add privatebin (#24)

2024-02-18 22:47:24 +00:00 · 2024-02-18 22:47:24 +00:00 · c224004ccf
commit c224004ccf
parent 8d9e835f64
1 changed files with 215 additions and 0 deletions
--- a/jobs/services/privatebin.hcl
+++ b/jobs/services/privatebin.hcl
@ -0,0 +1,215 @@
 job "privatebin" {
  datacenters = ["aperture"]
  type = "service"
  group "privatebin" {
    count = 1
    network {
      port "http" {
        to = 8080
      }
    }
    service {
      name = "privatebin"
      port = "http"
      check {
        type = "http"
        path = "/"
        interval = "10s"
        timeout = "2s"
      }
      tags = [
        "traefik.enable=true",
        "traefik.http.routers.privatebin.rule=Host(`paste.rb.dcu.ie`)",
        "traefik.http.routers.privatebin.entrypoints=web,websecure",
        "traefik.http.routers.privatebin.tls.certresolver=lets-encrypt",
      ]
    }
    task "privatebin" {
      driver = "docker"
      config {
        image = "privatebin/nginx-fpm-alpine:stable"
        ports = ["http"]
        volumes = [
          "local/conf.php:/srv/data/conf.php",
        ]
      }
      template {
        destination = "local/.env"
        env         = true
        change_mode = "restart"
        data        = <<EOH
 TZ=Europe/Dublin
 PHP_TZ=Europe/Dublin
 CONFIG_PATH=/srv/data/
 EOH
      }
      template {
        destination = "local/conf.php"
        data        = <<EOH
 [main]
 name = "Redbrick PasteBin"
 basepath = "https://paste.rb.dcu.ie/"
 discussion = true
 opendiscussion = false
 password = true
 fileupload = true
 burnafterreadingselected = false
 defaultformatter = "markdown"
 ; (optional) set a syntax highlighting theme, as found in css/prettify/
 syntaxhighlightingtheme = "sons-of-obsidian"
 ; size limit per paste or comment in bytes, defaults to 10 Mebibytes
 sizelimit = 10485760
 ; template to include, default is "bootstrap" (tpl/bootstrap.php)
 template = "bootstrap-dark"
 ; (optional) info text to display
 ; use single, instead of double quotes for HTML attributes
 ;info = "More information on the <a href='https://privatebin.info/'>project page</a>."
 ; (optional) notice to display
 ; notice = "Note: Distro is a Goombean."
 languageselection = false
 languagedefault = "en"
 ; (optional) URL shortener address to offer after a new paste is created.
 ; It is suggested to only use this with self-hosted shorteners as this will leak
 ; the pastes encryption key.
 ; urlshortener = "https://shortener.example.com/api?link="
 qrcode = true
 email = true
 ; Can be set to one these values:
 ; "none" / "identicon" (default) / "jdenticon" / "vizhash".
 icon = "identicon"
 ; Content Security Policy headers allow a website to restrict what sources are
 ; allowed to be accessed in its context. You need to change this if you added
 ; custom scripts from third-party domains to your templates, e.g. tracking
 ; scripts or run your site behind certain DDoS-protection services.
 ; Check the documentation at https://content-security-policy.com/
 ; Notes:
 ; - If you use a bootstrap theme, you can remove the allow-popups from the
 ;   sandbox restrictions.
 ; - By default this disallows to load images from third-party servers, e.g. when
 ;   they are embedded in pastes. If you wish to allow that, you can adjust the
 ;   policy here. See https://github.com/PrivateBin/PrivateBin/wiki/FAQ#why-does-not-it-load-embedded-images
 ;   for details.
 ; - The 'unsafe-eval' is used in two cases; to check if the browser supports
 ;   async functions and display an error if not and for Chrome to enable
 ;   webassembly support (used for zlib compression). You can remove it if Chrome
 ;   doesn't need to be supported and old browsers don't need to be warned.
