refactor

2025-02-08 19:44:52 +02:00
parent 271d9e8f88
commit 913d3d1238
32 changed files with 844 additions and 544 deletions
--- a/modules/services/bin.nix
+++ b/modules/services/bin.nix
@@ -0,0 +1,89 @@
+{ lib, pkgs, config, ... }:
+let
+  cfg = config.modules.services.bin;
+  fqdn = "${cfg.subdomain}.${config.networking.domain}";
+  rustypasteConfig = (pkgs.formats.toml { }).generate "rustypaste-config.toml" {
+    server = {
+      address = "[::1]:${toString cfg.port}";
+      max_content_length = "1GB";
+      upload_path = "/var/lib/rustypaste/uploads";
+      timeout = "5m";
+    };
+
+    landing_page = {
+      text = ''
+        ┬─┐┬ ┬┌─┐┌┬┐┬ ┬┌─┐┌─┐┌─┐┌┬┐┌─┐
+        ├┬┘│ │└─┐ │ └┬┘├─┘├─┤└─┐ │ ├┤
+        ┴└─└─┘└─┘ ┴  ┴ ┴  ┴ ┴└─┘ ┴ └─┘
+
+        Submit files via HTTP POST here:
+            curl -F 'file=@example.txt' https://${fqdn}
+        This will return the URL of the uploaded file.
+
+        The server administrator might remove any pastes that they do not personally
+        want to host.
+
+        If you are the server administrator and want to change this page, just go
+        into your config file and change it! If you change the expiry time, it is
+        recommended that you do.
+
+        By default, pastes expire every hour. The server admin may or may not have
+        changed this.
+
+        Check out the GitHub repository at https://github.com/orhun/rustypaste
+        Command line tool is available  at https://github.com/orhun/rustypaste-cli
+      '';
+      content_type = "text/plain; charset=utf-8";
+    };
+
+    paste = {
+      default_extension = "txt";
+      random_url = { type = "petname"; words = 2; separator = "-"; };
+      delete_expirted_files = { enabled = true; interval = "1h"; };
+      default_expiry = "100y";
+      mime_override = [
+        { mime = "text/plain"; regex = "^.*\.(log|txt|diff|sh|rs|toml|cr|nix|rb|js|tsx|ts|jsx)$"; }
+      ];
+    };
+  };
+in
+{
+  options.modules.services.bin = {
+    enable = lib.mkEnableOption "Enable Rustypaste";
+    subdomain = lib.mkOption {
+      type = lib.types.str;
+    };
+    port = lib.mkOption {
+      type = lib.types.int;
+      default = 3600;
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    systemd.services.rustypaste = {
+      enable = true;
+      description = "Rustypaste pastebin";
+      environment = {
+        CONFIG = rustypasteConfig;
+        AUTH_TOKENS_FILE = "/var/secrets/rustypaste-tokens";
+      };
+      serviceConfig = {
+        ExecStart = "${pkgs.rustypaste}/bin/rustypaste";
+        WorkingDirectory = "/var/lib/rustypaste";
+        StateDirectory = "rustypaste";
+        DynamicUser = true;
+        BindReadOnlyPaths = [ "/var/secrets/rustypaste-tokens" ];
+      };
+      wantedBy = [ "multi-user.target" ];
+      confinement = {
+        enable = true;
+        packages = [ rustypasteConfig ];
+      };
+    };
+
+    modules.services.webserver = {
+      enable = lib.mkDefault true;
+      vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
+    };
+  };
+}