feat(rustypaste): create module instead of container and use newer version through flake
This commit is contained in:
parent
b8c7300e8a
commit
520157cb2b
13 changed files with 292 additions and 163 deletions
84
flake.lock
generated
84
flake.lock
generated
|
@ -296,6 +296,24 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"naersk": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1721727458,
|
||||
"narHash": "sha256-r/xppY958gmZ4oTfLiHN0ZGuQ+RSTijDblVgVLFi1mw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "naersk",
|
||||
"rev": "3fb418eaf352498f6b6c30592e3beb63df42ef11",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "naersk",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1728056216,
|
||||
|
@ -360,6 +378,34 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 0,
|
||||
"narHash": "sha256-HP89HZOT0ReIbI7IJZJQoJgxvB2Tn28V6XS3MNKnfLs=",
|
||||
"path": "/nix/store/lryfc8mhk1czqsa421di2y5nzz5c3b8m-source",
|
||||
"type": "path"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1728492678,
|
||||
"narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nysh": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -435,7 +481,8 @@
|
|||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"nysh": "nysh",
|
||||
"rofi-obsidian": "rofi-obsidian"
|
||||
"rofi-obsidian": "rofi-obsidian",
|
||||
"rustypaste": "rustypaste"
|
||||
}
|
||||
},
|
||||
"rust-overlay": {
|
||||
|
@ -456,6 +503,41 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"rustypaste": {
|
||||
"inputs": {
|
||||
"naersk": "naersk",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"rustypasteRepo": "rustypasteRepo"
|
||||
},
|
||||
"locked": {
|
||||
"dirtyRev": "561025fca47e63a4356cf8e41669ab823f033717-dirty",
|
||||
"dirtyShortRev": "561025f-dirty",
|
||||
"lastModified": 1728306155,
|
||||
"narHash": "sha256-ewGx/X970ErBg6oKAaBKZd4pqnP2s0jeRHm9bIj8CzM=",
|
||||
"type": "git",
|
||||
"url": "file:///home/ny/Documents/opensource/rustypaste"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "file:///home/ny/Documents/opensource/rustypaste"
|
||||
}
|
||||
},
|
||||
"rustypasteRepo": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1728306155,
|
||||
"narHash": "sha256-mgB/arakSQu7mC/n7Oal/rsHdVxCD4NEgX7TAsCrCMI=",
|
||||
"owner": "orhun",
|
||||
"repo": "rustypaste",
|
||||
"rev": "561025fca47e63a4356cf8e41669ab823f033717",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "orhun",
|
||||
"repo": "rustypaste",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
|
|
|
@ -42,6 +42,10 @@
|
|||
url = "github:hyprwm/hyprlock";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
rustypaste = {
|
||||
url = "/home/ny/Documents/opensource/rustypaste";
|
||||
};
|
||||
};
|
||||
|
||||
outputs =
|
||||
|
|
|
@ -59,8 +59,7 @@ in
|
|||
getext = pkgs.writeScriptBin "ls | grep -E \"\.[a-zA-Z0-9]+$\" --only-matching | sort | uniq";
|
||||
|
||||
rpaste = writeFishBin "rpaste" ''
|
||||
export $(cat ${config.age.secrets.rustypaste.path} | xargs)
|
||||
${pkgs.rustypaste-cli}/bin/rpaste -a "$AUTH_TOKEN" -s "https://rusty.ccnlc.eu/" $argv
|
||||
${pkgs.rustypaste-cli}/bin/rpaste -a "$(cat ${config.age.secrets.rustypaste.path})" -s "https://rusty.ccnlc.eu/" $argv
|
||||
'';
|
||||
|
||||
gentest = nixos-rebuild "gentest" "test";
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
pubkeys,
|
||||
...
