commit f68685dc7059e31dcd58135137f601cbd881c30a
author Samuel Shuert <coded@clicks.codes> Sat Oct 28 20:07:56 2023 -0400
committer Skyler Grey <minion@clicks.codes> Thu Nov 16 22:53:33 2023 +0000
tree abc11f485cd945c6539adb2e8b4867b6565a4f1b
parent 8faa2562e0499d7aa68b7a4c2c9e6ad11353567e

Move all flakes into modules/ and sep't, create deploy script for a1d2

Change-Id: Ie4d50fb8f16da193195beb139922a366b72b0b0a

modules/common/privatebin.nix

diff --git a/modules/common/privatebin.nix b/modules/common/privatebin.nix
new file mode 100644
index 0000000..eece255
--- /dev/null
+++ b/modules/common/privatebin.nix
@@ -0,0 +1,77 @@
+{ config, lib, base, ... }:
+lib.recursiveUpdate {
+  services.nginx.virtualHosts.privatebin = {
+    serverName = lib.mkForce "privatebin.clicks.codes";
+    enableACME = lib.mkForce true;
+    forceSSL = lib.mkForce true;
+  };
+  services.privatebin = {
+    enable = true;
+    settings = {
+      main = {
+        name = "Clicks Minute Paste";
+        basepath = "https://privatebin.clicks.codes/";
+        opendiscussion = true;
+        fileupload = true;
+
+        defaultformatter = "syntaxhighlighting";
+        syntaxhighlightingtheme = "sons-of-obsidian";
+        template = "bootstrap-dark";
+
+        info = ''
+          Powered by <a href="https://privatebin.info/">PrivateBin</a>. Provided as a service free-of-charge by Clicks. Come chat with us <a href="https://matrix.to/#/#global:coded.codes"> on Matrix</a>'';
+        notice =
+          "This service has no guarantee of uptime, and pastes are not backed up. If you need somewhere to host the last words of your wise old grandfather for time immemorial this is not the place.";
+
+        langaugeselection = true;
+      };
+
+      expire.default = "1month";
+
+      nginx.forceSSL = lib.mkForce true;
+
+      expire_options = {
+        "5min" = 300;
+        "10min" = 600;
+        "1hour" = 3600;
+        "1day" = 86400;
+        "1week" = 604800;
+        "1month" = 2592000;
+      };
+
+      formatter_options = {
+        syntaxhighlighting = "Source Code";
+        markdown = "Markdown";
+        plaintext = "Plain Text";
+      };
+
+      traffic = {
+        exempted =
+          "10.0.0.0/8,127.0.0.0/8,169.254.0.0/16,172.16.0.0/12,192.168.0.0/16";
+      };
+
+      model.class = "Database";
+      model_options = {
+        dsn = "pgsql:host=localhost;dbname=privatebin";
+        tbl = "privatebin";
+        usr = "privatebin";
+        pwd._env = "PRIVATEBIN_DB_PASSWORD";
+      };
+    };
+  };
+} (if base != null then {
+  services.privatebin.environmentFiles =
+    [ config.scalpel.trafos."privatebin.env".destination ];
+
+  scalpel.trafos."privatebin.env" = {
+    source = builtins.toFile "privatebin.env" ''
+      PRIVATEBIN_DB_PASSWORD=!!privatebin_db_password!!
+    '';
+    matchers."privatebin_db_password".secret =
+      config.sops.secrets.clicks_privatebin_db_password.path;
+    owner = config.users.users.privatebin.name;
+    group = config.users.users.privatebin.group;
+    mode = "0400";
+  };
+} else
+  { })