY: lint
 
 test:
-	go test ./...
+	STORAGE_TYPE="memory" go test ./...
 .PHONY: test
 
+test_storage:
+	go run ./cmd/scripts/storage
+.PHONY:
+
 snaps:
 	UPDATE_SNAPS=true go test ./...
 .PHONY: snaps
@@ -149,3 +154,26 @@ restore:
 	$(DOCKER_CMD) exec -it $(DB_CONTAINER) /bin/bash
 	# psql postgres -U postgres -d pico < /backup.sql
 .PHONY: restore
+
+dev-db-up:
+	$(DOCKER_CMD) compose --profile db up -d
+	sleep 2
+	make create migrate
+	make setup-dev-garage
+.PHONY: dev-db-up
+
+dev-db-down:
+	$(DOCKER_CMD) compose --profile db down
+.PHONY: dev-db-down
+
+setup-dev-db:
+	$(DOCKER_CMD) exec $(GARAGE_CONTAINER) /garage layout assign -z ash -c 10G $(shell $(DOCKER_CMD) exec $(GARAGE_CONTAINER) /garage status 2>&1 | grep -A 1 ID | tail -n1 | awk '{print $$1}')
+	$(DOCKER_CMD) exec $(GARAGE_CONTAINER) /garage layout apply --version 1
+.PHONY: setup-dev-db
+
+setup-dev-garage:
+	$(DOCKER_CMD) exec $(GARAGE_CONTAINER) /garage layout assign -z ash -c 10G $(shell $(DOCKER_CMD) exec $(GARAGE_CONTAINER) /garage status 2>&1 | grep -A 1 ID | tail -n1 | awk '{print $$1}')
+	$(DOCKER_CMD) exec $(GARAGE_CONTAINER) /garage layout apply --version 1
+	$(DOCKER_CMD) exec $(GARAGE_CONTAINER) /garage key import --yes -n dev GK03c0bc4880d00a540d929ee9 88a01d80ba28c04f2c7013445506bdcd883cb44aa32e63731bcd42971697f171
+	$(DOCKER_CMD) exec $(GARAGE_CONTAINER) /garage key allow --create-bucket dev
+.PHONY: setup-dev-garage

caddy/Caddyfile.garage

@@ -0,0 +1,79 @@
+{
+	servers {
+		metrics
+	}
+}
+
+*.garage.{$APP_DOMAIN}, *.{$APP_DOMAIN}, {$APP_DOMAIN} {
+	tls {$APP_EMAIL} {
+		dns cloudflare {$CF_API_TOKEN}
+		resolvers 1.1.1.1
+	}
+	encode zstd gzip
+
+	header {
+		# disable FLoC tracking
+		Permissions-Policy interest-cohort=()
+
+		# enable HSTS
+		Strict-Transport-Security max-age=31536000;
+
+		# disable clients from sniffing the media type
+		X-Content-Type-Options nosniff
+
+		# clickjacking protection
+		X-Frame-Options DENY
+
+		# keep referrer data off of HTTP connections
+		Referrer-Policy no-referrer-when-downgrade
+
+		Content-Security-Policy "default-src 'self'; img-src * 'unsafe-inline'; style-src * 'unsafe-inline'"
+
+		X-XSS-Protection "1; mode=block"
+	}
+
+	@caddymetrics {
+		host garage.{$APP_DOMAIN}
+		path /_caddy/metrics
+	}
+
+	metrics @caddymetrics {
+		disable_openmetrics
+	}
+
+	@console {
+		host console.garage.{$APP_DOMAIN}
+	}
+
+	handle @console {
+		reverse_proxy garage:9001
+	}
+
+	@imgproxy_prometheus {
+		host imgproxy.{$APP_DOMAIN}
+		path /metrics
+	}
+
+	handle @imgproxy_prometheus {
+		reverse_proxy imgproxy:8081
+	}
+
+	@imgproxy_root {
+		host imgproxy.{$APP_DOMAIN}
+		path /
+	}
+
+	handle @imgproxy_root {
+		redir https://pico.sh
+	}
+
+	@imgproxy {
+		host imgproxy.{$APP_DOMAIN}
+	}
+
+	handle @imgproxy {
+		reverse_proxy imgproxy:8080
+	}
+
+	reverse_proxy garage:9000
+}

cmd/pgs/ssh/main.go

@@ -9,16 +9,13 @@ import (
 )
 
