From 2b1b9ff9283d868b8d4afb3e126717e95dcc0691 Mon Sep 17 00:00:00 2001 From: notohh Date: Sun, 21 May 2023 20:52:54 -0400 Subject: [PATCH] feat: init rustypaste + rustypaste cli --- README.md | 1 + hosts/tsuki/home.nix | 1 + modules/services/default.nix | 1 + modules/services/rustypaste.nix | 28 ++++++++++++++++++++++++++++ modules/services/traefik.nix | 10 +++++++++- pkgs/rustypaste-cli/default.nix | 16 ++++++++++++++++ secrets/secrets.yaml | 5 +++-- 7 files changed, 59 insertions(+), 3 deletions(-) create mode 100644 modules/services/rustypaste.nix create mode 100644 pkgs/rustypaste-cli/default.nix diff --git a/README.md b/README.md index 7c44e42..3679e4f 100755 --- a/README.md +++ b/README.md @@ -38,4 +38,5 @@ + [MatthiasBenaets](https://github.com/MatthiasBenaets) - amazing nixos introduction video + [sioodmy](https://github.com/sioodmy) - general dotfile, readme badges, and hyprland stuff + [MatthewCroughan](https://github.com/MatthewCroughan) - traefik config used as reference ++ [seqizz](https://github.com/seqizz/nixos-config/blob/3ee51f406a8c7aa3afde9cdee97a43641b2ed2ef/modules/server/rustypaste.nix) - rustypaste config + [hlissner](https://github.com/hlissner) - [security.nix](modules/security.nix) diff --git a/hosts/tsuki/home.nix b/hosts/tsuki/home.nix index b2f9628..ae4b4e1 100755 --- a/hosts/tsuki/home.nix +++ b/hosts/tsuki/home.nix @@ -21,6 +21,7 @@ homeDirectory = "/home/notoh"; packages = with pkgs; [ (callPackage ../../pkgs/chatterino7 {}) + (callPackage ../../pkgs/rustypaste-cli {}) bitwarden webcord spotify-player diff --git a/modules/services/default.nix b/modules/services/default.nix index df316f7..e32b7ba 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -8,5 +8,6 @@ ./foundryvtt.nix ./forgejo.nix ./jellyfin.nix + ./rustypaste.nix ]; } diff --git a/modules/services/rustypaste.nix b/modules/services/rustypaste.nix new file mode 100644 index 0000000..48d4680 --- /dev/null +++ b/modules/services/rustypaste.nix @@ -0,0 +1,28 @@ +{ + pkgs, + config, + ... +}: { + sops.secrets.rusty-auth-token = {}; + environment.systemPackages = with pkgs; [rustypaste]; + + systemd.services.rustypaste = { + enable = true; + wantedBy = [ + "multi-user.target" + ]; + description = "A minimal file upload/pastebin service."; + environment = { + AUTH_TOKEN = config.sops.secrets.rusty-auth-token.path; + CONFIG = "/var/lib/rustypaste/config.toml"; + }; + serviceConfig = { + User = "root"; + ExecStart = "${pkgs.rustypaste}/bin/rustypaste"; + Restart = "always"; + RestartSec = 30; + StandardOutput = "syslog"; + WorkingDirectory = "/var/lib/rustypaste"; + }; + }; +} diff --git a/modules/services/traefik.nix b/modules/services/traefik.nix index c42a29b..d9e4f4b 100644 --- a/modules/services/traefik.nix +++ b/modules/services/traefik.nix @@ -1,6 +1,6 @@ {config, ...