+1

nixos/modules/module-list.nix

··· 489 489 ./services/misc/parsoid.nix 490 490 ./services/misc/plex.nix 491 491 ./services/misc/tautulli.nix 492 492 + ./services/misc/pinnwand.nix 492 493 ./services/misc/pykms.nix 493 494 ./services/misc/radarr.nix 494 495 ./services/misc/redmine.nix

+78

nixos/modules/services/misc/pinnwand.nix

··· 1 1 + { config, lib, pkgs, ... }: 2 2 + 3 3 + with lib; 4 4 + 5 5 + let 6 6 + cfg = config.services.pinnwand; 7 7 + 8 8 + format = pkgs.formats.toml {}; 9 9 + configFile = format.generate "pinnwand.toml" cfg.settings; 10 10 + in 11 11 + { 12 12 + options.services.pinnwand = { 13 13 + enable = mkEnableOption "Pinnwand"; 14 14 + 15 15 + port = mkOption { 16 16 + type = types.port; 17 17 + description = "The port to listen on."; 18 18 + default = 8000; 19 19 + }; 20 20 + 21 21 + settings = mkOption { 22 22 + type = format.type; 23 23 + description = '' 24 24 + Your <filename>pinnwand.toml</filename> as a Nix attribute set. Look up 25 25 + possible options in the <link xlink:href="https://github.com/supakeen/pinnwand/blob/master/pinnwand.toml-example">pinnwand.toml-example</link>. 26 26 + ''; 27 27 + default = { 28 28 + # https://github.com/supakeen/pinnwand/blob/master/pinnwand.toml-example 29 29 + database_uri = "sqlite:///var/lib/pinnwand/pinnwand.db"; 30 30 + preferred_lexeres = []; 31 31 + paste_size = 262144; 32 32 + paste_help = '' 33 33 + <p>Welcome to pinnwand, this site is a pastebin. It allows you to share code with others. If you write code in the text area below and press the paste button you will be given a link you can share with others so they can view your code as well.</p><p>People with the link can view your pasted code, only you can remove your paste and it expires automatically. Note that anyone could guess the URI to your paste so don't rely on it being private.</p> 34 34 + ''; 35 35 + footer = '' 36 36 + View <a href="//github.com/supakeen/pinnwand" target="_BLANK">source code</a>, the <a href="/removal">removal</a> or <a href="/expiry">expiry</a> stories, or read the <a href="/about">about</a> page. 37 37 + ''; 38 38 + }; 39 39 + }; 40 40 + }; 41 41 + 42 42 + config = mkIf cfg.enable { 43 43 + systemd.services.pinnwand = { 44 44 + description = "Pinnwannd HTTP Server"; 45 45 + after = [ "network.target" ]; 46 46 + wantedBy = [ "multi-user.target" ]; 47 47 + 48 48 + unitConfig.Documentation = "https://pinnwand.readthedocs.io/en/latest/"; 49 49 + serviceConfig = { 50 50 + ExecStart = "${pkgs.pinnwand}/bin/pinnwand --configuration-path ${configFile} http --port ${toString(cfg.port)}"; 51 51 + StateDirectory = "pinnwand"; 52 52 + StateDirectoryMode = "0700"; 53 53 + 54 54 + AmbientCapabilities = []; 55 55 + CapabilityBoundingSet = ""; 56 56 + DevicePolicy = "closed"; 57 57 + DynamicUser = true; 58 58 + LockPersonality = true; 59 59 + MemoryDenyWriteExecute = true; 60 60 + PrivateDevices = true; 61 61 + PrivateUsers = true; 62 62 + ProtectClock = true; 63 63 + ProtectControlGroups = true; 64 64 + ProtectKernelLogs = true; 65 65 + ProtectHome = true; 66 66 + ProtectHostname = true; 67 67 + ProtectKernelModules = true; 68 68 + ProtectKernelTunables = true; 69 69 + RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ]; 70 70 + RestrictNamespaces = true; 71 71 + RestrictRealtime = true; 72 72 + SystemCallArchitectures = "native"; 73 73 + SystemCallFilter = "@system-service"; 74 74 + UMask = "0077"; 75 75 + }; 76 76 + }; 77 77 + }; 78 78 + }

+1

nixos/tests/all-tests.nix

··· 269 269 pgjwt = handleTest ./pgjwt.nix {}; 270 270 pgmanage = handleTest ./pgmanage.nix {}; 271 271 php = handleTest ./php {}; 272 272 + pinnwand = handleTest ./pinnwand.nix {}; 272 273 plasma5 = handleTest ./plasma5.nix {}; 273 274 plotinus = handleTest ./plotinus.nix {}; 274 275 podman = handleTestOn ["x86_64-linux"] ./podman.nix {};