|
||||
}:
|
||||
let
|
||||
|
@ -14,14 +13,17 @@ in
|
|||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
./disk-config.nix
|
||||
./container-root.nix
|
||||
./rustypaste
|
||||
./forgejo
|
||||
./headscale.nix
|
||||
];
|
||||
|
||||
age.secrets = {
|
||||
couchdb.file = ../../secrets/couchdb.age;
|
||||
rustypaste.file = ../../secrets/rustypaste.age;
|
||||
rustypaste = {
|
||||
file = ../../secrets/rustypaste.age;
|
||||
owner = "rustypaste";
|
||||
group = "rustypaste";
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.grub = {
|
||||
|
@ -29,10 +31,46 @@ in
|
|||
efiInstallAsRemovable = true;
|
||||
};
|
||||
|
||||
modules.services.tailscale = {
|
||||
enable = true;
|
||||
tags = [ "server" ];
|
||||
extraFlags = [ "--accept-dns=false" ]; # Want to disable that since *server* can't access the private dns... for now
|
||||
modules = {
|
||||
server.rustypaste = {
|
||||
enable = true;
|
||||
authTokenFile = config.age.secrets.rustypaste.path;
|
||||
settings = {
|
||||
server = {
|
||||
url = "https://rusty.ccnlc.eu";
|
||||
max_content_length = "50MB";
|
||||
timeout = "30s";
|
||||
expose_version = false;
|
||||
expose_list = false;
|
||||
handle_spaces = "replace";
|
||||
};
|
||||
paste = {
|
||||
random_url = {
|
||||
type = "petname";
|
||||
words = 3;
|
||||
separator = "-";
|
||||
};
|
||||
default_extension = "txt";
|
||||
mime_blacklist = [
|
||||
"application/x-dosexec"
|
||||
"application/java-archive"
|
||||
"application/java-vm"
|
||||
];
|
||||
duplicate_files = false;
|
||||
default_expiry = "1h";
|
||||
delete_expired_files = {
|
||||
enabled = true;
|
||||
interval = "1h";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
tags = [ "server" ];
|
||||
extraFlags = [ "--accept-dns=false" ]; # Want to disable that since *server* can't access the private dns... for now
|
||||
};
|
||||
};
|
||||
|
||||
services.headscale.enable = true;
|
||||
|
|
|
@ -1,90 +0,0 @@
|
|||
{
|
||||
config = {
|
||||
refresh_rate = "1s";
|
||||
};
|
||||
server = {
|
||||
address = "127.0.0.1:8000";
|
||||
url = "https://rusty.ccnlc.eu";
|
||||
workers = 4;
|
||||
max_content_length = "50MB";
|
||||
upload_path = "./upload";
|
||||
timeout = "30s";
|
||||
expose_version = false;
|
||||
expose_list = false;
|
||||
handle_spaces = "replace";
|
||||
};
|
||||
landing_page = {
|
||||
text = ''
|
||||
┬─┐┬ ┬┌─┐┌┬┐┬ ┬┌─┐┌─┐┌─┐┌┬┐┌─┐
|
||||
├┬┘│ │└─┐ │ └┬┘├─┘├─┤└─┐ │ ├┤
|
||||
┴└─└─┘└─┘ ┴ ┴ ┴ ┴ ┴└─┘ ┴ └─┘
|
||||
|
||||
Submit files via HTTP POST here:
|
||||
curl -F 'file=@example.txt' <server>
|
||||
This will return the URL of the uploaded file.
|
||||
|
||||
The server administrator might remove any pastes that they do not personally
|
||||
want to host.
|
||||
|
||||
If you are the server administrator and want to change this page, just go
|
||||
into your config file and change it! If you change the expiry time, it is
|
||||
recommended that you do.
|
||||
|
||||
By default, pastes expire every hour. The server admin may or may not have
|
||||
changed this.
