swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add microbin

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-06-29 15:35:35 +02:00
parent a21ff3228c
commit 0045d0cb18
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
3 changed files with 258 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

133
SwarselSystems.org
View file

@ -4769,6 +4769,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
ssh = lib.mkDefault true; ssh = lib.mkDefault true;
oauth2Proxy = lib.mkDefault true; oauth2Proxy = lib.mkDefault true;
croc = lib.mkDefault true; croc = lib.mkDefault true;
microbin = lib.mkDefault true;
}; };
}; };
}; };
@ -10853,6 +10854,138 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
} }
#+end_src #+end_src
**** microbin
:PROPERTIES:
:CUSTOM_ID: h:13071cc3-5cba-44b5-8b5b-2a27be22e021
:END:
#+begin_src nix :tangle modules/nixos/server/microbin.nix
{ lib, config, ... }:
let
serviceDomain = "scratch.swarsel.win";
servicePort = 8777;
serviceName = "microbin";
serviceUser = "microbin";
serviceGroup = serviceUser;
cfg = config.services."${serviceName}";
in
{
options.swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
config = lib.mkIf config.swarselsystems.modules.server."${serviceName}" {
users = {
groups."${serviceGroup}" = { };
users."${serviceUser}" = {
isSystemUser = true;
group = serviceGroup;
};
};
sops = {
secrets = {
microbin-admin-username = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
microbin-admin-password = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
microbin-uploader-password = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
};
templates = {
"microbin-env" = {
content = ''
MICROBIN_ADMIN_USERNAME="${config.sops.placeholder.microbin-admin-username}"
MICROBIN_ADMIN_PASSWORD="${config.sops.placeholder.microbin-admin-password}"
MICROBIN_UPLOADER_PASSWORD="${config.sops.placeholder.microbin-uploader-password}"
'';
owner = serviceUser;
group = serviceGroup;
mode = "0440";
};
};
};
topology.self.services."${serviceName}".info = "https://${serviceDomain}";
services."${serviceName}" = {
enable = true;
passwordFile = config.sops.templates.microbin-env.path;
dataDir = "/var/lib/microbin";
settings = {
MICROBIN_HIDE_LOGO = true;
MICROBIN_PORT = servicePort;
MICROBIN_EDITABLE = true;
MICROBIN_HIDE_HEADER = true;
MICROBIN_HIDE_FOOTER = true;
MICROBIN_NO_LISTING = false;
MICROBIN_HIGHLIGHTSYNTAX = true;
MICROBIN_BIND = "0.0.0.0";
MICROBIN_PRIVATE = true;
MICROBIN_PUBLIC_PATH = "https://${serviceDomain}";
MICROBIN_READONLY = true;
MICROBIN_SHOW_READ_STATS = true;
MICROBIN_TITLE = "~SwarselScratch~";
MICROBIN_THREADS = 1;
MICROBIN_GC_DAYS = 30;
MICROBIN_ENABLE_BURN_AFTER = true;
MICROBIN_QR = true;
MICROBIN_ETERNAL_PASTA = true;
MICROBIN_ENABLE_READONLY = true;
MICROBIN_DEFAULT_EXPIRY = "1week";
MICROBIN_NO_FILE_UPLOAD = false;
MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB = 256;
MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB = 1024;
MICROBIN_DISABLE_UPDATE_CHECKING = true;
MICROBIN_DISABLE_TELEMETRY = true;
MICROBIN_LIST_SERVER = false;
};
};
systemd.services = {
"${serviceName}" = {
serviceConfig = {
DynamicUser = lib.mkForce false;
User = serviceUser;
Group = serviceGroup;
};
};
};
networking.firewall.allowedTCPPorts = [ servicePort ];
environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
{ directory = cfg.dataDir; user = serviceUser; group = serviceGroup; mode = "0700"; }
];
services.nginx = {
upstreams = {
"${serviceName}" = {
servers = {
"localhost:${builtins.toString servicePort}" = { };
};
};
};
virtualHosts = {
"${serviceDomain}" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://${serviceName}";
extraConfig = ''
client_max_body_size 1G;
'';
};
};
};
};
};
};
}
#+end_src
*** Darwin *** Darwin
:PROPERTIES: :PROPERTIES:
:CUSTOM_ID: h:ac0cd8b3-06cf-4dca-ba73-6100c8fedb47 :CUSTOM_ID: h:ac0cd8b3-06cf-4dca-ba73-6100c8fedb47

