services: setup microbin service
This commit is contained in:
parent
172ca43383
commit
b16e7b17e5
|
@ -76,6 +76,12 @@ in {
|
|||
secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path;
|
||||
};
|
||||
|
||||
microbin = {
|
||||
enable = true;
|
||||
privatePort = 8088;
|
||||
passwordFile = config.age.secrets."microbin/secret-config".path;
|
||||
};
|
||||
|
||||
miniflux = {
|
||||
enable = true;
|
||||
adminCredentialsFile = config.age.secrets."miniflux/admin-credentials".path;
|
||||
|
|
|
@ -21,6 +21,8 @@
|
|||
owner = "matrix-synapse";
|
||||
};
|
||||
|
||||
"microbin/secret-config" = {};
|
||||
|
||||
"miniflux/admin-credentials" = {};
|
||||
|
||||
"nextcloud/admin-pass" = {
|
||||
|
|
BIN
modules/secrets/microbin/secret-config.age
Normal file
BIN
modules/secrets/microbin/secret-config.age
Normal file
Binary file not shown.
|
@ -18,6 +18,8 @@ in {
|
|||
|
||||
"matrix-synapse/secret-config.age".publicKeys = [alarsyo hades];
|
||||
|
||||
"microbin/secret-config.age".publicKeys = [alarsyo hades];
|
||||
|
||||
"miniflux/admin-credentials.age".publicKeys = [alarsyo hades];
|
||||
|
||||
"nextcloud/admin-pass.age".publicKeys = [alarsyo hades];
|
||||
|
|
78
services/microbin.nix
Normal file
78
services/microbin.nix
Normal file
|
@ -0,0 +1,78 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
inherit
|
||||
(lib)
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
;
|
||||
|
||||
cfg = config.my.services.microbin;
|
||||
|
||||
domain = config.networking.domain;
|
||||
hostname = config.networking.hostName;
|
||||
fqdn = "${hostname}.${domain}";
|
||||
in {
|
||||
options.my.services.microbin = let
|
||||
inherit (lib) types;
|
||||
in {
|
||||
enable = mkEnableOption "MicroBin file sharing app";
|
||||
|
||||
privatePort = mkOption {
|
||||
type = types.nullOr types.port;
|
||||
default = null;
|
||||
example = 8080;
|
||||
description = "Port to serve the app";
|
||||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
description = "See NixOS module description";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
services.microbin = {
|
||||
enable = true;
|
||||
settings = {
|
||||
MICROBIN_PORT = cfg.privatePort;
|
||||
MICROBIN_BIND = "127.0.0.1";
|
||||
MICROBIN_PUBLIC_PATH = "https://drop.${domain}/";
|
||||
MICROBIN_READONLY = true;
|
||||
MICROBIN_THREADS = 2;
|
||||
MICROBIN_GC_DAYS = 0; # turn off GC
|
||||
MICROBIN_QR = true;
|
||||
MICROBIN_ETERNAL_PASTA = true;
|
||||
MICROBIN_DEFAULT_EXPIRY = "1week";
|
||||
MICROBIN_DISABLE_TELEMETRY = true;
|
||||
};
|
||||
passwordFile = cfg.passwordFile;
|
||||
};
|
||||
|
||||
my.services.restic-backup = {
|
||||
paths = [
|
||||
config.services.microbin.dataDir
|
||||
];
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"drop.${domain}" = {
|
||||
forceSSL = true;
|
||||
useACMEHost = fqdn;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString cfg.privatePort}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.acme.certs.${fqdn}.extraDomainNames = ["drop.${domain}"];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue