Unverified Commit 7f797a69 authored by Pablo Ovelleiro Corral's avatar Pablo Ovelleiro Corral Committed by GitHub
Browse files

wastebin: init at 2.4.3 (#287455) 

* wastebin: init at 2.4.3

* nixos/wastebin: init

Add module and test for wastebin
parent dbe57759

nixos/doc/manual/release-notes/rl-2405.section.md

+2 −0
Original line number Diff line number Diff line
@@ -140,6 +140,8 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m 


- [systemd-lock-handler](https://git.sr.ht/~whynothugo/systemd-lock-handler/), a bridge between logind D-Bus events and systemd targets. Available as [services.systemd-lock-handler.enable](#opt-services.systemd-lock-handler.enable).



- [wastebin](https://github.com/matze/wastebin), a pastebin server written in rust. Available as [services.wastebin](#opt-services.wastebin.enable).



- [Mealie](https://nightly.mealie.io/), a self-hosted recipe manager and meal planner with a RestAPI backend and a reactive frontend application built in NuxtJS for a pleasant user experience for the whole family. Available as [services.mealie](#opt-services.mealie.enable)



- [Uni-Sync](https://github.com/EightB1ts/uni-sync), a synchronization tool for Lian Li Uni Controllers. Available as [hardware.uni-sync](#opt-hardware.uni-sync.enable)

nixos/modules/module-list.nix

+1 −0
Original line number Diff line number Diff line
@@ -799,6 +799,7 @@ 
  ./services/misc/transfer-sh.nix

  ./services/misc/tzupdate.nix

  ./services/misc/uhub.nix

  ./services/misc/wastebin.nix

  ./services/misc/weechat.nix

  ./services/misc/workout-tracker.nix

  ./services/misc/xmr-stak.nix

nixos/modules/services/misc/wastebin.nix

0 → 100644
+158 −0
Original line number Diff line number Diff line 
{ config, lib, pkgs, ... }:



let

  cfg = config.services.wastebin;

  inherit (lib)

    mkEnableOption mkPackageOption mkIf mkOption

    types mapAttrs isBool getExe boolToString optionalAttrs;

in

{



  options.services.wastebin = {



    enable = mkEnableOption "Wastenbin pastebin service";



    package = mkPackageOption pkgs "wastebin" { };



    stateDir = mkOption {

      type = types.path;

      default = "/var/lib/wastebin";

      description = "State directory of the daemon.";

    };



    secretFile = mkOption {

      type = types.nullOr types.path;

      default = null;

      example = "/run/secrets/wastebin.env";

      description = ''

        Path to file containing sensitive environment variables.

        Some variables that can be considered secrets are:



        - WASTEBIN_PASSWORD_SALT:

          salt used to hash user passwords used for encrypting pastes.



        - WASTEBIN_SIGNING_KEY:

          sets the key to sign cookies. If not set, a random key will be

          generated which means cookies will become invalid after restarts and

          paste creators will not be able to delete their pastes anymore.

      '';

    };



    settings = mkOption {



      description = ''

        Additional configuration for wastebin, see

        <https://github.com/matze/wastebin#usage> for supported values.

        For secrets use secretFile option instead.

      '';



      type = types.submodule {



        freeformType = with types; attrsOf (oneOf [ bool int str ]);



        options = {



          WASTEBIN_ADDRESS_PORT = mkOption {

            type = types.str;

            default = "0.0.0.0:8088";

            description = "Address and port to bind to";

          };



          WASTEBIN_BASE_URL = mkOption {

            default = "http://localhost";

            example = "https://myhost.tld";

            type = types.str;

            description = ''

              Base URL for the QR code display. If not set, the user agent's Host

              header field is used as an approximation.

            '';

          };



          WASTEBIN_CACHE_SIZE = mkOption {

            default = 128;

            type = types.int;

            description = "Number of rendered syntax highlight items to cache. Can be disabled by setting to 0.";

          };



          WASTEBIN_DATABASE_PATH = mkOption {

            default = "/var/lib/wastebin/sqlite3.db"; # TODO make this default to stateDir/sqlite3.db

            type = types.str;

            description = "Path to the sqlite3 database file. If not set, an in-memory database is used.";

          };



          WASTEBIN_HTTP_TIMEOUT = mkOption {

            default = 5;

            type = types.int;

            description = "Maximum number of seconds a request can be processed until wastebin responds with 408";

          };



          WASTEBIN_MAX_BODY_SIZE = mkOption {

            default = 1024;

            type = types.int;

            description = "Number of bytes to accept for POST requests";

          };



          WASTEBIN_TITLE = mkOption {

            default = "wastebin";

            type = types.str;

            description = "Overrides the HTML page title";

          };



          RUST_LOG = mkOption {

            default = "info";

            type = types.str;

            description =

              ''

                Influences logging. Besides the typical trace, debug, info etc.

                keys, you can also set the tower_http key to some log level to get

                additional information request and response logs.

              '';

          };

        };

      };



      default = { };



      example = {

        WASTEBIN_TITLE = "My awesome pastebin";

      };

    };

  };



  config = mkIf cfg.enable

    {

      systemd.services.wastebin = {

        after = [ "network.target" ];

        wantedBy = [ "multi-user.target" ];

        environment = mapAttrs (_: v: if isBool v then boolToString v else toString v) cfg.settings;

        serviceConfig = {

          CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];

          DevicePolicy = "closed";

          DynamicUser = true;

          ExecStart = "${getExe cfg.package}";

          LockPersonality = true;

          MemoryDenyWriteExecute = true;

          PrivateDevices = true;

          PrivateUsers = true;

          ProtectClock = true;

          ProtectControlGroups = true;

          ProtectHostname = true;

          ProtectKernelLogs = true;

          ProtectKernelModules = true;

          ProtectKernelTunables = true;

          ProtectProc = "invisible";

          RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];

          RestrictNamespaces = true;

          RestrictRealtime = true;

          SystemCallArchitectures = [ "native" ];

          SystemCallFilter = [ "@system-service" ];

          StateDirectory = baseNameOf cfg.stateDir;

          ReadWritePaths = cfg.stateDir;

        } // optionalAttrs (cfg.secretFile != null) {

          EnvironmentFile = cfg.secretFile;

        };

      };

    };



  meta.maintainers = with lib.maintainers; [ pinpox ];

}

nixos/tests/all-tests.nix

+1 −0
Original line number Diff line number Diff line
@@ -985,6 +985,7 @@ in { 
  vsftpd = handleTest ./vsftpd.nix {};

  warzone2100 = handleTest ./warzone2100.nix {};

  wasabibackend = handleTest ./wasabibackend.nix {};

  wastebin = handleTest ./wastebin.nix {};

  watchdogd = handleTest ./watchdogd.nix {};

  webhook = runTest ./webhook.nix;

  wiki-js = handleTest ./wiki-js.nix {};

nixos/tests/wastebin.nix

0 → 100644
+19 −0
Original line number Diff line number Diff line 
import ./make-test-python.nix ({ pkgs, lib, ... }: {

  name = "wastebin";



  meta = {

    maintainers = with lib.maintainers; [ pinpox ];

  };



  nodes.machine = { pkgs, ... }: {

    services.wastebin = {

      enable = true;

    };

  };



  testScript = ''

    machine.wait_for_unit("wastebin.service")

    machine.wait_for_open_port(8088)

    machine.succeed("curl --fail http://localhost:8088/")

  '';

})