124
modules/nixos/server/microbin.nix Normal file
View file

@ -0,0 +1,124 @@
{ lib, config, ... }:
let
serviceDomain = "scratch.swarsel.win";
servicePort = 8777;
serviceName = "microbin";
serviceUser = "microbin";
serviceGroup = serviceUser;
cfg = config.services."${serviceName}";
in
{
options.swarselsystems.modules.server."${serviceName}" = lib.mkEnableOption "enable ${serviceName} on server";
config = lib.mkIf config.swarselsystems.modules.server."${serviceName}" {
users = {
groups."${serviceGroup}" = { };
users."${serviceUser}" = {
isSystemUser = true;
group = serviceGroup;
};
};
sops = {
secrets = {
microbin-admin-username = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
microbin-admin-password = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
microbin-uploader-password = { owner = serviceUser; group = serviceGroup; mode = "0440"; };
};
templates = {
"microbin-env" = {
content = ''
MICROBIN_ADMIN_USERNAME="${config.sops.placeholder.microbin-admin-username}"
MICROBIN_ADMIN_PASSWORD="${config.sops.placeholder.microbin-admin-password}"
MICROBIN_UPLOADER_PASSWORD="${config.sops.placeholder.microbin-uploader-password}"
'';
owner = serviceUser;
group = serviceGroup;
mode = "0440";
};
};
};
topology.self.services."${serviceName}".info = "https://${serviceDomain}";
services."${serviceName}" = {
enable = true;
passwordFile = config.sops.templates.microbin-env.path;
dataDir = "/var/lib/microbin";
settings = {
MICROBIN_HIDE_LOGO = true;
MICROBIN_PORT = servicePort;
MICROBIN_EDITABLE = true;
MICROBIN_HIDE_HEADER = true;
MICROBIN_HIDE_FOOTER = true;
MICROBIN_NO_LISTING = false;
MICROBIN_HIGHLIGHTSYNTAX = true;
MICROBIN_BIND = "0.0.0.0";
MICROBIN_PRIVATE = true;
MICROBIN_PUBLIC_PATH = "https://${serviceDomain}";
MICROBIN_READONLY = true;
MICROBIN_SHOW_READ_STATS = true;
MICROBIN_TITLE = "~SwarselScratch~";
MICROBIN_THREADS = 1;
MICROBIN_GC_DAYS = 30;
MICROBIN_ENABLE_BURN_AFTER = true;
MICROBIN_QR = true;
MICROBIN_ETERNAL_PASTA = true;
MICROBIN_ENABLE_READONLY = true;
MICROBIN_DEFAULT_EXPIRY = "1week";
MICROBIN_NO_FILE_UPLOAD = false;
MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB = 256;
MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB = 1024;
MICROBIN_DISABLE_UPDATE_CHECKING = true;
MICROBIN_DISABLE_TELEMETRY = true;
MICROBIN_LIST_SERVER = false;
};
};
systemd.services = {
"${serviceName}" = {
serviceConfig = {
DynamicUser = lib.mkForce false;
User = serviceUser;
Group = serviceGroup;
};
};
};
networking.firewall.allowedTCPPorts = [ servicePort ];
environment.persistence."/persist".directories = lib.mkIf config.swarselsystems.isImpermanence [
{ directory = cfg.dataDir; user = serviceUser; group = serviceGroup; mode = "0700"; }
];
services.nginx = {
upstreams = {
"${serviceName}" = {
servers = {
"localhost:${builtins.toString servicePort}" = { };
};
};
};
virtualHosts = {
"${serviceDomain}" = {
enableACME = true;
forceSSL = true;
acmeRoot = null;
locations = {
"/" = {
proxyPass = "http://${serviceName}";
extraConfig = ''
client_max_body_size 1G;
'';
};
};
};
};
};
};
}

1
profiles/nixos/moonside/default.nix
View file

@ -20,6 +20,7 @@
ssh = lib.mkDefault true; ssh = lib.mkDefault true;
oauth2Proxy = lib.mkDefault true; oauth2Proxy = lib.mkDefault true;
croc = lib.mkDefault true; croc = lib.mkDefault true;
microbin = lib.mkDefault true;
}; };
}; };
}; };