nixos/privatebin: init module & privatebin: init at 1.7.4 (#344014) (2199b69a) · Commits · mdf / nixpkgs

nixos/doc/manual/release-notes/rl-2411.section.md

+2 −0

Original line number	Diff line number	Diff line
		@@ -73,6 +73,8 @@

		- [Goatcounter](https://www.goatcounter.com/), Easy web analytics. No tracking of personal data. Available as [services.goatcounter](options.html#opt-services.goatcocunter.enable).

		- [Privatebin](https://github.com/PrivateBin/PrivateBin/), A minimalist, open source online pastebin where the server has zero knowledge of pasted data. Available as [services.privatebin](#opt-services.privatebin.enable)

		- [UWSM](https://github.com/Vladimir-csp/uwsm), a wayland session manager to wrap Wayland Compositors into useful systemd units such as `graphical-session.target`. Available as [programs.uwsm](#opt-programs.uwsm.enable).

		- [Open-WebUI](https://github.com/open-webui/open-webui), a user-friendly WebUI

nixos/modules/module-list.nix

+1 −0

Original line number	Diff line number	Diff line
		@@ -1489,6 +1489,7 @@
		./services/web-apps/powerdns-admin.nix
		./services/web-apps/pretalx.nix
		./services/web-apps/pretix.nix
		./services/web-apps/privatebin.nix
		./services/web-apps/prosody-filer.nix
		./services/web-apps/rimgo.nix
		./services/web-apps/rutorrent.nix

nixos/modules/services/web-apps/privatebin.nix

0 → 100644

+228 −0

Original line number	Diff line number	Diff line
		{
		pkgs,
		config,
		lib,
		...
		}:

		let
		cfg = config.services.privatebin;

		customToINI = lib.generators.toINI {
		mkKeyValue = lib.generators.mkKeyValueDefault {
		mkValueString =
		v:
		if v == true then
		''true''
		else if v == false then
		''false''
		else if builtins.isInt v then
		''${builtins.toString v}''
		else if builtins.isPath v then
		''"${builtins.toString v}"''
		else if builtins.isString v then
		''"${v}"''
		else
		lib.generators.mkValueStringDefault { } v;
		} "=";
		};

		privatebinSettings = pkgs.writeTextDir "conf.php" (customToINI cfg.settings);

		user = cfg.user;
		group = cfg.group;

		defaultUser = "privatebin";
		defaultGroup = "privatebin";

		in
		{

		options.services.privatebin = {

		enable = lib.mkEnableOption "Privatebin: A minimalist, open source online
		pastebin where the server has zero knowledge of pasted data.";

		user = lib.mkOption {
		type = lib.types.str;
		default = defaultUser;
		description = "User account under which privatebin runs.";
		};

		group = lib.mkOption {
		type = lib.types.str;
		default = if cfg.enableNginx then "nginx" else defaultGroup;
		defaultText = "If `services.privatebin.enableNginx` is true then `nginx` else ${defaultGroup}";
		description = ''
		Group under which privatebin runs. It is best to set this to the group
		of whatever webserver is being used as the frontend.
		'';
		};

		dataDir = lib.mkOption {
		type = lib.types.path;
		default = "/var/lib/privatebin";
		description = ''
		The place where privatebin stores its state.
		'';
		};

		package = lib.mkPackageOption pkgs "privatebin" { };

		enableNginx = lib.mkOption {
		type = lib.types.bool;
		default = false;
		description = ''
		Whether to enable nginx or not. If enabled, an nginx virtual host will
		be created for access to firefly-iii. If not enabled, then you may use
		`''${config.services.firefly-iii.package}` as your document root in
		whichever webserver you wish to setup.
		'';
		};

		virtualHost = lib.mkOption {
		type = lib.types.str;
		default = "localhost";
		description = ''
		The hostname at which you wish privatebin to be served. If you have
		enabled nginx using `services.privatebin.enableNginx` then this will
		be used.
		'';
		};

		poolConfig = lib.mkOption {
		type = lib.types.attrsOf (
		lib.types.oneOf [
		lib.types.str
		lib.types.int
		lib.types.bool
		]
		);
		defaultText = lib.literalExpression ''
		{
		"pm" = "dynamic";
		"pm.max_children" = 32;
		"pm.start_servers" = 2;
		"pm.min_spare_servers" = 2;
		"pm.max_spare_servers" = 4;
		"pm.max_requests" = 500;
		}
		'';
		default = { };
		description = ''
		Options for the PrivateBin PHP pool. See the documentation on <literal>php-fpm.conf</literal>
		for details on configuration directives.
		'';
		};

