Working version

Not sure that I'd bet the bank that this is secure. It probably is. From what I can see, you have to be able to go in and do things as root.
2025-12-06 09:47:00 -05:00
parent 0d5dbcae2c
commit acbd740392
6 changed files with 76 additions and 31 deletions
--- a/garage.toml
+++ b/garage.toml
@@ -1,21 +1,23 @@
-# There are many parameters
-# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
-
 metadata_dir = "/app/data/garage/meta"
-data_dir = "/app/data/garage/data"
+
+# https://garagehq.deuxfleurs.fr/documentation/operations/multi-hdd/
+data_dir = [
+    { path = "/app/data/garage/data", capacity = "1G"  },
+]
+
 db_engine = "sqlite"

 replication_factor = 1

+rpc_bind_addr = "[::]:3901"
+rpc_public_addr = "127.0.0.1:3901"
+rpc_secret_file = "/app/data/garage/rpc-secret"
+
 [s3_api]
 s3_region = "garage"
 api_bind_addr = "[::]:3900"
 root_domain = ".s3.garage.localhost"

-rpc_bind_addr = "[::]:3901"
-rpc_public_addr = "127.0.0.1:3901"
-rpc_secret = "$(openssl rand -hex 32)"
-
 [s3_web]
 bind_addr = "[::]:3902"
 root_domain = ".web.garage.localhost"
@@ -24,7 +26,7 @@ index = "index.html"
 # [k2v_api]
 # api_bind_addr = "[::]:3904"

-# [admin]
-# api_bind_addr = "[::]:3903"
-# admin_token = "$(openssl rand -base64 32)"
-# metrics_token = "$(openssl rand -base64 32)"
+[admin]
+api_bind_addr = "[::]:3903"
+admin_token = "$(openssl rand -base64 32)"
+metrics_token = "$(openssl rand -base64 32)"