 ; cspheader = "default-src 'none'; base-uri 'self'; form-action 'none'; manifest-src 'self'; connect-src * blob:; script-src 'self' 'unsafe-eval'; style-src 'self'; font-src 'self'; frame-ancestors 'none'; img-src 'self' data: blob:; media-src blob:; object-src blob:; sandbox allow-same-origin allow-scripts allow-forms allow-popups allow-modals allow-downloads"
 zerobincompatibility = false
 httpwarning = true
 compression = "zlib"
 [expire]
 ; make sure the value exists in [expire_options]
 default = "1week"
 [expire_options]
 5min = 300
 10min = 600
 1hour = 3600
 1day = 86400
 1week = 604800
 2week = 1209600
 ; Well this is not *exactly* one month, it's 30 days:
 1month = 2592000
 1year = 31536000
 never = 0
 [formatter_options]
 plaintext = "Plain Text"
 markdown = "Markdown"
 syntaxhighlighting = "Source Code"
 syntaxhighlightingtheme = "sons-of-obsidian"
 [traffic]
 ; time limit between calls from the same IP address in seconds
 ; Set this to 0 to disable rate limiting.
 limit = 10
 ; (optional) Set IPs addresses (v4 or v6) or subnets (CIDR) which are exempted
 ; from the rate-limit. Invalid IPs will be ignored. If multiple values are to
 ; be exempted, the list needs to be comma separated. Leave unset to disable
 ; exemptions.
 ; exempted = "1.2.3.4,10.10.10/24"
 ; (optional) If you want only some source IP addresses (v4 or v6) or subnets
 ; (CIDR) to be allowed to create pastes, set these here. Invalid IPs will be
 ; ignored. If multiple values are to be exempted, the list needs to be comma
 ; separated. Leave unset to allow anyone to create pastes.
 ; creators = "1.2.3.4,10.10.10/24"
 ; (optional) if your website runs behind a reverse proxy or load balancer,
 ; set the HTTP header containing the visitors IP address, i.e. X_FORWARDED_FOR
 ; header = "X_FORWARDED_FOR"
 [purge]
 ; minimum time limit between two purgings of expired pastes, it is only
 ; triggered when pastes are created
 ; Set this to 0 to run a purge every time a paste is created.
 limit = 300
 ; maximum amount of expired pastes to delete in one purge
 ; Set this to 0 to disable purging. Set it higher, if you are running a large
 ; site
 batchsize = 10
 [model]
 class = Database
 [model_options]
 dsn = "pgsql:host=postgres.service.consul;dbname={{ key "privatebin/db/name" }}"
 tbl = "privatebin_"     ; table prefix
 usr = "{{ key "privatebin/db/user" }}"
 pwd = "{{ key "privatebin/db/password" }}"
 opt[12] = true    ; PDO::ATTR_PERSISTENT ; use persistent connections - default
 [yourls]
 ; When using YOURLS as a "urlshortener" config item:
 ; - By default, "urlshortener" will point to the YOURLS API URL, with or without
 ;   credentials, and will be visible in public on the PrivateBin web page.
 ;   Only use this if you allow short URL creation without credentials.
 ; - Alternatively, using the parameters in this section ("signature" and
 ;   "apiurl"), "urlshortener" needs to point to the base URL of your PrivateBin
 ;   instance with "shortenviayourls?link=" appended. For example:
 ;   urlshortener = "${basepath}shortenviayourls?link="
 ;   This URL will in turn call YOURLS on the server side, using the URL from
 ;   "apiurl" and the "access signature" from the "signature" parameters below.
 ; (optional) the "signature" (access key) issued by YOURLS for the using account
 ; signature = ""
 ; (optional) the URL of the YOURLS API, called to shorten a PrivateBin URL
 ; apiurl = "https://yourls.example.com/yourls-api.php"
 EOH
      }
    }
  }
 }