		settings = lib.mkOption {
		default = { };
		description = ''
		Options for privatebin configuration. Refer to
		<https://github.com/PrivateBin/PrivateBin/wiki/Configuration> for
		details on supported values.
		'';
		example = lib.literalExpression ''
		{
		main = {
		name = "NixOS Based Privatebin";
		discussion = false;
		defaultformatter = "plalib.types.intext";
		qrcode = true
		};
		model.class = "Filesystem";
		model_options.dir = "/var/lib/privatebin/data";
		}
		'';
		type = lib.types.submodule { freeformType = lib.types.attrsOf lib.types.anything; };
		};
		};

		config = lib.mkIf cfg.enable {

		services.privatebin.settings = {
		main = lib.mkDefault { };
		model.class = lib.mkDefault "Filesystem";
		model_options.dir = lib.mkDefault "${cfg.dataDir}/data";
		purge.dir = lib.mkDefault "${cfg.dataDir}/purge";
		traffic = {
		dir = lib.mkDefault "${cfg.dataDir}/traffic";
		header = "X_FORWARDED_FOR";
		};
		};

		services.phpfpm.pools.privatebin = {
		inherit user group;
		phpPackage = pkgs.php83;
		phpOptions = ''
		log_errors = on
		'';
		settings = {
		"listen.mode" = lib.mkDefault "0660";
		"listen.owner" = lib.mkDefault user;
		"listen.group" = lib.mkDefault group;
		"pm" = lib.mkDefault "dynamic";
		"pm.max_children" = lib.mkDefault 32;
		"pm.start_servers" = lib.mkDefault 2;
		"pm.min_spare_servers" = lib.mkDefault 2;
		"pm.max_spare_servers" = lib.mkDefault 4;
		"pm.max_requests" = lib.mkDefault 500;
		};
		phpEnv.CONFIG_PATH = lib.strings.removeSuffix "/conf.php" (builtins.toString privatebinSettings);
		};

		services.nginx = lib.mkIf cfg.enableNginx {
		enable = true;
		recommendedTlsSettings = lib.mkDefault true;
		recommendedOptimisation = lib.mkDefault true;
		recommendedGzipSettings = lib.mkDefault true;
		virtualHosts.${cfg.virtualHost} = {
		root = "${cfg.package}";
		locations = {
		"/" = {
		tryFiles = "$uri $uri/ /index.php?$query_string";
		index = "index.php";
		extraConfig = ''
		sendfile off;
		'';
		};
		"~ \.php$" = {
		extraConfig = ''
		include ${config.services.nginx.package}/conf/fastcgi_params ;
		fastcgi_param SCRIPT_FILENAME $request_filename;
		fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
		fastcgi_pass unix:${config.services.phpfpm.pools.privatebin.socket};
		'';
		};
		};
		};
		};

		systemd.tmpfiles.settings."10-privatebin" =
		lib.attrsets.genAttrs
		[
		"${cfg.dataDir}/data"
		"${cfg.dataDir}/traffic"
		"${cfg.dataDir}/purge"
		]
		(n: {
		d = {
		group = group;
		mode = "0750";
		user = user;
		};
		});

		users = {
		users = lib.mkIf (user == defaultUser) {
		${defaultUser} = {
		description = "Privatebin service user";
		inherit group;
		isSystemUser = true;
		home = cfg.dataDir;
		};
		};
		groups = lib.mkIf (group == defaultGroup) { ${defaultGroup} = { }; };
		};
		};
		}

nixos/tests/all-tests.nix

+1 −0

Original line number	Diff line number	Diff line
		@@ -825,6 +825,7 @@ in {
		printing-socket = handleTest ./printing.nix { socket = true; };
		printing-service = handleTest ./printing.nix { socket = false; };
		private-gpt = handleTest ./private-gpt.nix {};
		privatebin = runTest ./privatebin.nix;
		privoxy = handleTest ./privoxy.nix {};
		prometheus = handleTest ./prometheus {};
		prometheus-exporters = handleTest ./prometheus-exporters.nix {};

nixos/tests/privatebin.nix

0 → 100644

+21 −0

Original line number	Diff line number	Diff line
		{ lib, ... }:

		{
		name = "privatebin";
		meta.maintainers = [ lib.maintainers.savyajha ];

		nodes.dataImporter =
		{ ... }:
		{
		services.privatebin = {
		enable = true;
		enableNginx = true;
		};
		};

		testScript = ''
		dataImporter.wait_for_unit("phpfpm-privatebin.service")
		dataImporter.wait_for_unit("nginx.service")
		dataImporter.succeed("curl -fvvv -Ls http://localhost/ \| grep 'PrivateBin'")
		'';
		}