 func main() {
-	minioURL := utils.GetEnv("MINIO_URL", "")
-	minioUser := utils.GetEnv("MINIO_ROOT_USER", "")
-	minioPass := utils.GetEnv("MINIO_ROOT_PASSWORD", "")
 	dbURL := utils.GetEnv("DATABASE_URL", "")
 	logger := shared.CreateLogger("pgs-ssh")
 	dbpool, err := pgsdb.NewDB(dbURL, logger)
 	if err != nil {
 		panic(err)
 	}
-	st, err := storage.NewStorageMinio(logger, minioURL, minioUser, minioPass)
+	st, err := storage.NewStorage(logger)
 	if err != nil {
 		panic(err)
 	}

cmd/pgs/web/main.go

@@ -9,16 +9,13 @@ import (
 )
 
 func main() {
-	minioURL := utils.GetEnv("MINIO_URL", "")
-	minioUser := utils.GetEnv("MINIO_ROOT_USER", "")
-	minioPass := utils.GetEnv("MINIO_ROOT_PASSWORD", "")
 	dbURL := utils.GetEnv("DATABASE_URL", "")
 	logger := shared.CreateLogger("pgs-web")
 	dbpool, err := pgsdb.NewDB(dbURL, logger)
 	if err != nil {
 		panic(err)
 	}
-	st, err := storage.NewStorageMinio(logger, minioURL, minioUser, minioPass)
+	st, err := storage.NewStorage(logger)
 	if err != nil {
 		panic(err)
 	}

cmd/scripts/clean-object-store/clean.go

@@ -38,14 +38,11 @@ func main() {
 	picoCfg := shared.NewConfigSite()
 	picoCfg.Logger = logger
 	picoCfg.DbURL = os.Getenv("DATABASE_URL")
-	picoCfg.MinioURL = os.Getenv("MINIO_URL")
-	picoCfg.MinioUser = os.Getenv("MINIO_ROOT_USER")
-	picoCfg.MinioPass = os.Getenv("MINIO_ROOT_PASSWORD")
 	picoDb, err := pgsdb.NewDB(picoCfg.DbURL, picoCfg.Logger)
 	bail(err)
 
 	var st storage.StorageServe
-	st, err = storage.NewStorageMinio(logger, picoCfg.MinioURL, picoCfg.MinioUser, picoCfg.MinioPass)
+	st, err = storage.NewStorageMinio(logger, utils.GetEnv("MINIO_URL", ""), utils.GetEnv("MINIO_ROOT_USER", ""), utils.GetEnv("MINIO_ROOT_PASSWORD", ""))
 	bail(err)
 
 	logger.Info("fetching all users")

cmd/scripts/prose-imgs-migrate/main.go

@@ -14,6 +14,7 @@ import (
 	sendUtils "github.com/picosh/pico/pkg/send/utils"
 	"github.com/picosh/pico/pkg/shared"
 	"github.com/picosh/pico/pkg/shared/storage"
+	"github.com/picosh/utils"
 )
 
 func bail(err error) {
@@ -79,7 +80,7 @@ func main() {
 	cfg := prose.NewConfigSite("prose-imgs-migrate")
 	logger := cfg.Logger
 	picoDb := postgres.NewDB(cfg.DbURL, logger)
-	st, err := storage.NewStorageMinio(logger, cfg.MinioURL, cfg.MinioUser, cfg.MinioPass)
+	st, err := storage.NewStorageMinio(logger, utils.GetEnv("MINIO_URL", ""), utils.GetEnv("MINIO_ROOT_USER", ""), utils.GetEnv("MINIO_ROOT_PASSWORD", ""))
 	bail(err)
 
 	users, err := picoDb.FindUsers()

cmd/scripts/rm-old-buckets/rm-old-buckets.go

@@ -9,6 +9,7 @@ import (
 	"github.com/picosh/pico/pkg/apps/prose"
 	"github.com/picosh/pico/pkg/db/postgres"
 	"github.com/picosh/pico/pkg/shared"
+	"github.com/picosh/utils"
 )
 
 func bail(err error) {
@@ -21,11 +22,11 @@ func main() {
 	cfg := prose.NewConfigSite("prose-rm-old-buckets")
 	logger := cfg.Logger
 	picoDb := postgres.NewDB(cfg.DbURL, logger)
-	endpoint, err := url.Parse(cfg.MinioURL)
+	endpoint, err := url.Parse(utils.GetEnv("MINIO_URL", ""))
 	bail(err)
 	ssl := endpoint.Scheme == "https"
 	mClient, err := minio.New(endpoint.Host, &minio.Options{
-		Creds:  credentials.NewStaticV4(cfg.MinioUser, cfg.MinioPass, ""),
+		Creds:  credentials.NewStaticV4(utils.GetEnv("MINIO_ROOT_USER", ""), utils.GetEnv("MINIO_ROOT_PASSWORD", ""), ""),
 		Secure: ssl,
 	})
 	bail(err)