feat: init rustypaste + rustypaste cli

This commit is contained in:
notohh 2023-05-21 20:52:54 -04:00
parent 8d9e60b571
commit 2b1b9ff928
Signed by: notohh
GPG key ID: BD47506D475EE86D
7 changed files with 59 additions and 3 deletions

View file

@ -38,4 +38,5 @@
+ [MatthiasBenaets](https://github.com/MatthiasBenaets) - amazing nixos introduction video + [MatthiasBenaets](https://github.com/MatthiasBenaets) - amazing nixos introduction video
+ [sioodmy](https://github.com/sioodmy) - general dotfile, readme badges, and hyprland stuff + [sioodmy](https://github.com/sioodmy) - general dotfile, readme badges, and hyprland stuff
+ [MatthewCroughan](https://github.com/MatthewCroughan) - traefik config used as reference + [MatthewCroughan](https://github.com/MatthewCroughan) - traefik config used as reference
+ [seqizz](https://github.com/seqizz/nixos-config/blob/3ee51f406a8c7aa3afde9cdee97a43641b2ed2ef/modules/server/rustypaste.nix) - rustypaste config
+ [hlissner](https://github.com/hlissner) - [security.nix](modules/security.nix) + [hlissner](https://github.com/hlissner) - [security.nix](modules/security.nix)

View file

@ -21,6 +21,7 @@
homeDirectory = "/home/notoh"; homeDirectory = "/home/notoh";
packages = with pkgs; [ packages = with pkgs; [
(callPackage ../../pkgs/chatterino7 {}) (callPackage ../../pkgs/chatterino7 {})
(callPackage ../../pkgs/rustypaste-cli {})
bitwarden bitwarden
webcord webcord
spotify-player spotify-player

View file

@ -8,5 +8,6 @@
./foundryvtt.nix ./foundryvtt.nix
./forgejo.nix ./forgejo.nix
./jellyfin.nix ./jellyfin.nix
./rustypaste.nix
]; ];
} }

View file

@ -0,0 +1,28 @@
{
pkgs,
config,
...
}: {
sops.secrets.rusty-auth-token = {};
environment.systemPackages = with pkgs; [rustypaste];
systemd.services.rustypaste = {
enable = true;
wantedBy = [
"multi-user.target"
];
description = "A minimal file upload/pastebin service.";
environment = {
AUTH_TOKEN = config.sops.secrets.rusty-auth-token.path;
CONFIG = "/var/lib/rustypaste/config.toml";
};
serviceConfig = {
User = "root";
ExecStart = "${pkgs.rustypaste}/bin/rustypaste";
Restart = "always";
RestartSec = 30;
StandardOutput = "syslog";
WorkingDirectory = "/var/lib/rustypaste";
};
};
}

View file

@ -1,6 +1,6 @@
{config, ...}: { {config, ...}: {
sops.secrets.cloudflare-api-key = {}; sops.secrets.cloudflare-api-key = {};
networking.firewall.allowedTCPPorts = [80 443 8080]; networking.firewall.allowedTCPPorts = [80 443 8080 8000];
systemd.user.services.traefik.after = ["docker.service"]; systemd.user.services.traefik.after = ["docker.service"];
systemd.services.traefik = { systemd.services.traefik = {
environment = { environment = {
@ -22,6 +22,7 @@
jellyfin.loadBalancer.servers = [{url = "http://localhost:8096";}]; jellyfin.loadBalancer.servers = [{url = "http://localhost:8096";}];
foundryvtt.loadBalancer.servers = [{url = "http://localhost:30000";}]; foundryvtt.loadBalancer.servers = [{url = "http://localhost:30000";}];
gitea.loadBalancer.servers = [{url = "http://localhost:3000";}]; gitea.loadBalancer.servers = [{url = "http://localhost:3000";}];
rustypaste.loadBalancer.servers = [{url = "http://localhost:8000";}];
}; };
routers = { routers = {
api = { api = {
@ -70,6 +71,13 @@
tls.domains = [{main = "*.notohh.dev";}]; tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production"; tls.certresolver = "production";
}; };
rustypaste = {
rule = "Host(`img.notohh.dev`)";
entrypoints = ["websecure"];
service = "rustypaste";
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
}; };
}; };
}; };