|
||||
|
||||
Check out the GitHub repository at https://github.com/orhun/rustypaste
|
||||
Command line tool is available at https://github.com/orhun/rustypaste-cli
|
||||
'';
|
||||
content_type = "text/plain; charset=utf-8";
|
||||
};
|
||||
paste = {
|
||||
random_url = {
|
||||
type = "petname";
|
||||
words = 2;
|
||||
separator = "-";
|
||||
};
|
||||
default_extension = "txt";
|
||||
mime_override = [
|
||||
{
|
||||
mime = "image/jpeg";
|
||||
regex = "^.*\.jpg$";
|
||||
}
|
||||
{
|
||||
mime = "image/png";
|
||||
regex = "^.*\.png$";
|
||||
}
|
||||
{
|
||||
mime = "image/svg+xml";
|
||||
regex = "^.*\.svg$";
|
||||
}
|
||||
{
|
||||
mime = "video/webm";
|
||||
regex = "^.*\.webm$";
|
||||
}
|
||||
{
|
||||
mime = "video/x-matroska";
|
||||
regex = "^.*\.mkv$";
|
||||
}
|
||||
{
|
||||
mime = "application/octet-stream";
|
||||
regex = "^.*\.bin$";
|
||||
}
|
||||
{
|
||||
mime = "text/plain";
|
||||
regex = "^.*\.(log|txt|diff|sh|rs|toml)$";
|
||||
}
|
||||
];
|
||||
mime_blacklist = [
|
||||
"application/x-dosexec"
|
||||
"application/java-archive"
|
||||
"application/java-vm"
|
||||
];
|
||||
duplicate_files = false;
|
||||
default_expiry = "1h";
|
||||
delete_expired_files = {
|
||||
enabled = true;
|
||||
interval = "1h";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,53 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
virtualisation.oci-containers.containers."rustypaste" = {
|
||||
image = "orhunp/rustypaste:latest";
|
||||
environment = {
|
||||
"RUST_LOG" = "debug";
|
||||
};
|
||||
environmentFiles = [ config.age.secrets.rustypaste.path ];
|
||||
volumes = [
|
||||
"${(pkgs.formats.toml { }).generate "conf" (import ./conf.nix)}:/app/config.toml:ro"
|
||||
"test_rustypaste-data:/app/upload:rw"
|
||||
];
|
||||
ports = [ "8000:8000/tcp" ];
|
||||
log-driver = "journald";
|
||||
extraOptions = [
|
||||
"--network-alias=rustypaste"
|
||||
"--network=test_default"
|
||||
];
|
||||
};
|
||||
systemd.services."podman-rustypaste" = {
|
||||
serviceConfig = {
|
||||
Restart = lib.mkOverride 500 "always";
|
||||
};
|
||||
after = [
|
||||
"podman-network-test_default.service"
|
||||
"podman-volume-test_rustypaste-data.service"
|
||||
];
|
||||
requires = [
|
||||
"podman-network-test_default.service"
|
||||
"podman-volume-test_rustypaste-data.service"
|
||||
];
|
||||
partOf = [ "podman-compose-test-root.target" ];
|
||||
wantedBy = [ "podman-compose-test-root.target" ];
|
||||
};
|
||||
|
||||
systemd.services."podman-volume-test_rustypaste-data" = {
|
||||
path = [ pkgs.podman ];
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
script = ''
|
||||
podman volume inspect test_rustypaste-data || podman volume create test_rustypaste-data
|
||||
'';
|
||||
partOf = [ "podman-compose-test-root.target" ];
|
||||
wantedBy = [ "podman-compose-test-root.target" ];
|
||||
};
|
||||
}
|
|
@ -1,4 +1,5 @@
|
|||
{
|
||||
inputs,
|
||||
inputs',
|
||||
config,
|
||||
lib,
|
||||
|
@ -37,5 +38,6 @@
|
|||
|
||||
hyprlock = inputs'.hyprlock.packages.hyprlock;
|
||||
})
|
||||
inputs.rustypaste.overlays.default
|
||||
];
|
||||
}
|
||||
|
|
|
@ -3,5 +3,6 @@
|
|||
./paperless-ngx
|
||||
./navidrome.nix
|
||||
./rsync-daemon
|
||||
./rustypaste.nix
|
||||
];
|
||||
}
|
||||
|
|
146
options/server/rustypaste.nix
Normal file
146
options/server/rustypaste.nix
Normal file
|
@ -0,0 +1,146 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
options,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (lib)
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