+86

nixos/tests/pinnwand.nix

··· 1 1 + import ./make-test-python.nix ({ pkgs, ...}: 2 2 + let 3 3 + pythonEnv = pkgs.python3.withPackages (py: with py; [ appdirs toml ]); 4 4 + 5 5 + port = 8000; 6 6 + baseUrl = "http://server:${toString port}"; 7 7 + 8 8 + configureSteck = pkgs.writeScript "configure.py" '' 9 9 + #!${pythonEnv.interpreter} 10 10 + import appdirs 11 11 + import toml 12 12 + import os 13 13 + 14 14 + CONFIG = { 15 15 + "base": "${baseUrl}/", 16 16 + "confirm": False, 17 17 + "magic": True, 18 18 + "ignore": True 19 19 + } 20 20 + 21 21 + os.makedirs(appdirs.user_config_dir('steck')) 22 22 + with open(os.path.join(appdirs.user_config_dir('steck'), 'steck.toml'), "w") as fd: 23 23 + toml.dump(CONFIG, fd) 24 24 + ''; 25 25 + in 26 26 + { 27 27 + name = "pinnwand"; 28 28 + meta = with pkgs.stdenv.lib.maintainers; { 29 29 + maintainers =[ hexa ]; 30 30 + }; 31 31 + 32 32 + nodes = { 33 33 + server = { config, ... }: 34 34 + { 35 35 + networking.firewall.allowedTCPPorts = [ 36 36 + port 37 37 + ]; 38 38 + 39 39 + services.pinnwand = { 40 40 + enable = true; 41 41 + port = port; 42 42 + }; 43 43 + }; 44 44 + 45 45 + client = { pkgs, ... }: 46 46 + { 47 47 + environment.systemPackages = [ pkgs.steck ]; 48 48 + }; 49 49 + }; 50 50 + 51 51 + testScript = '' 52 52 + start_all() 53 53 + 54 54 + server.wait_for_unit("pinnwand.service") 55 55 + client.wait_for_unit("network.target") 56 56 + 57 57 + # create steck.toml config file 58 58 + client.succeed("${configureSteck}") 59 59 + 60 60 + # wait until the server running pinnwand is reachable 61 61 + client.wait_until_succeeds("ping -c1 server") 62 62 + 63 63 + # make sure pinnwand is listening 64 64 + server.wait_until_succeeds("ss -lnp | grep ${toString port}") 65 65 + 66 66 + # send the contents of /etc/machine-id 67 67 + response = client.succeed("steck paste /etc/machine-id") 68 68 + 69 69 + # parse the steck response 70 70 + raw_url = None 71 71 + removal_link = None 72 72 + for line in response.split("\n"): 73 73 + if line.startswith("View link:"): 74 74 + raw_url = f"${baseUrl}/raw/{line.split('/')[-1]}" 75 75 + if line.startswith("Removal link:"): 76 76 + removal_link = line.split(":", 1)[1] 77 77 + 78 78 + # check whether paste matches what we sent 79 79 + client.succeed(f"curl {raw_url} > /tmp/machine-id") 80 80 + client.succeed("diff /tmp/machine-id /etc/machine-id") 81 81 + 82 82 + # remove paste and check that it's not available any more 83 83 + client.succeed(f"curl {removal_link}") 84 84 + client.fail(f"curl --fail {raw_url}") 85 85 + ''; 86 86 + })

+17 -7

pkgs/servers/pinnwand/default.nix

··· 1 1 - { lib, python3, fetchFromGitHub }: 1 1 + { lib, python3, fetchFromGitHub, poetry, nixosTests }: 2 2 3 3 let 4 4 python = python3.override { ··· 14 14 }; 15 15 in with python.pkgs; buildPythonApplication rec { 16 16 pname = "pinnwand"; 17 17 - version = "1.1.2"; 17 17 + version = "1.2.1"; 18 18 + format = "pyproject"; 18 19 19 19 - src = fetchPypi { 20 20 - inherit pname version; 21 21 - sha256 = "0iincxkfyyx85ggx9ilms2f8aq4lcbg3rkqgrr4wlsflzhljqd0p"; 20 20 + src = fetchFromGitHub { 21 21 + owner = "supakeen"; 22 22 + repo = pname; 23 23 + rev = "v${version}"; 24 24 + sha256 = "1rk7rpyb4vmqxqqv8k9jpjmgakr3mn1iaqxyj34r74p1n5vfzimq"; 22 25 }; 26 26 + 27 27 + nativeBuildInputs = [ 28 28 + poetry 29 29 + ]; 23 30 24 31 propagatedBuildInputs = [ 25 32 click ··· 30 37 sqlalchemy 31 38 ]; 32 39 33 33 - # tests are only available when fetching from GitHub, where they in turn don't have a setup.py :( 40 40 + checkInputs = [ pytest ]; 41 41 + 34 42 checkPhase = '' 35 35 - $out/bin/pinnwand --help > /dev/null 43 43 + pytest 36 44 ''; 45 45 + 46 46 + passthru.tests = nixosTests.pinnwand; 37 47 38 48 meta = with lib; { 39 49 homepage = "https://supakeen.com/project/pinnwand/";

+31

pkgs/servers/pinnwand/steck.nix

··· 1 1 + { lib, pkgs, python3Packages, nixosTests }: 2 2 + 3 3 + python3Packages.buildPythonApplication rec { 4 4 + pname = "steck"; 5 5 + version = "0.6.0"; 6 6 + 7 7 + src = python3Packages.fetchPypi { 8 8 + inherit pname version; 9 9 + sha256 = "07gc5iwbyprb8nihnjjl2zd06z8p4nl3a3drzh9a8ny35ig1khq0"; 10 10 + }; 11 11 + 12 12 + propagatedBuildInputs = with python3Packages; [ 13 13 + pkgs.git 14 14 + appdirs 15 15 + click 16 16 + python_magic 17 17 + requests 18 18 + termcolor 19 19 + toml 20 20 + ]; 21 21 + 22 22 + passthru.tests = nixosTests.pinnwand; 23 23 + 24 24 + meta = with lib; { 25 25 + homepage = "https://github.com/supakeen/steck"; 26 26 + license = licenses.mit; 27 27 + description = "Client for pinnwand pastebin."; 28 28 + maintainers = with maintainers; [ hexa ]; 29 29 + }; 30 30 + } 31 31 +

+2

pkgs/top-level/all-packages.nix

··· 6917 6917 6918 6918 stdman = callPackage ../data/documentation/stdman { }; 6919 6919 6920 6920 + steck = callPackage ../servers/pinnwand/steck.nix { }; 6921 6921 + 6920 6922 stenc = callPackage ../tools/backup/stenc { }; 6921 6923 6922 6924 stm32loader = with python3Packages; toPythonApplication stm32loader;