View file

@ -0,0 +1,16 @@
{
rustPlatform,
fetchFromGitHub,
...
}:
rustPlatform.buildRustPackage rec {
pname = "rustypaste-cli";
version = "0.3.0";
src = fetchFromGitHub {
owner = "orhun";
repo = pname;
rev = "v${version}";
sha256 = "sha256-GPQEo9nYcw2Xowh0f2fqj4Ya5kUApB4GSdaSZkVb4R0=";
};
cargoHash = "sha256-uwAiNrpObirtxGXaNz3prXFIygcf0b8t/Z9N99Gcrtk=";
}

View file

@ -1,6 +1,7 @@
foundry-username: ENC[AES256_GCM,data:YYZ5Q6UlWPqbH8iYhqoR6pYFmQ3NAjY=,iv:pRjblo74gqbYYJTy/edn1bOsEKjHyvmXPwp6D/t6vxE=,tag:G5Xt+dVT51pU6kYdDra0Rw==,type:str] foundry-username: ENC[AES256_GCM,data:YYZ5Q6UlWPqbH8iYhqoR6pYFmQ3NAjY=,iv:pRjblo74gqbYYJTy/edn1bOsEKjHyvmXPwp6D/t6vxE=,tag:G5Xt+dVT51pU6kYdDra0Rw==,type:str]
foundry-password: ENC[AES256_GCM,data:c6cO1vV/thC7U1ha/1FiVVzk0KtvUnTRgJ9ysyO35uYhVK2ggyLUMAqBaXUduf4CXQ==,iv:jdnuyZyoaLN4waGI9MlU0coWg1adDIShrQykfuBq3UM=,tag:HNkaY/8k7JKQVCjjPlkO/w==,type:str] foundry-password: ENC[AES256_GCM,data:c6cO1vV/thC7U1ha/1FiVVzk0KtvUnTRgJ9ysyO35uYhVK2ggyLUMAqBaXUduf4CXQ==,iv:jdnuyZyoaLN4waGI9MlU0coWg1adDIShrQykfuBq3UM=,tag:HNkaY/8k7JKQVCjjPlkO/w==,type:str]
cloudflare-api-key: ENC[AES256_GCM,data:ZEYzFht24xogGov/Dkk9MQm0CZ/GPHvVgC7manQ2hOp1ljUOPrlHlShnNZnXctkv0VSwkQUARddCFQbAno79bUM=,iv:V54QifTBvy+5Q5JErfv2IRW0wpBn7q9KozAogy94gwU=,tag:1tz/0lNHLUTiYOH4V1jkDA==,type:str] cloudflare-api-key: ENC[AES256_GCM,data:ZEYzFht24xogGov/Dkk9MQm0CZ/GPHvVgC7manQ2hOp1ljUOPrlHlShnNZnXctkv0VSwkQUARddCFQbAno79bUM=,iv:V54QifTBvy+5Q5JErfv2IRW0wpBn7q9KozAogy94gwU=,tag:1tz/0lNHLUTiYOH4V1jkDA==,type:str]
rusty-auth-token: ENC[AES256_GCM,data:FZ1bC6wijkHPII2AlYnDq9P6pFq2qWVo,iv:92ZH8N52sml8ZkvfuXf472Jj/JbnaWfy38AX6GTvszA=,tag:Suq7P86MhjUx0WmPuGpCUA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -16,8 +17,8 @@ sops:
YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt
5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ== 5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-17T00:35:45Z" lastmodified: "2023-05-22T00:23:32Z"
mac: ENC[AES256_GCM,data:VOi7ctCMC2UbjT227Zocy+wfJ3MtaYiPuFWyILHcOD/ugsqZhXPSHHG9WMpZNPlm3ykHHuHqIwQen4VuaowdtWmNtoAiHAPUBOGdiA0xnmww35YRa2Lwy16l8cHiF7ce7VnZXRQhhrX+k8IjDujOkyDL+XK0unLvM51x7XNHTnI=,iv:zX2Sldr50gcBfC2LjrNqgFQR2diVbCyhkBEz7+n2FOo=,tag:9dovVpmpXCThfxSMpf0THw==,type:str] mac: ENC[AES256_GCM,data:pj7JqhGfKUaGdGEuFg0BxH1BMFzLMOKHQcFV3O36AelsJC8Wk5IKJTjrR4npGwy5BU5xkDIXh+kYAAhRd4h22ox64vNKd7wLwghu0C2dv8Wh/92bDaHoxsUsF3EvnJhnsrZqTzi0gn2f3L8USExpJD1I5Zzj2VlWzAaTE7HiS24=,iv:h/DqiM0eoNwbtk2dn+5xot0dcEXwGD+V6Mzn1Paiz6g=,tag:x1AG8y0XSeFC72+vCI0aAQ==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.7.3