feat: SeaweedFS to replace MinIO

[DaRacci]

Only just getting started, still needs lots of work and a full evaluation for feasibility.
This PR is building ontop of the PR seaweedfs module in nixpkgs NixOS/nixpkgs#353890.

Tasks:

• Setup all initial services
• Fully functional and connected master & volume services
• Fully functional and connected filer and S3 service (maybe webdav too)
• Fully functional and connected Admin UI Service + Worker
• Auto mounts helper option under server.storage.swfsMount (option name tbd)
• Ensure all services are using caddy routing and there are no references to internal addresses
• Secure all components and gRPC behind internal TLS

Blocked by seaweedfs/seaweedfs#8468

Summary by CodeRabbit

Release Notes

New Features

• Integrated SeaweedFS distributed storage system with complete service infrastructure for IO-primary nodes. New capabilities include systemd service management, multi-endpoint virtual host proxy support (S3-compatible, volume, and admin interfaces), and comprehensive directory configuration for distributed file storage operations.

[coderabbitai]

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: a7ed81b1-ce7c-49f2-9300-b12d35e5944b

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

📝 Walkthrough

Walkthrough

This pull request adds SeaweedFS support to the NixOS configuration by introducing a new flake input referencing a SeaweedFS module, importing it into the storage subsystem, and implementing comprehensive SeaweedFS service configuration for IO-primary nodes with systemd integration and reverse proxy virtual hosts.

Changes

Cohort / File(s)	Summary
Flake Input Configuration flake/nixos/flake.nix	Added new seaweedfs input sourcing a Nix module from an external repository with flake = false and type = "file" parameters.
Storage Module Integration modules/nixos/server/storage/default.nix	Added import statement for new seaweedfs.nix module to include SeaweedFS configuration in the server storage setup.
SeaweedFS Module Implementation modules/nixos/server/storage/seaweedfs.nix	Introduced comprehensive SeaweedFS module featuring IO-primary node gating, systemd service definitions (admin and worker), tmpfiles configuration for multiple components, reverse proxy virtual hosts, and conditional filer and index configurations.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 A SeaweedFS seed now plants so deep,
Through storage modules, secrets we keep,
With services sprouting and proxies aligned,
IO-primary nodes, perfectly designed! 🌾

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Title check	✅ Passed	The title accurately reflects the main objective of the pull request—introducing SeaweedFS as a replacement for MinIO. It clearly summarizes the primary change across all modified files.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch push-uroqwlvynlxr

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

• title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?:

🟢 Do not merge outdated PRs

Wonderful, this rule succeeded.

Make sure PRs are almost up to date before merging

• #commits-behind <= 10

[mergify]

🧪 CI Insights

Here's what we observed from your CI run for bed2fdf.

🟢 All jobs passed!

But CI Insights is watching 👀

[coderabbitai]

Actionable comments posted: 3

📜 Review details

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2caf3a0 and dd5a35d.

⛔ Files ignored due to path filters (1)

• flake/nixos/flake.lock is excluded by !**/*.lock

📒 Files selected for processing (3)

• flake/nixos/flake.nix
• modules/nixos/server/storage/default.nix
• modules/nixos/server/storage/seaweedfs.nix

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (11)

• GitHub Check: Build nixosConfigurations.nixcloud.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixdev.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixio.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixmi.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixai.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build homeConfigurations.racci.activationPackage on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixarr.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixmon.config.system.build.toplevel on x86_64-linux
• GitHub Check: Build nixosConfigurations.nixserv.config.system.build.toplevel on x86_64-linux
• GitHub Check: Mergify Merge Protections
• GitHub Check: Summary

🔇 Additional comments (4)

modules/nixos/server/storage/seaweedfs.nix (2)

16-37: Common systemd service template is tidy.

Keeps service defaults consistent across the admin/worker units.

---

143-225: Tmpfiles coverage looks solid.

The directory ownership/mode setup for master/volume/filer/admin/worker is comprehensive.

modules/nixos/server/storage/default.nix (1)

5-8: Import addition looks fine.

The storage module now includes SeaweedFS cleanly.

flake/nixos/flake.nix (1)

90-94: Use the correct flake input URL scheme for type = "file".

The URL should use the file+https:// scheme rather than plain https://. Update to:

url = "file+https://raw.githubusercontent.com/liberodark/nixpkgs/refs/heads/seaweedfs/nixos/modules/services/network-filesystems/seaweedfs.nix";

Nix flakes support type = "file" for remote URLs, and flake.lock automatically pins the exact revision; the branch reference is reproducible once locked. The URL scheme is the primary concern here.

Likely an incorrect or invalid review comment.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@modules/nixos/server/storage/seaweedfs.nix`:
- Around line 245-248: The capabilities list passed to the SeaweedFS worker (in
the command invoking ${cfg.package}/bin/weed worker) contains a typo: "vacumm"
should be "vacuum"; update the -capabilities argument to
"-capabilities=vacuum,ec,replication,balance" so the worker recognizes and runs
the vacuum maintenance task.
- Around line 47-83: The master endpoint is hardcoded in multiple places (the
master list entry "seaweedfs.racci.dev:443", the proxy virtualHost using
cfg.master.port, and the admin service referencing master.seaweedfs.racci.dev),
causing hostname/port mismatches; define a single master endpoint variable
(e.g., masterHost and masterPort or masterEndpoint) and replace the hardcoded
"seaweedfs.racci.dev:443", uses of cfg.master.port in
server.proxy.virtualHosts.seaweedfs.extraConfig, and the admin service's
connection target so all references (master, volume.inherit master,
filer.inherit master, proxy reverse_proxy, and admin client) use the same
variable. Ensure the new variable is used when constructing the master = [ ... ]
list and when generating the reverse_proxy target and admin connection string.
- Around line 84-139: Multiple vhosts ("seaweedfs", "s3.seaweedfs",
"volume.seaweedfs", "admin.seaweedfs") all set l4.listenPort = 10443 causing
port collisions; fix by either assigning unique listenPort values per vhost
(e.g. set l4.listenPort for "s3.seaweedfs", "volume.seaweedfs",
"admin.seaweedfs" to different ports) or refactor to a single L4 listener that
uses SNI to route to backends — implement one shared l4 block that checks the
SNI host and proxies to the appropriate target (use the existing proxy targets
like cfg.master.grpcPort, cfg.filer.s3.grpcPort, cfg.volume.grpcPort, and the
admin ports) so only one server binds to 10443.