use hastebin nixos module

2025-02-10 10:42:42 +02:00
parent 70cfdfaed2
commit e809cdc57c
1 changed files with 28 additions and 46 deletions
--- a/modules/services/bin.nix
+++ b/modules/services/bin.nix
@@ -1,40 +1,16 @@
-{ lib, pkgs, config, inputs, ... }:
+{ lib, config, inputs, ... }:
 let
  cfg = config.modules.services.bin;
  fqdn = "${cfg.subdomain}.${config.networking.domain}";
  KiB = 1024;
  MiB = 1024 * KiB;
  GiB = 1024 * MiB;
-
-  settings = {
-    port = cfg.port;
-    host = "::1";
-    max_size = 1 * GiB;
-    default_extension = "txt";
-    data_dir = "/var/lib/hastebin";
-    mime_overrides = {
-      "text/plain" = [
-        "log"
-        "txt"
-        "diff"
-        "sh"
-        "rs"
-        "toml"
-        "cr"
-        "nix"
-        "rb"
-        "ts"
-        "tsx"
-        "jsx"
-      ];
-    };
-    auth_tokens_file = "/var/secrets/hastebin-tokens";
-  };
-
-  hastebinConfig = (pkgs.formats.yaml { }).generate "hastebin.yml" settings;
-  hastebin = inputs.hastebin.packages.${pkgs.system}.default;
 in
 {
+  imports = [
+    inputs.hastebin.nixosModules.default
+  ];
+
  options.modules.services.bin = {
    enable = lib.mkEnableOption "Enable Rustypaste";
    subdomain = lib.mkOption {
@@ -47,23 +23,29 @@ in
  };

  config = lib.mkIf cfg.enable {
-    systemd.services.hastebin = {
+    services.hastebin = {
      enable = true;
-      description = "Hastebin pastebin";
-      environment = {
-        HASTEBIN_CONFIG = hastebinConfig;
-      };
-      serviceConfig = {
-        ExecStart = "${hastebin}/bin/hastebin";
-        WorkingDirectory = "/var/lib/hastebin";
-        StateDirectory = "hastebin";
-        DynamicUser = true;
-        BindReadOnlyPaths = [ "/var/secrets/hastebin-tokens" ];
-      };
-      wantedBy = [ "multi-user.target" ];
-      confinement = {
-        enable = true;
-        packages = [ hastebinConfig ];
+      settings = {
+        port = cfg.port;
+        host = "::1";
+        max_size = 1 * GiB;
+        mime_overrides = {
+          "text/plain" = [
+            "log"
+            "txt"
+            "diff"
+            "sh"
+            "rs"
+            "toml"
+            "cr"
+            "nix"
+            "rb"
+            "ts"
+            "tsx"
+            "jsx"
+          ];
+        };
+        auth_tokens_file = "/var/secrets/hastebin-tokens";
      };
    };

@@ -72,7 +54,7 @@ in
      vHosts.${fqdn}.locations."/" = {
        proxyPort = cfg.port;
        extraConfig = ''
-          client_max_body_size ${toString (settings.max_size / MiB)}m;
+          client_max_body_size ${toString (config.services.hastebin.settings.max_size / MiB)}m;
          proxy_send_timeout   300;
          proxy_read_timeout   300;
          send_timeout         300;