From 20806d6ec9b016c82be9a4a971eaeafdb7313e37 Mon Sep 17 00:00:00 2001 From: jolheiser Date: Tue, 23 Jul 2024 15:22:23 -0500 Subject: [PATCH] feat: tclip Signed-off-by: jolheiser --- flake.lock | 31 ++++++--- flake.nix | 7 +- machines/dragonwell/default.nix | 2 +- machines/dragonwell/tclip.nix | 9 +++ modules/tclip/default.nix | 112 ++++++++++++++++++++++++++++++++ 5 files changed, 148 insertions(+), 13 deletions(-) create mode 100644 machines/dragonwell/tclip.nix create mode 100644 modules/tclip/default.nix diff --git a/flake.lock b/flake.lock index a01b323..6e678ae 100644 --- a/flake.lock +++ b/flake.lock @@ -310,11 +310,11 @@ ] }, "locked": { - "lastModified": 1694616124, - "narHash": "sha256-c49BVhQKw3XDRgt+y+uPAbArtgUlMXCET6VxEBmzHXE=", + "lastModified": 1717050755, + "narHash": "sha256-C9IEHABulv2zEDFA+Bf0E1nmfN4y6MIUe5eM2RCrDC0=", "owner": "tweag", "repo": "gomod2nix", - "rev": "f95720e89af6165c8c0aa77f180461fe786f3c21", + "rev": "31b6d2e40b36456e792cd6cf50d5a8ddd2fa59a1", "type": "github" }, "original": { @@ -479,6 +479,21 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1721562059, + "narHash": "sha256-Tybxt65eyOARf285hMHIJ2uul8SULjFZbT9ZaEeUnP8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "68c9ed8bbed9dfce253cc91560bf9043297ef2fe", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "ref": "nixos-unstable", + "type": "indirect" + } + }, "nur": { "locked": { "lastModified": 1701441860, @@ -693,19 +708,17 @@ "tclip": { "inputs": { "gomod2nix": "gomod2nix", - "nixpkgs": [ - "nixpkgs" - ], + "nixpkgs": "nixpkgs_2", "utils": [ "flake-utils" ] }, "locked": { - "lastModified": 1695233959, - "narHash": "sha256-5H0Bz6m6aw0Nt4fV7QkU9gIZUS0Jo/Vkqk6pTk1mkBk=", + "lastModified": 1721358387, + "narHash": "sha256-vkZvaLttczCfwQDHx7DGuIdV+K8QUQXHyMXZmn0df1M=", "owner": "tailscale-dev", "repo": "tclip", - "rev": "99fc19f91adb0e095189e7ba2771269696386ed2", + "rev": "5382625af90019d2b4ef29be8e15de3a8cb21238", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index ab4a5a7..5787a3d 100644 --- a/flake.nix +++ b/flake.nix @@ -96,7 +96,7 @@ tclip = { url = "github:tailscale-dev/tclip"; inputs = { - nixpkgs.follows = "nixpkgs"; + #nixpkgs.follows = "nixpkgs"; utils.follows = "flake-utils"; }; }; @@ -149,7 +149,6 @@ }; tclip = inputs.tclip.packages.${prev.system}.tclip; templ = inputs.templ.packages.${prev.system}.templ; - dagger = inputs.dagger.packages.${prev.system}.dagger; }) inputs.golink.overlay ]; @@ -235,7 +234,7 @@ inherit overlays system; }; }; - dragonwell = { + dragonwell = {pkgs, ...}: { imports = [ inputs.agenix.nixosModules.default inputs.golink.nixosModules.default @@ -243,8 +242,10 @@ inputs.git-pr.nixosModules.default inputs.actual.nixosModules.default inputs.tsnet-serve.nixosModules.default + ./modules/tclip ./machines/dragonwell ]; + services.tclip.package = inputs.tclip.packages.${pkgs.system}.tclipd; }; }; nixConfig = { diff --git a/machines/dragonwell/default.nix b/machines/dragonwell/default.nix index 91429c7..b0f1391 100644 --- a/machines/dragonwell/default.nix +++ b/machines/dragonwell/default.nix @@ -2,7 +2,7 @@ let username = "jolheiser"; key = ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfKqCWtDlS3tgvfT6hQN+ii8UtabIZ+ZNmYN+bLwIa8PHOEW5MbfaqXSlhKkSi4+7SfQDCHphw0SMfhsQ4qMEcoywZ+4niDgKlQEVkl+S/VGbLuPe92NRStkyreZBLPr3Rh7ScNlGHcmHmoV9v7725fMnsMmabGVhpGO84PwNHOfJyv2tx2h6LxFbAV8S44UQu2lc8YLWCK2UvKuRnBerBXLnDQThUUX8UuCFzb786gQzD5XDU0MENbByxiy0XdVGAC+tFXEiSIgFZlFbFYyShgdTP9MzX2MOglEi+ae+1UIFncraW7ptUey7qHFJylpHWWWvE+GTwsg2G50i0FvFj