From 053dcd608d0a4cdfab2523d03ff97f271feed1c9 Mon Sep 17 00:00:00 2001
From: Felix Albrigtsen <felix@albrigtsen.it>
Date: Wed, 21 Feb 2024 22:54:34 +0100
Subject: [PATCH] defiant: add microbin

---
 hosts/defiant/configuration.nix     |  1 +
 hosts/defiant/services/microbin.nix | 46 +++++++++++++++++++++++++++++
 secrets/defiant/defiant.yaml        |  6 ++--
 3 files changed, 51 insertions(+), 2 deletions(-)
 create mode 100644 hosts/defiant/services/microbin.nix

diff --git a/hosts/defiant/configuration.nix b/hosts/defiant/configuration.nix
index 069d11b..d6e318f 100644
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@@ -21,6 +21,7 @@
       ./services/home-assistant.nix
       ./services/matrix
       ./services/metrics
+      ./services/microbin.nix
       ./services/minecraft.nix
       ./services/vaultwarden.nix
   ];
diff --git a/hosts/defiant/services/microbin.nix b/hosts/defiant/services/microbin.nix
new file mode 100644
index 0000000..c99ffa1
--- /dev/null
+++ b/hosts/defiant/services/microbin.nix
@@ -0,0 +1,46 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.microbin;
+  domain = "p.feal.no";
+  address = "127.0.1.2";
+  max_upload_mb = 1024;
+  port = 5006;
+in {
+
+  services.microbin = {
+    enable = true;
+    # passwordFile = "/run/credentials/microbin.service/secrets";
+    passwordFile = config.sops.secrets."microbin/secrets".path;
+    settings = {
+      MICROBIN_BIND = address;
+      MICROBIN_ENABLE_BURN_AFTER = true;
+      MICROBIN_FOOTER_TEXT = "Be nice or go away";
+      MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB = max_upload_mb;
+      MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB = max_upload_mb;
+      MICROBIN_PORT = port;
+      MICROBIN_PUBLIC_PATH = "https://${domain}/";
+      MICROBIN_QR = true;
+      MICROBIN_TITLE = "felixalbs pasta collection";
+    };
+  };
+
+  sops.secrets."microbin/secrets" = { };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+
+    listen = [
+      { addr = "192.168.10.175"; port = 43443; ssl = true; }
+      { addr = "192.168.10.175"; port = 43080; ssl = false; }
+    ];
+
+    extraConfig = ''
+      client_max_body_size ${toString max_upload_mb}M;
+    '';
+
+    locations."/" = {
+      proxyPass = "http://${address}:${toString port}";
+    };
+  };
+}
diff --git a/secrets/defiant/defiant.yaml b/secrets/defiant/defiant.yaml
index 27c16c0..6993d9f 100644
--- a/secrets/defiant/defiant.yaml
+++ b/secrets/defiant/defiant.yaml
@@ -5,6 +5,8 @@ hedgedoc:
     env: ENC[AES256_GCM,data:7UU8MNo3AEpG1L0lpbfow4mGsIj7qMgtldCxv2T8rimintl1PN+avb2yxXz2P+1MqxNhacYYfBn5AkVqUJvAvo/HaQmsu+M1iFuMG6vEQuMGZZ1bjcslKxjVFWe9Rxzb9O33jqielsBiUmkP7f0MoGzfdyncpRuGjge+ADL7YXdRdH2zyDLW0txM3P593MQYiGo9wzwb7ZpycX4NsuE=,iv:4QE4RwD6c7KQS/w15YP/P2u7iOTWd36/YhpA2Jtdu0U=,tag:QBvO3q5C9TK0oSeso367/Q==,type:str]
 vaultwarden:
     admintoken: ENC[AES256_GCM,data:sUPOe3goxpJFpe5fBdwcM5Z6+DXNdZr5Xd6HzRUb7LtDk9IUtwL4wtlckwnMRoLF628XvCV3ObrX2UmTqUX/6pWqLkWL/vWb3C8ogq4=,iv:vvO9nEkCjcKvl+ILEMlMorMmvyNM1juRYRnEolwg9sQ=,tag:wFnz9oOA+ZGrb4UqKrtUcA==,type:str]
+microbin:
+    secrets: ENC[AES256_GCM,data:GaEbiNENeLnVrqcJBHCks844WiYtVmU3yeGTLdrhPhPCfdgMiGst2nwIeTAGxqcy2Wn3Jo6hsGsHaGnFVgZ8+6Ej8rAU2Q==,iv:0EPKzBU/iy8YWZhJDF/iPCpfOneiLgf27XHby89RvB8=,tag:4oNhGEFjz4GylUXH/UuF+Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -29,8 +31,8 @@ sops:
             RXcvQU1JYnl0bUtocTZuNkRxcGQwR2MKnyAYtF2y7XBmNuIYi6RzqEJEPPg7B22A
             fQVeDfIhiNSVva784KTU+y4TU1UPxumriRrLRFPF3h42ZEq2zQAgrQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-29T22:35:52Z"
-    mac: ENC[AES256_GCM,data:wLuNSHMesuGxoYH4km/NkX58JcZgXCoQW5veh+wL8A3vmWg+HGkcnWLxhGPetG4fhdORkurr+/l803Y3Fq79C5C3JyMSZEI5ba9LL9SLnJsTu9B+sro6DRp0xCX8kvY/Hfl23jsg8NcJ2QoiE0eHMJ5LftSydSNPefnkzSz70UU=,iv:r8Cv2kOf2T3WwXLpDyTVDG+O6RcIhv+juIteCgR+Zlc=,tag:EoaPXCOprA5yBtnyORmXvA==,type:str]
+    lastmodified: "2024-02-21T21:11:56Z"
+    mac: ENC[AES256_GCM,data:NBmL+eOcavjU/xhQZtDvuJvvG+wXjU+PGayaNuTDdbo4zk1j8twoVrLCSOLVZuCFO88/2YEtmMJkNOEsPO2hbDhJl5k20g1880rQt4LhPn5sdHyxzrPL3ehDWNLyZy+JMl0SbDI/yjNRH/jX7UxjcBjMCW4WVQpqFK2na20PYfI=,iv:A9h6ziIZUDbtzTmTeSFYZcBKQ1KMkEkQe7PW6ahW/XQ=,tag:VfYygPnzeTMDUXyyNlCcZg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1