types
|
||||
;
|
||||
cfg = config.modules.server.rustypaste;
|
||||
opts = options.modules.server.rustypaste;
|
||||
toml = pkgs.formats.toml { };
|
||||
in
|
||||
{
|
||||
options.modules.server.rustypaste = {
|
||||
enable = mkEnableOption "rustypaste, a pastebin alternative";
|
||||
|
||||
authTokenFile = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
|
||||
deleteTokenFile = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
|
||||
port = mkOption {
|
||||
type = types.port;
|
||||
default = 8000;
|
||||
description = "The port rustypaste should listen on.";
|
||||
};
|
||||
|
||||
openFirewall = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether to open the specified port.";
|
||||
};
|
||||
|
||||
address = mkOption {
|
||||
type = types.nonEmptyStr;
|
||||
default = "127.0.0.1";
|
||||
description = "The address rustypaste should listen on.";
|
||||
};
|
||||
|
||||
package = mkOption {
|
||||
type = types.package;
|
||||
default = pkgs.rustypaste;
|
||||
};
|
||||
|
||||
user = mkOption {
|
||||
type = types.str;
|
||||
default = "rustypaste";
|
||||
description = "User account under which rustypaste runs.";
|
||||
};
|
||||
|
||||
group = mkOption {
|
||||
type = types.str;
|
||||
default = "rustypaste";
|
||||
description = "Group under which rustypaste runs.";
|
||||
};
|
||||
|
||||
settings = lib.mkOption {
|
||||
inherit (toml) type;
|
||||
default = {
|
||||
config.refresh_rate = "1y";
|
||||
server = {
|
||||
address = "${cfg.address}:${toString cfg.port}";
|
||||
max_content_length = "10MB";
|
||||
upload_path = cfg.dataDir;
|
||||
};
|
||||
paste = {
|
||||
default_extension = "txt";
|
||||
};
|
||||
};
|
||||
defaultText = "Refer to https://github.com/orhun/rustypaste/blob/master/config.toml";
|
||||
apply = lib.recursiveUpdate opts.settings.default;
|
||||
};
|
||||
|
||||
dataDir = lib.mkOption {
|
||||
type = types.nonEmptyStr;
|
||||
default = "/var/lib/rustypaste";
|
||||
description = "Where rustypaste stores uploaded files.";
|
||||
};
|
||||
|
||||
settingsFile = lib.mkOption {
|
||||
type = types.path;
|
||||
default = toml.generate "rustypaste.toml" cfg.settings;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ];
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${cfg.dataDir} 0700 ${cfg.user} ${cfg.group}"
|
||||
];
|
||||
|
||||
systemd.services.rustypaste = {
|
||||
enable = true;
|
||||
after = [ "network.target" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
environment = {
|
||||
"CONFIG" = cfg.settingsFile;
|
||||
"AUTH_TOKENS_FILE" = mkIf (cfg.authTokenFile != "") cfg.authTokenFile;
|
||||
"DELETE_TOKENS_FILE" = mkIf (cfg.deleteTokenFile != "") cfg.deleteTokenFile;
|
||||
};
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
WorkingDirectory = cfg.dataDir;
|
||||
ExecStart = "${cfg.package}/bin/rustypaste";
|
||||
Restart = "on-failure";
|
||||
PrivateDevices = true;
|
||||
PrivateTmp = true;
|
||||
ProtectSystem = "full";
|
||||
ReadWritePaths = cfg.dataDir;
|
||||
ReadOnlyPaths = lib.concatStringsSep " " [
|
||||
cfg.settingsFile
|
||||
cfg.authTokenFile
|
||||
cfg.deleteTokenFile
|
||||
];
|
||||
IPAddressAllow = "any";
|
||||
};
|
||||
};
|
||||
|
||||
users.users = mkIf (cfg.user == "rustypaste") {
|
||||
rustypaste = {
|
||||
useDefaultShell = true;
|
||||
group = cfg.group;
|
||||
isSystemUser = true;
|
||||
};
|
||||
};
|
||||
|
||||
users.groups = mkIf (cfg.group == "rustypaste") {
|
||||
rustypaste = { };
|
||||
};
|
||||
};
|
||||
}
|
Binary file not shown.
