84 lines
1.9 KiB
Nix
84 lines
1.9 KiB
Nix
{ lib, pkgs, config, inputs, ... }:
|
|
let
|
|
cfg = config.modules.services.bin;
|
|
fqdn = "${cfg.subdomain}.${config.networking.domain}";
|
|
KiB = 1024;
|
|
MiB = 1024 * KiB;
|
|
GiB = 1024 * MiB;
|
|
|
|
settings = {
|
|
port = cfg.port;
|
|
host = "::1";
|
|
max_size = 1 * GiB;
|
|
default_extension = "txt";
|
|
data_dir = "/var/lib/hastebin";
|
|
mime_overrides = {
|
|
"text/plain" = [
|
|
"log"
|
|
"txt"
|
|
"diff"
|
|
"sh"
|
|
"rs"
|
|
"toml"
|
|
"cr"
|
|
"nix"
|
|
"rb"
|
|
"ts"
|
|
"tsx"
|
|
"jsx"
|
|
];
|
|
};
|
|
auth_tokens_file = "/var/secrets/hastebin-tokens";
|
|
};
|
|
|
|
hastebinConfig = (pkgs.formats.yaml { }).generate "hastebin.yml" settings;
|
|
hastebin = inputs.hastebin.packages.${pkgs.system}.default;
|
|
in
|
|
{
|
|
options.modules.services.bin = {
|
|
enable = lib.mkEnableOption "Enable Rustypaste";
|
|
subdomain = lib.mkOption {
|
|
type = lib.types.str;
|
|
};
|
|
port = lib.mkOption {
|
|
type = lib.types.int;
|
|
default = 3600;
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
systemd.services.hastebin = {
|
|
enable = true;
|
|
description = "Hastebin pastebin";
|
|
environment = {
|
|
HASTEBIN_CONFIG = hastebinConfig;
|
|
};
|
|
serviceConfig = {
|
|
ExecStart = "${hastebin}/bin/hastebin";
|
|
WorkingDirectory = "/var/lib/hastebin";
|
|
StateDirectory = "hastebin";
|
|
DynamicUser = true;
|
|
BindReadOnlyPaths = [ "/var/secrets/hastebin-tokens" ];
|
|
};
|
|
wantedBy = [ "multi-user.target" ];
|
|
confinement = {
|
|
enable = true;
|
|
packages = [ hastebinConfig ];
|
|
};
|
|
};
|
|
|
|
modules.services.webserver = {
|
|
enable = lib.mkDefault true;
|
|
vHosts.${fqdn}.locations."/" = {
|
|
proxyPort = cfg.port;
|
|
extraConfig = ''
|
|
client_max_body_size ${toString (settings.max_size / MiB)}m;
|
|
proxy_send_timeout 300;
|
|
proxy_read_timeout 300;
|
|
send_timeout 300;
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
}
|