2024-05-09 16:08:29 +02:00
|
|
|
{ config, lib, ... }:
|
2024-05-10 19:43:00 +02:00
|
|
|
let
|
|
|
|
port = 8418;
|
|
|
|
host = "bin.moonythm.dev";
|
2024-05-09 15:20:03 +02:00
|
|
|
in
|
|
|
|
{
|
|
|
|
imports = [ ./cloudflared.nix ];
|
|
|
|
|
|
|
|
sops.secrets.microbin_env.sopsFile = ../secrets.yaml;
|
2024-05-10 19:43:00 +02:00
|
|
|
|
2024-05-09 15:20:03 +02:00
|
|
|
services.cloudflared.tunnels =
|
2024-05-10 19:43:00 +02:00
|
|
|
config.satellite.cloudflared.proxy host;
|
|
|
|
services.nginx.virtualHosts.${host} =
|
2024-05-10 19:58:08 +02:00
|
|
|
config.satellite.proxy port { } // { forceSSL = false; };
|
2024-05-09 15:20:03 +02:00
|
|
|
|
|
|
|
services.microbin = {
|
|
|
|
enable = true;
|
2024-05-09 16:08:29 +02:00
|
|
|
dataDir = "/var/lib/microbin";
|
2024-05-09 16:42:11 +02:00
|
|
|
passwordFile = config.sops.secrets.microbin_env.path;
|
2024-05-09 15:29:18 +02:00
|
|
|
|
|
|
|
# {{{ Settings
|
2024-05-09 15:20:03 +02:00
|
|
|
settings = {
|
|
|
|
# High level settings
|
|
|
|
MICROBIN_ADMIN_USERNAME = "prescientmoon";
|
|
|
|
MICROBIN_PORT = toString port;
|
2024-05-09 17:07:54 +02:00
|
|
|
MICROBIN_PUBLIC_PATH = "https://bin.moonythm.dev/";
|
2024-05-10 20:23:50 +02:00
|
|
|
MICROBIN_DEFAULT_EXPIRY = "1week";
|
|
|
|
|
|
|
|
# Disable online features
|
2024-05-09 15:20:03 +02:00
|
|
|
MICROBIN_DISABLE_TELEMETRY = "true";
|
2024-05-09 17:07:54 +02:00
|
|
|
MICROBIN_DISABLE_UPDATE_CHECKING = "true";
|
2024-05-09 15:20:03 +02:00
|
|
|
|
2024-05-10 20:23:50 +02:00
|
|
|
# Enable features
|
2024-05-09 17:07:54 +02:00
|
|
|
MICROBIN_HIGHLIGHTSYNTAX = "true";
|
2024-05-10 20:23:50 +02:00
|
|
|
MICROBIN_QR = "true";
|
|
|
|
MICROBIN_READONLY = "true"; # Requires a password for uploads
|
|
|
|
|
|
|
|
# Disable unwanted features
|
|
|
|
MICROBIN_EDITABLE = "false";
|
2024-05-10 20:10:34 +02:00
|
|
|
MICROBIN_ENABLE_BURN_AFTER = "false";
|
|
|
|
MICROBIN_ENABLE_READONLY = "false";
|
|
|
|
MICROBIN_ETERNAL_PASTA = "false";
|
2024-05-10 20:23:50 +02:00
|
|
|
MICROBIN_SHOW_READ_STATS = "false";
|
2024-05-09 15:20:03 +02:00
|
|
|
|
|
|
|
# Make UI more minimal
|
2024-05-10 20:10:34 +02:00
|
|
|
MICROBIN_HIDE_FOOTER = "true";
|
|
|
|
MICROBIN_HIDE_HEADER = "true";
|
|
|
|
MICROBIN_HIDE_LOGO = "true";
|
2024-05-09 15:20:03 +02:00
|
|
|
};
|
2024-05-09 15:29:18 +02:00
|
|
|
# }}}
|
2024-05-09 15:20:03 +02:00
|
|
|
};
|
2024-05-09 15:29:18 +02:00
|
|
|
|
2024-05-09 16:08:29 +02:00
|
|
|
systemd.services.microbin.serviceConfig = {
|
|
|
|
# We want to use systemd's `StateDirectory` mechanism to fix permissions
|
|
|
|
ReadWritePaths = lib.mkForce [ ];
|
|
|
|
};
|
|
|
|
|
2024-05-09 16:25:42 +02:00
|
|
|
environment.persistence."/persist/state".directories = [ "/var/lib/private/microbin" ];
|
2024-05-09 15:20:03 +02:00
|
|
|
}
|