satellite/hosts/nixos/lapetus/services/microbin.nix

{ config, lib, ... }:
let
  port = 8418;
  host = "bin.moonythm.dev";
in
{
  imports = [ ./cloudflared.nix ];

  sops.secrets.microbin_env.sopsFile = ../secrets.yaml;

  services.cloudflared.tunnels =
    config.satellite.cloudflared.proxy host;
  services.nginx.virtualHosts.${host} =
    config.satellite.proxy port { } // { forceSSL = false; };

  services.microbin = {
    enable = true;
    dataDir = "/var/lib/microbin";
    passwordFile = config.sops.secrets.microbin_env.path;

    # {{{ Settings
    settings = {
      # High level settings
      MICROBIN_ADMIN_USERNAME = "prescientmoon";
      MICROBIN_PORT = toString port;
      MICROBIN_PUBLIC_PATH = "https://bin.moonythm.dev/";
      MICROBIN_DISABLE_TELEMETRY = "true";
      MICROBIN_DISABLE_UPDATE_CHECKING = "true";

      # Toggle certain features
      MICROBIN_READONLY = "true"; # Requires a password to upload
      MICROBIN_QR = "true"; # Allows generating qr codes
      MICROBIN_EDITABLE = "true";
      MICROBIN_HIGHLIGHTSYNTAX = "true";
      MICROBIN_SHOW_READ_STATS = "true";
      MICROBIN_ENABLE_BURN_AFTER = "true";
      MICROBIN_ENABLE_READONLY = "true";
      MICROBIN_ETERNAL_PASTA = "true";

      # Make UI more minimal
      # MICROBIN_HIDE_FOOTER = "true";
      # MICROBIN_HIDE_HEADER = "true";
      # MICROBIN_HIDE_LOGO = "true";
    };
    # }}}
  };

  systemd.services.microbin.serviceConfig = {
    # We want to use systemd's `StateDirectory` mechanism to fix permissions
    ReadWritePaths = lib.mkForce [ ];
  };

  environment.persistence."/persist/state".directories = [ "/var/lib/private/microbin" ];
}
Try to fix microbin permissions 2024-05-09 16:08:29 +02:00			`{ config, lib, ... }:`
Attempt to use cloudflare tunnel through nginx 2024-05-10 19:43:00 +02:00			`let`
			`port = 8418;`
			`host = "bin.moonythm.dev";`
Set up microbin 2024-05-09 15:20:03 +02:00			`in`
			`{`
			`imports = [ ./cloudflared.nix ];`

			`sops.secrets.microbin_env.sopsFile = ../secrets.yaml;`
Attempt to use cloudflare tunnel through nginx 2024-05-10 19:43:00 +02:00
Set up microbin 2024-05-09 15:20:03 +02:00			`services.cloudflared.tunnels =`
Attempt to use cloudflare tunnel through nginx 2024-05-10 19:43:00 +02:00			`config.satellite.cloudflared.proxy host;`
			`services.nginx.virtualHosts.${host} =`
Tell nginx not to force ssl for cloudflare tunnel 2024-05-10 19:58:08 +02:00			`config.satellite.proxy port { } // { forceSSL = false; };`
Set up microbin 2024-05-09 15:20:03 +02:00
			`services.microbin = {`
			`enable = true;`
Try to fix microbin permissions 2024-05-09 16:08:29 +02:00			`dataDir = "/var/lib/microbin";`
Configure env file for microbin 2024-05-09 16:42:11 +02:00			`passwordFile = config.sops.secrets.microbin_env.path;`
Set up tmpfile rule for creating microbin data directory Also update the dns file 2024-05-09 15:29:18 +02:00
			`# {{{ Settings`
Set up microbin 2024-05-09 15:20:03 +02:00			`settings = {`
			`# High level settings`
			`MICROBIN_ADMIN_USERNAME = "prescientmoon";`
			`MICROBIN_PORT = toString port;`
Add more explicit microbin config options 2024-05-09 17:07:54 +02:00			`MICROBIN_PUBLIC_PATH = "https://bin.moonythm.dev/";`
Set up microbin 2024-05-09 15:20:03 +02:00			`MICROBIN_DISABLE_TELEMETRY = "true";`
Add more explicit microbin config options 2024-05-09 17:07:54 +02:00			`MICROBIN_DISABLE_UPDATE_CHECKING = "true";`
Set up microbin 2024-05-09 15:20:03 +02:00
			`# Toggle certain features`
			`MICROBIN_READONLY = "true"; # Requires a password to upload`
			`MICROBIN_QR = "true"; # Allows generating qr codes`
Add more explicit microbin config options 2024-05-09 17:07:54 +02:00			`MICROBIN_EDITABLE = "true";`
			`MICROBIN_HIGHLIGHTSYNTAX = "true";`
			`MICROBIN_SHOW_READ_STATS = "true";`
			`MICROBIN_ENABLE_BURN_AFTER = "true";`
			`MICROBIN_ENABLE_READONLY = "true";`
			`MICROBIN_ETERNAL_PASTA = "true";`
Set up microbin 2024-05-09 15:20:03 +02:00
			`# Make UI more minimal`
Make microbin less minimalist for debugging 2024-05-09 16:56:50 +02:00			`# MICROBIN_HIDE_FOOTER = "true";`
			`# MICROBIN_HIDE_HEADER = "true";`
			`# MICROBIN_HIDE_LOGO = "true";`
Set up microbin 2024-05-09 15:20:03 +02:00			`};`
Set up tmpfile rule for creating microbin data directory Also update the dns file 2024-05-09 15:29:18 +02:00			`# }}}`
Set up microbin 2024-05-09 15:20:03 +02:00			`};`
Set up tmpfile rule for creating microbin data directory Also update the dns file 2024-05-09 15:29:18 +02:00
Try to fix microbin permissions 2024-05-09 16:08:29 +02:00			`systemd.services.microbin.serviceConfig = {`
			# We want to use systemd's `StateDirectory` mechanism to fix permissions
			`ReadWritePaths = lib.mkForce [ ];`
			`};`

Small tweak to microbin paths 2024-05-09 16:25:42 +02:00			`environment.persistence."/persist/state".directories = [ "/var/lib/private/microbin" ];`
Set up microbin 2024-05-09 15:20:03 +02:00			`}`