defiant: add microbin

2024-02-21 22:54:34 +01:00
parent 211a2fde3c
commit 01825ab00d
3 changed files with 52 additions and 2 deletions
--- a/hosts/defiant/configuration.nix
+++ b/hosts/defiant/configuration.nix
@@ -21,6 +21,7 @@
      ./services/home-assistant.nix
      ./services/matrix
      ./services/metrics
+      ./services/microbin.nix
      ./services/minecraft.nix
      ./services/vaultwarden.nix
  ];
--- a/hosts/defiant/services/microbin.nix
+++ b/hosts/defiant/services/microbin.nix
@@ -0,0 +1,47 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.microbin;
+  domain = "p.feal.no";
+  address = "127.0.1.2";
+  max_upload_mb = 1024;
+  port = 5006;
+in {
+
+  services.microbin = {
+    enable = true;
+    passwordFile = config.sops.secrets."microbin/secrets".path;
+    settings = {
+      MICROBIN_BIND = address;
+      MICROBIN_DISABLE_TELEMETRY = true;
+      MICROBIN_ENABLE_BURN_AFTER = true;
+      MICROBIN_ETERNAL_PASTA = true;
+      MICROBIN_FOOTER_TEXT = "Be nice or go away";
+      MICROBIN_MAX_FILE_SIZE_ENCRYPTED_MB = max_upload_mb;
+      MICROBIN_MAX_FILE_SIZE_UNENCRYPTED_MB = max_upload_mb;
+      MICROBIN_PORT = port;
+      MICROBIN_PUBLIC_PATH = "https://${domain}/";
+      MICROBIN_QR = true;
+      MICROBIN_TITLE = "felixalbs pasta collection";
+    };
+  };
+
+  sops.secrets."microbin/secrets" = { };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+
+    listen = [
+      { addr = "192.168.10.175"; port = 43443; ssl = true; }
+      { addr = "192.168.10.175"; port = 43080; ssl = false; }
+    ];
+
+    extraConfig = ''
+      client_max_body_size ${toString max_upload_mb}M;
+    '';
+
+    locations."/" = {
+      proxyPass = "http://${address}:${toString port}";
+    };
+  };
+}