modules/nixos/services/privatebin/default.nix at 34b52e7441fca0a538e34192485abb92e5df0322 · aylac.top/nixcfg-own-knot

this repo has no description
nixcfg-own-knot / modules / nixos / services / privatebin / default.nix
at 34b52e7441fca0a538e34192485abb92e5df0322 2.6 kB view raw
 1{
 2  config,
 3  lib,
 4  pkgs,
 5  ...
 6}: let
 7  name = "privatebin";
 8  cfg = config.myNixOS.services.${name};
 9
10  network = config.mySnippets.aylac-top;
11  service = network.networkMap.${name};
12
13  package = pkgs.privatebin-ayla;
14in {
15  options.myNixOS.services.${name} = {
16    enable = lib.mkEnableOption "${name} server";
17    autoProxy = lib.mkOption {
18      default = true;
19      example = false;
20      description = "${name} auto proxy";
21      type = lib.types.bool;
22    };
23  };
24
25  config = lib.mkIf cfg.enable {
26    services = {
27      cloudflared.tunnels."${network.cloudflareTunnel}".ingress = lib.mkIf cfg.autoProxy {
28        "${service.vHost}" = "http://localhost:${toString service.port}";
29      };
30
31      nginx = {
32        enable = true;
33        recommendedTlsSettings = lib.mkDefault true;
34        recommendedOptimisation = lib.mkDefault true;
35        recommendedGzipSettings = lib.mkDefault true;
36        virtualHosts."${config.services.privatebin.virtualHost}" = {
37          root = "${package}";
38          locations = {
39            "/" = {
40              tryFiles = "$uri $uri/ /index.php?$query_string";
41              index = "index.php";
42              extraConfig = ''
43                sendfile off;
44              '';
45            };
46            "~ \\.php$" = {
47              extraConfig = ''
48                include ${config.services.nginx.package}/conf/fastcgi_params ;
49                fastcgi_param SCRIPT_FILENAME $request_filename;
50                fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
51                fastcgi_pass unix:${config.services.phpfpm.pools.privatebin.socket};
52              '';
53            };
54          };
55          listen = [
56            {
57              addr = "localhost";
58              inherit (service) port;
59            }
60          ];
61        };
62      };
63
64      privatebin = {
65        inherit package;
66        enable = true;
67        group = "nginx";
68        settings = {
69          main = {
70            name = "ayla's trashbin";
71            basepath = "https://${service.vHost}/";
72            discussion = true;
73            opendiscussion = false;
74            discussiondatedisplay = true;
75            password = true;
76            fileupload = true;
77            burnafterreadingselected = false;
78            defaultformatter = "plaintext";
79            syntaxhighlightingtheme = "sons-of-obsidian";
80            qrcode = true;
81            template = "bootstrap-dark";
82          };
83          model.class = "Filesystem";
84          model_options.dir = "/var/lib/privatebin/data";
85        };
86      };
87    };
88  };
89}