replace snips.sh with rustypaste

home/common/default.nix

@@ -1,4 +1,4 @@
-{ config, lib, pkgs, bin, ... }:
+{ config, lib, pkgs, ... }:
 {
   nixpkgs.config.allowUnfree = true;
   imports = [ ../gnome ../custom-programs ./neovim ];
@@ -236,7 +236,6 @@
           hostname = "apu.tempel-vibes.ts.net";
           user = "root";
         };
-        "bin.freun.dev".port = bin.sshPort;
       };
     };
     spotify-player = {

home/default.nix

@@ -1,11 +1,11 @@
-{ inputs, bin, ... }:
+{ inputs, ... }:
 {
   home-manager = {
     users = {
       jokke = import ./jokke;
       moco = import ./moco;
     };
-    extraSpecialArgs = { inherit inputs bin; };
+    extraSpecialArgs = { inherit inputs; };
     sharedModules = [ (import ./common) ];
     useUserPackages = true;
     useGlobalPkgs = true;

hosts/freun.dev/services/bin.nix

@@ -0,0 +1,73 @@
+{ pkgs, ... }:
+let
+  fqdn = "bin.freun.dev";
+  port = 3600;
+  config = (pkgs.formats.toml { }).generate "rustypaste-config.toml" {
+    server = {
+      address = "[::1]:${toString port}";
+      max_content_length = "1GB";
+      upload_path = "/var/lib/rustypaste/uploads";
+      timeout = "5m";
+    };
+
+    landing_page = {
+      text = ''
+        ┬─┐┬ ┬┌─┐┌┬┐┬ ┬┌─┐┌─┐┌─┐┌┬┐┌─┐
+        ├┬┘│ │└─┐ │ └┬┘├─┘├─┤└─┐ │ ├┤
+        ┴└─└─┘└─┘ ┴  ┴ ┴  ┴ ┴└─┘ ┴ └─┘
+
+        Submit files via HTTP POST here:
+            curl -F 'file=@example.txt' https://${fqdn}
+        This will return the URL of the uploaded file.
+
+        The server administrator might remove any pastes that they do not personally
+        want to host.
+
+        If you are the server administrator and want to change this page, just go
+        into your config file and change it! If you change the expiry time, it is
+        recommended that you do.
+
+        By default, pastes expire every hour. The server admin may or may not have
+        changed this.
+
+        Check out the GitHub repository at https://github.com/orhun/rustypaste
+        Command line tool is available  at https://github.com/orhun/rustypaste-cli
+      '';
+      content_type = "text/plain; charset=utf-8";
+    };
+
+    paste = {
+      default_extension = "txt";
+      random_url = { type = "petname"; words = 2; separator = "-"; };
+      delete_expirted_files = { enabled = true; interval = "1h"; };
+      default_expiry = "100y";
+      mime_override = [
+        { mime = "text/plain"; regex = "^.*\.(log|txt|diff|sh|rs|toml|cr|nix|rb|js|tsx|ts|jsx)$"; }
+      ];
+    };
+  };
+in
+{
+  systemd.services.rustypaste = {
+    enable = true;
+    description = "Rustypaste pastebin";
+    environment = {
+      CONFIG = config;
+      AUTH_TOKENS_FILE = "/var/secrets/rustypaste-tokens";
+    };
+    serviceConfig = {
+      ExecStart = "${pkgs.rustypaste}/bin/rustypaste";
+      WorkingDirectory = "/var/lib/rustypaste";
+      StateDirectory = "rustypaste";
+      DynamicUser = true;
+      BindReadOnlyPaths = [ "/var/secrets/rustypaste-tokens" ];
+    };
+    wantedBy = [ "multi-user.target" ];
+    confinement = {
+      enable = true;
+      packages = [ config ];
+    };
+  };
+
+  modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port;
+}

hosts/freun.dev/services/default.nix

@@ -33,6 +33,6 @@
     ./tailscale.nix
     ./workout-tracker.nix
     ./gotosocial.nix
-    ./snips.nix
+    ./bin.nix
   ];
 }

hosts/freun.dev/services/snips.nix

@@ -1,44 +0,0 @@
-{ pkgs, bin, ssh, ... }:
-let
-  fqdn = "bin.freun.dev";
-  port = 3600;
-  sshPort = bin.sshPort;
-  authorizedKeys = pkgs.writeTextFile {
-    name = "authorized_keys";
-    text = ssh.publicKeys.yubikey;
-  };
-in
-{
-  nixpkgs.config.snips-sh.withTensorflow = true;
-
-  systemd.services.snips = {
-    enable = true;
-    description = "Snips pastebin";
-    environment = {
-      SNIPS_HTTP_INTERNAL = "http://[::1]:${toString port}";
-      SNIPS_HTTP_EXTERNAL = "https://${fqdn}";
-      SNIPS_SSH_INTERNAL = "ssh://[::0]:${toString sshPort}";
-      SNIPS_SSH_EXTERNAL = "ssh://${fqdn}:${toString sshPort}";
-      SNIPS_HOST_KEY_PATH = "/var/lib/snips/keys/snips";
-      SNIPS_DB_FILEPATH = "/var/lib/snips/snips.db";
-      SNIPS_SSH_AUTHORIZEDKEYSPATH = authorizedKeys;
-    };
-    serviceConfig = {
-      EnvironmentFile = "/var/secrets/snips.env";
-      StateDirectory = "snips";
-      ExecStart = "${pkgs.snips-sh}/bin/snips.sh";
-      WorkingDirectory = "/var/lib/snips";
-      ConfigurationDirectory = "snips";
-      DynamicUser = true;
-    };
-    wantedBy = [ "multi-user.target" ];
-    confinement = {
-      enable = true;
-      packages = [ authorizedKeys ];
-    };
-  };
-
-  modules.webserver.vHosts.${fqdn}.locations."/".proxyPort = port;
-
-  networking.firewall.allowedTCPPorts = [ sshPort ];
-}