diff --git a/hosts/hades/default.nix b/hosts/hades/default.nix index deaa941..0cb891b 100644 --- a/hosts/hades/default.nix +++ b/hosts/hades/default.nix @@ -76,6 +76,12 @@ in { secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; }; + microbin = { + enable = true; + privatePort = 8088; + passwordFile = config.age.secrets."microbin/secret-config".path; + }; + miniflux = { enable = true; adminCredentialsFile = config.age.secrets."miniflux/admin-credentials".path; diff --git a/hosts/hades/secrets.nix b/hosts/hades/secrets.nix index 9f5b3c9..23b2cdb 100644 --- a/hosts/hades/secrets.nix +++ b/hosts/hades/secrets.nix @@ -21,6 +21,8 @@ owner = "matrix-synapse"; }; + "microbin/secret-config" = {}; + "miniflux/admin-credentials" = {}; "nextcloud/admin-pass" = { diff --git a/modules/secrets/microbin/secret-config.age b/modules/secrets/microbin/secret-config.age new file mode 100644 index 0000000..e875004 Binary files /dev/null and b/modules/secrets/microbin/secret-config.age differ diff --git a/modules/secrets/secrets.nix b/modules/secrets/secrets.nix index 524c4d8..3b4229f 100644 --- a/modules/secrets/secrets.nix +++ b/modules/secrets/secrets.nix @@ -18,6 +18,8 @@ in { "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades]; + "microbin/secret-config.age".publicKeys = [alarsyo hades]; + "miniflux/admin-credentials.age".publicKeys = [alarsyo hades]; "nextcloud/admin-pass.age".publicKeys = [alarsyo hades]; diff --git a/services/default.nix b/services/default.nix index 68f98de..221159c 100644 --- a/services/default.nix +++ b/services/default.nix @@ -8,6 +8,7 @@ ./lohr.nix ./matrix.nix ./media.nix + ./microbin.nix ./miniflux.nix ./monitoring.nix ./navidrome.nix diff --git a/services/microbin.nix b/services/microbin.nix new file mode 100644 index 0000000..a7c53d6 --- /dev/null +++ b/services/microbin.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + pkgs, + ... +}: let + inherit + (lib) + mkEnableOption + mkIf + mkOption + ; + + cfg = config.my.services.microbin; + + domain = config.networking.domain; + hostname = config.networking.hostName; + fqdn = "${hostname}.${domain}"; +in { + options.my.services.microbin = let + inherit (lib) types; + in { + enable = mkEnableOption "MicroBin file sharing app"; + + privatePort = mkOption { + type = types.nullOr types.port; + default = null; + example = 8080; + description = "Port to serve the app"; + }; + + passwordFile = mkOption { + type = types.nullOr types.path; + default = null; + description = "See NixOS module description"; + }; + }; + + config = mkIf cfg.enable { + services.microbin = { + enable = true; + settings = { + MICROBIN_PORT = cfg.privatePort; + MICROBIN_BIND = "127.0.0.1"; + MICROBIN_PUBLIC_PATH = "https://drop.${domain}/"; + MICROBIN_READONLY = true; + MICROBIN_ENABLE_BURN_AFTER = true; + MICROBIN_ENABLE_READONLY = true; + MICROBIN_HIGHLIGHTSYNTAX = true; + MICROBIN_PRIVATE = true; + MICROBIN_THREADS = 2; + MICROBIN_GC_DAYS = 0; # turn off GC + MICROBIN_QR = true; + MICROBIN_ETERNAL_PASTA = true; + MICROBIN_DEFAULT_EXPIRY = "1week"; + MICROBIN_DISABLE_TELEMETRY = true; + }; + passwordFile = cfg.passwordFile; + }; + + my.services.restic-backup = { + paths = [ + config.services.microbin.dataDir + ]; + }; + + services.nginx = { + virtualHosts = { + "drop.${domain}" = { + forceSSL = true; + useACMEHost = fqdn; + + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.privatePort}"; + }; + }; + }; + }; + + security.acme.certs.${fqdn}.extraDomainNames = ["drop.${domain}"]; + }; +}