}: { sops.secrets.cloudflare-api-key = {}; - networking.firewall.allowedTCPPorts = [80 443 8080]; + networking.firewall.allowedTCPPorts = [80 443 8080 8000]; systemd.user.services.traefik.after = ["docker.service"]; systemd.services.traefik = { environment = { @@ -22,6 +22,7 @@ jellyfin.loadBalancer.servers = [{url = "http://localhost:8096";}]; foundryvtt.loadBalancer.servers = [{url = "http://localhost:30000";}]; gitea.loadBalancer.servers = [{url = "http://localhost:3000";}]; + rustypaste.loadBalancer.servers = [{url = "http://localhost:8000";}]; }; routers = { api = { @@ -70,6 +71,13 @@ tls.domains = [{main = "*.notohh.dev";}]; tls.certresolver = "production"; }; + rustypaste = { + rule = "Host(`img.notohh.dev`)"; + entrypoints = ["websecure"]; + service = "rustypaste"; + tls.domains = [{main = "*.notohh.dev";}]; + tls.certresolver = "production"; + }; }; }; }; diff --git a/pkgs/rustypaste-cli/default.nix b/pkgs/rustypaste-cli/default.nix new file mode 100644 index 0000000..d0fee71 --- /dev/null +++ b/pkgs/rustypaste-cli/default.nix @@ -0,0 +1,16 @@ +{ + rustPlatform, + fetchFromGitHub, + ... +}: + rustPlatform.buildRustPackage rec { + pname = "rustypaste-cli"; + version = "0.3.0"; + src = fetchFromGitHub { + owner = "orhun"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-GPQEo9nYcw2Xowh0f2fqj4Ya5kUApB4GSdaSZkVb4R0="; + }; + cargoHash = "sha256-uwAiNrpObirtxGXaNz3prXFIygcf0b8t/Z9N99Gcrtk="; + } \ No newline at end of file diff --git a/secrets/secrets.yaml b/secrets/secrets.yaml index ae19ac2..55f96ab 100644 --- a/secrets/secrets.yaml +++ b/secrets/secrets.yaml @@ -1,6 +1,7 @@ foundry-username: ENC[AES256_GCM,data:YYZ5Q6UlWPqbH8iYhqoR6pYFmQ3NAjY=,iv:pRjblo74gqbYYJTy/edn1bOsEKjHyvmXPwp6D/t6vxE=,tag:G5Xt+dVT51pU6kYdDra0Rw==,type:str] foundry-password: ENC[AES256_GCM,data:c6cO1vV/thC7U1ha/1FiVVzk0KtvUnTRgJ9ysyO35uYhVK2ggyLUMAqBaXUduf4CXQ==,iv:jdnuyZyoaLN4waGI9MlU0coWg1adDIShrQykfuBq3UM=,tag:HNkaY/8k7JKQVCjjPlkO/w==,type:str] cloudflare-api-key: ENC[AES256_GCM,data:ZEYzFht24xogGov/Dkk9MQm0CZ/GPHvVgC7manQ2hOp1ljUOPrlHlShnNZnXctkv0VSwkQUARddCFQbAno79bUM=,iv:V54QifTBvy+5Q5JErfv2IRW0wpBn7q9KozAogy94gwU=,tag:1tz/0lNHLUTiYOH4V1jkDA==,type:str] +rusty-auth-token: ENC[AES256_GCM,data:FZ1bC6wijkHPII2AlYnDq9P6pFq2qWVo,iv:92ZH8N52sml8ZkvfuXf472Jj/JbnaWfy38AX6GTvszA=,tag:Suq7P86MhjUx0WmPuGpCUA==,type:str] sops: kms: [] gcp_kms: [] @@ -16,8 +17,8 @@ sops: YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt 5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-05-17T00:35:45Z" - mac: ENC[AES256_GCM,data:VOi7ctCMC2UbjT227Zocy+wfJ3MtaYiPuFWyILHcOD/ugsqZhXPSHHG9WMpZNPlm3ykHHuHqIwQen4VuaowdtWmNtoAiHAPUBOGdiA0xnmww35YRa2Lwy16l8cHiF7ce7VnZXRQhhrX+k8IjDujOkyDL+XK0unLvM51x7XNHTnI=,iv:zX2Sldr50gcBfC2LjrNqgFQR2diVbCyhkBEz7+n2FOo=,tag:9dovVpmpXCThfxSMpf0THw==,type:str] + lastmodified: "2023-05-22T00:23:32Z" + mac: ENC[AES256_GCM,data:pj7JqhGfKUaGdGEuFg0BxH1BMFzLMOKHQcFV3O36AelsJC8Wk5IKJTjrR4npGwy5BU5xkDIXh+kYAAhRd4h22ox64vNKd7wLwghu0C2dv8Wh/92bDaHoxsUsF3EvnJhnsrZqTzi0gn2f3L8USExpJD1I5Zzj2VlWzAaTE7HiS24=,iv:h/DqiM0eoNwbtk2dn+5xot0dcEXwGD+V6Mzn1Paiz6g=,tag:x1AG8y0XSeFC72+vCI0aAQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3