chef/site-cookbooks/kosmos_garage/recipes/default.rb

#
# Cookbook:: kosmos_garage
# Recipe:: default
#

remote_file 'garage' do
  source "https://garagehq.deuxfleurs.fr/_releases/v#{node['garage']['version']}/x86_64-unknown-linux-musl/garage"
  checksum node['garage']['checksum']['amd64']
  path '/usr/local/bin/garage'
  mode '0755'
  ssl_verify_mode :verify_none if node.chef_environment == 'testing'
  notifies :restart, 'service[garage]', :delayed
end

credentials = Chef::EncryptedDataBagItem.load('credentials', 'garage')

template '/etc/garage.toml' do
  source 'garage.toml.erb'
  mode '0744'
  variables metadata_dir: node['garage']['metadata_dir'] || '/var/lib/garage/meta',
            data_dir: node['garage']['data_dir'] || '/var/lib/garage/data',
            db_engine: node['garage']['db_engine'] || 'lmdb',
            rpc_port: node['garage']['rpc_port'],
            rpc_public_addr: "#{node.dig('knife_zero', 'host') || '127.0.0.1'}:#{node['garage']['rpc_port']}",
            rpc_secret: credentials['rpc_secret'],
            s3_region: node['garage']['s3_region'] || 'garage',
            s3_api_port: node['garage']['s3_api_port'],
            s3_api_root_domain: node['garage']['s3_api_root_domain'] || '.s3.garage.localhost',
            s3_web_port: node['garage']['s3_web_port'],
            s3_web_root_domain: node['garage']['s3_web_root_domain'] || '.web.garage.localhost',
            k2v_api_port: node['garage']['k2v_api_port'],
            admin_port: node['garage']['admin_port'],
            admin_token: credentials['admin_token']
  notifies :restart, 'service[garage]', :delayed
end

systemd_unit 'garage.service' do
  content({
    Unit: {
      Description: 'Garage Data Store',
      Documentation: ['https://garagehq.deuxfleurs.fr/documentation/quick-start/'],
      After: 'network-online.target',
      Wants: 'network-online.target'
    },
    Service: {
      Environment: 'RUST_LOG=garage=info RUST_BACKTRACE=1',
      ExecStart: '/usr/local/bin/garage server',
      StateDirectory: 'garage',
      DynamicUser: true,
      ProtectHome: true,
      NoNewPrivileges: true
    },
    Install: {
      WantedBy: 'multi-user.target'
    }
  })
  verify false
  triggers_reload true
  action [:create]
end

service 'garage' do
  action [:enable, :start]
end