6 files changed, 94 insertions, 0 deletions

diff --git a/modules/default.nix b/modules/default.nix
index 9ff6ea6..a503f92 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -9,6 +9,7 @@
   mastodon = ./webapps/mastodon.nix;
   mediagoblin = ./webapps/mediagoblin.nix;
   peertube = ./webapps/peertube.nix;
+  fiche = ./webapps/fiche.nix;
 
   opendmarc = ./opendmarc.nix;
   openarc = ./openarc.nix;
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index 46a28e7..97402f1 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -131,6 +131,15 @@ in {
         (ldap.apache.vhostConf pcfg.ldap.socket)
         (kanboard.apache.vhostConf pcfg.kanboard.socket)
         (grocy.apache.vhostConf pcfg.grocy.socket)
+        ''
+          Alias /paste /var/lib/fiche
+          <Directory "/var/lib/fiche">
+            DirectoryIndex index.txt index.html
+            AllowOverride None
+            Require all granted
+            Options -Indexes
+          </Directory>
+        ''
       ];
     };
 
@@ -346,6 +355,13 @@ in {
       restart = true;
       paths = [ "/var/secrets/webapps/tools-wallabag" ];
     };
+
+    services.fiche = {
+      enable = true;
+      port = config.myEnv.ports.fiche;
+      domain = "tools.immae.eu/paste";
+      https = true;
+    };
   };
 }
 
diff --git a/modules/webapps/fiche.nix b/modules/webapps/fiche.nix
new file mode 100644
index 0000000..9061b2e
--- /dev/null
+++ b/modules/webapps/fiche.nix
@@ -0,0 +1,53 @@
+{ lib, pkgs, config, ... }:
+let
+  cfg = config.services.fiche;
+in
+{
+  options.services.fiche = {
+    enable = lib.mkEnableOption "Enable fiche’s service";
+    port = lib.mkOption {
+      type = lib.types.port;
+      description = "Port to listen to";
+    };
+    domain = lib.mkOption {
+      type = lib.types.str;
+      description = "Domain";
+    };
+    dataDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/fiche";
+      description = "Directory where to place the pastes";
+    };
+    https = lib.mkEnableOption "Use https";
+  };
+
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ cfg.port ];
+
+
+    system.activationScripts.fiche = ''
+      mkdir -p /var/lib/fiche
+    '';
+    systemd.services.fiche = {
+      description = "Fiche server";
+      wantedBy = [ "multi-user.target" ];
+      after = [ "network.target" ];
+
+      script = ''
+        exec ${pkgs.fiche}/bin/fiche -o ${cfg.dataDir} -d ${cfg.domain} ${lib.optionalString cfg.https "-S "} -p ${builtins.toString cfg.port}
+      '';
+
+      serviceConfig = {
+        ExecStartPre = [
+          "+${pkgs.coreutils}/bin/install -m 0755 -o fiche -d /var/lib/fiche"
+        ];
+        DynamicUser = true;
+        User = "fiche";
+        PrivateTmp = true;
+        Restart = "always";
+        WorkingDirectory = cfg.dataDir;
+        ReadWritePaths = cfg.dataDir;
+      };
+    };
+  };
+}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index a6630fe..b02c63e 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -75,4 +75,6 @@ rec {
   }) {}).monero;
 
   niv = (import sources.niv {}).niv;
+
+  fiche = callPackage ./fiche { inherit mylibs; };
 }
diff --git a/pkgs/fiche/default.nix b/pkgs/fiche/default.nix
new file mode 100644
index 0000000..cc67fb0
--- /dev/null
+++ b/pkgs/fiche/default.nix
@@ -0,0 +1,7 @@
+{ stdenv, mylibs }:
+stdenv.mkDerivation (mylibs.fetchedGithub ./fiche.json // rec {
+  installPhase = ''
+    mkdir -p $out/bin
+    install -m 0755 fiche $out/bin/
+  '';
+})
diff --git a/pkgs/fiche/fiche.json b/pkgs/fiche/fiche.json
new file mode 100644
index 0000000..036de7f
--- /dev/null
+++ b/pkgs/fiche/fiche.json
@@ -0,0 +1,15 @@
+{
+  "tag": "4bba916-master",
+  "meta": {
+    "name": "fiche",
+    "url": "https://github.com/solusipse/fiche",
+    "branch": "master"
+  },
+  "github": {
+    "owner": "solusipse",
+    "repo": "fiche",
+    "rev": "4bba916e0f4a54d98a3947df7e2d0714d92a8bab",
+    "sha256": "060pxn8ns2zqszv1dlf7zcaf42avn9svya6irwy5d1ry29hp2ds9",
+    "fetchSubmodules": true
+  }
+}