|
@ -1,11 +1,11 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 biwZXw M19MPetxrj5viO9n3YQ80hEObhyJg5IZnNycR3Wzqk4
|
||||
YBOWqQzb+zU8tSwEcrsr/ocPj6kzSly2wbJq0WK+gDM
|
||||
-> ssh-ed25519 b3HlPA Z01OXca+e/XNFR0V9hPlCMZaQUdmbDfIqhQvLSfF5is
|
||||
bjPwLeKSzatDDIjAaKh1q4ZdgEvHB82EyC4hSzS4qXE
|
||||
-> ssh-ed25519 cdUqUg 97W5cmHE/PS0MAlel2MDdzYJVinRVxBkigbV+c/xLRk
|
||||
UyMUJYb+782FZEbuCcn4xj62bCLaYSBLD5714xpQN4c
|
||||
-> ssh-ed25519 a1hgwg +kQW6lvFa/sTuU91My1NepIasAFnscjluc3z3zyHWws
|
||||
rx/jQxCiC6sjGeXYeZcW0+UxkQr8uHNJKCGPxvH9GqQ
|
||||
--- VGD7NEIKcPMDhDKCGXKP+kXXf1YIPIK/y64k5e4YFTs
|
||||
bw¾XÁm
Ÿ‚ws hF1É+‡ZÜ }LY ZÝ<5A>¯fg³°¹q]̃tüxÊÛ¯¹õ`„¶Üw)—Y%u––ÚãåÅ^_v8QZfìqu<C2AD>:¹¶g1 VÛþ!í–Â’»A[€€Çöe{TnÕ -f×
|
||||
-> ssh-ed25519 biwZXw iMQ+wyhe0edDZpfFTcvg2zKzdGt6aHVE/tQBqbtCcUc
|
||||
hAizLz8grjdYwjOnLSeEtp4kxA4MjRPywRs1BHrDSdo
|
||||
-> ssh-ed25519 b3HlPA G1inkewMY0dv885snGeJqWRVVXsaCK35iSBXVA6OEAc
|
||||
/VgBYT9W4ic6piJM5QTvmaAJtWDbzsXyP7M3GOilW8I
|
||||
-> ssh-ed25519 cdUqUg UzHj6mpJ1qNWA02x37JFhNEq/VdOP6k3p4ZtBY68Hjo
|
||||
4trOjzntsQ05C07SVSfO/gGoUTR2owyj6VnZPwLi4eE
|
||||
-> ssh-ed25519 a1hgwg pMJOkvg4Lg5tbY+nb9eqGPMweLwzxPxtvkhaOY8s3xk
|
||||
7rpmGdN84Lq/yU+FQCnaaHJOmvUhJgboFDmXgO4B7lc
|
||||
--- kZ3ul3tAFvY769eSvcTei2KdrGyHKCDh+OdOAHk3NoU
|
||||
‡×”S*D›<44>WŸv¡î=!‰Ø÷ðm‡…›R’“ˆéʇ921QkÔ!hÊ0ǃÁ]òá_¢¾æÝž]äj6 1Î76õÃÆ4‚H”T¼Ø’JÂűøÖl‚j€H‰—oO@¶ Õ]9SUÓ×q '¡n
|
Binary file not shown.
Binary file not shown.
Loading…
Add table
Reference in a new issue