nox: add microbin

2023-06-26 21:03:25 +02:00 · 2023-06-26 21:03:25 +02:00 · 1b052f57af
parent cbd38fc8f4
commit 1b052f57af
4 changed files with 83 additions and 17 deletions
--- a/hosts/noximilien/default.nix
+++ b/hosts/noximilien/default.nix
@ -37,6 +37,7 @@
    ../../profiles/web/services/netdata.nix
    ../../profiles/web/services/nitter.nix
    #../../profiles/web/services/ntopng.nix
+    ../../profiles/web/services/microbin.nix
    #../../profiles/web/services/owncast.nix
    #../../profiles/web/services/paperless.nix
    ../../profiles/web/services/polaris.nix
@ -83,6 +84,7 @@
  services.domeneshop-updater.targets = [
    "pbsds.net"
    "olavtr.pbsds.net"
+    "kuklef.se"
  ];

  # TODO: remove? Move to where relevant?
--- a/profiles/web/default.nix
+++ b/profiles/web/default.nix
@ -4,13 +4,12 @@ let
 in
 {
  _module.args.mkDomain = mkDomain;
-  _module.args.allSubdomains = lib.sort (x: y: x<y) ( # TODO: deduplicate <-
-    lib.flatten (
-      lib.mapAttrsToList
-        (k: v: [k] ++ v.serverAliases)
-        config.services.nginx.virtualHosts
-    )
-  );
+  _module.args.allSubdomains = lib.pipe config.services.nginx.virtualHosts [
+    (lib.mapAttrsToList (domain: vhost: [ domain ] ++ vhost.serverAliases))
+    (lib.mapAttrsToList (domain: vhost: [ domain ]))
+    lib.flatten
+    (lib.sort (x: y: x<y))
+  ];

  security.acme.acceptTerms = true;
  security.acme.defaults.email = "pbsds+acme@hotmail.com";
--- a/profiles/web/index/default.nix
+++ b/profiles/web/index/default.nix
@ -2,15 +2,18 @@
 let
  # TODO: support fully qualified urls as well
  customDescriptions = rec {
-    index         = "This page";
-    links         = "Linktree";
-    element       = pkgs.element-web.meta.description;
+    index                     = "This page";
+    "links.pbsds.net"         = "Linktree";
+    "i.kuklef.se"             = pkgs.microbin.meta.description;
+    www                       = "wwwwwwwwwwwwwww";
+    ${config.networking.fqdn} = www;
+
    refleksjon    = "My dad is a cheapskate";
    roroslyd      = "My dad is a cheapskate";
-    www           = "wwwwwwwwwwwwwww";
-    ${config.networking.hostName} = www;
-    shlink        = "Url shortener";
+
    docs          = "Various documentation";
+    element       = pkgs.element-web.meta.description;
+    shlink        = "Url shortener";
  };
 in
 {
@ -23,14 +26,18 @@ in
    root = with lib; let
      getName   = domain: head (lib.splitString "." domain);
      getDomain = domain: concatStringsSep "." (tail (lib.splitString "." domain));
-      getDesc   = domain: let
+      getDesc   = domain:
+        let
          name = getName domain;
-        in if lib.hasAttr name customDescriptions
+        in
+          if lib.hasAttr domain customDescriptions
+            then customDescriptions.${domain}
+          else if lib.hasAttr name customDescriptions
            then customDescriptions.${name}
-          else if lib.hasAttr name pkgs.python3Packages
-            then pkgs.python3Packages.${name}.meta.description
          else if lib.hasAttr name pkgs
            then pkgs.${name}.meta.description
+          else if lib.hasAttr name pkgs.python3Packages
+            then pkgs.python3Packages.${name}.meta.description
          else if lib.hasAttrByPath [name "package"] config.services
            then config.services.${name}.package.meta.description
          else "";
--- a/profiles/web/services/microbin.nix
+++ b/profiles/web/services/microbin.nix
@ -0,0 +1,58 @@
+{ config, lib, pkgs, ... }:
+let
+  name    = "microbin";
+  user    = name;
+  group   = name;
+  host    = "127.0.0.1";
+  port    = 6743;
+  domain  = "i.kuklef.se";
+  #domain  = mkDomain "microbin";
+in
+{
+
+  systemd.services.microbin = {
+    description = "Microbin - pastebin and url shortener";
+    wantedBy = ["multi-user.target"];
+    after    = ["network.target"];
+    serviceConfig = {
+      ExecStart = lib.escapeShellArgs [
+        "${pkgs.microbin}/bin/microbin"
+        "--title" "spis meg"
+        "--editable"
+        "--hide-footer"
+        "--highlightsyntax"
+        "--no-listing"
+        "--wide"
+        "--qr"
+        "--gc-days" "0"
+        "--enable-burn-after"
+        "-b" "${host}"
+        "-p" "${builtins.toString port}"
+        "--public-path" "https://${domain}/"
+      ];
+
+      # https://github.com/szabodanika/microbin/issues/106
+      #EnvironmentFile = "/var/lib/secrets/microbin.env"; # TODO: sops
+      #Environment.MICROBIN_AUTH_USERNAME="foo";
+      #Environment.MICROBIN_AUTH_PASSWORD="bar";
+
+      DynamicUser = true;
+      StateDirectory = "microbin";
+      WorkingDirectory = "/var/lib/microbin";
+      Type = "simple";
+      Restart = "always";
+
+      ProtectProc = "invisible";
+    };
+  };
+
+  services.nginx.virtualHosts.${domain} = {
+    forceSSL = true; # addSSL = true;
+    enableACME = true; #useACMEHost = acmeDomain;
+    locations."/" = {
+      proxyPass = "http://${host}:${toString port}";
+      #proxyWebsockets = true;
+    };
+  };
+
+}