jolheiser@jolheiser''; in { - imports = [./actual.nix ./caddy.nix ./dex.nix ./git-pr.nix ./golink.nix ./gotosocial.nix ./restic.nix ./soju.nix ./tandoor.nix ./ugit.nix ./vikunja.nix ./hardware.nix]; + imports = [./actual.nix ./caddy.nix ./dex.nix ./git-pr.nix ./golink.nix ./gotosocial.nix ./restic.nix ./soju.nix ./tandoor.nix ./tclip.nix ./ugit.nix ./vikunja.nix ./hardware.nix]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; diff --git a/machines/dragonwell/tclip.nix b/machines/dragonwell/tclip.nix new file mode 100644 index 0000000..db4dcd8 --- /dev/null +++ b/machines/dragonwell/tclip.nix @@ -0,0 +1,9 @@ +{ + services.tclip = { + enable = true; + hostname = "paste"; + useFunnel = true; + hideFunnelUsers = true; + authKey = "tskey-auth-k1VerP4gam11CNTRL-89rpeDcfTdJqkF9AECWmdJLVgo1jQcSAB"; # One-time key + }; +} diff --git a/modules/tclip/default.nix b/modules/tclip/default.nix new file mode 100644 index 0000000..69b5a35 --- /dev/null +++ b/modules/tclip/default.nix @@ -0,0 +1,112 @@ +{ + config, + lib, + ... +}: let + cfg = config.services.tclip; +in { + options.services.tclip = { + enable = lib.mkEnableOption "tclip service"; + + hostname = lib.mkOption { + type = lib.types.str; + default = "paste"; + description = "The hostname to use on your tailnet"; + }; + + dataLocation = lib.mkOption { + type = lib.types.str; + default = "/var/lib/tclip"; + description = "Where program data is stored"; + }; + + tsnetVerbose = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Log verbosely to stderr"; + }; + + useFunnel = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Expose pastes with tailscale funnel"; + }; + + hideFunnelUsers = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Hide usernamd/image on funnel"; + }; + + httpPort = lib.mkOption { + type = lib.types.nullOr lib.types.port; + default = null; + description = "Expose pastes on an HTTP server at the given port"; + }; + + controlURL = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Custom control server (e.g. headscale)"; + }; + + disableHTTPS = lib.mkOption { + type = lib.types.bool; + default = false; + description = "Disable serving on HTTPS"; + }; + + package = lib.mkOption { + type = lib.types.package; + description = "The tclip package to use"; + }; + + authKey = lib.mkOption { + type = lib.types.nullOr lib.types.str; + default = null; + description = "Tailscale auth key"; + }; + }; + + config = lib.mkIf cfg.enable { + systemd.services.tclip = { + description = "tclip Service"; + after = ["network.target"]; + wantedBy = ["multi-user.target"]; + + serviceConfig = { + ExecStart = let + args = + lib.optionals (cfg.httpPort != null) [ + "--http-port=${cfg.httpPort}" + ] + ++ lib.optionals (cfg.controlURL != null) [ + "--control-url=${cfg.controlURL}" + ] + ++ [ + (lib.optionalString cfg.disableHTTPS "--disable-https") + "--hostname=${cfg.hostname}" + "--data-location=${cfg.dataLocation}" + (lib.optionalString cfg.tsnetVerbose "--tsnet-verbose") + (lib.optionalString cfg.useFunnel "--use-funnel") + (lib.optionalString cfg.hideFunnelUsers "--hide-funnel-users") + ]; + in "${cfg.package}/bin/tclipd ${lib.concatStringsSep " " args}"; + Restart = "always"; + User = "tclip"; + Group = "tclip"; + Environment = ["TS_AUTHKEY=${cfg.authKey}"]; + }; + }; + + # Create user and group + users.users.tclip = { + isSystemUser = true; + group = "tclip"; + home = cfg.dataLocation; + createHome = true; + }; + + users.groups.tclip = {}; + }; +}