kellen/bin
1
0
Fork 0
forked from MIrrors/bin
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: kellen:dependabot/cargo/actix-web-4.2.1
Branches Tags
kellen:master kellen:dependabot/cargo/bat-0.22.1 kellen:dependabot/cargo/actix-web-4.2.1 kellen:dependabot/cargo/serde-1.0.145 kellen:dependabot/cargo/linked-hash-map-0.5.6 kellen:dependabot/cargo/syntect-5.0.0 kellen:1.0
kellen:v2.0.1-1 kellen:v2.0.1 kellen:v2.0.0 kellen:v1.0.5 kellen:v1.0.4 kellen:v1.0.3 kellen:v1.0.2 kellen:v1.0.1 kellen:v1.0.0
..
compare: kellen:master
Branches Tags
kellen:master kellen:dependabot/cargo/bat-0.22.1 kellen:dependabot/cargo/actix-web-4.2.1 kellen:dependabot/cargo/serde-1.0.145 kellen:dependabot/cargo/linked-hash-map-0.5.6 kellen:dependabot/cargo/syntect-5.0.0 kellen:1.0
kellen:v2.0.1-1 kellen:v2.0.1 kellen:v2.0.0 kellen:v1.0.5 kellen:v1.0.4 kellen:v1.0.3 kellen:v1.0.2 kellen:v1.0.1 kellen:v1.0.0

15 Commits
dependabot ... master

Author SHA1 Message Date
Kellen Renshaw
844c608deb Remove Woodpecker configuration.
All checks were successful
Docker Image Creation / build-docker (push) Successful in 3m47s
Details 
Signed-off-by: Kellen Renshaw <kellen@bluequartz.xyz>
 2023-11-20 07:20:59 -07:00
Kellen Renshaw
f1a2a30e30 Remove container image override, no longer needed.
All checks were successful
Docker Image Creation / build-docker (push) Successful in 3m50s
Details 
Signed-off-by: Kellen Renshaw <kellen@bluequartz.xyz>
 2023-11-20 06:57:31 -07:00
Kellen Renshaw
186f6c217b Use fixed version to build.
All checks were successful
Docker Image Creation / build-docker (push) Successful in 3m47s
Details 
Signed-off-by: Kellen Renshaw <kellen@bluequartz.xyz>
 2023-11-20 04:44:01 -07:00
Kellen Renshaw
0cd4560ee7 Merge remote-tracking branch 'upstream/master' 
Pull in the latest commits from upstream.
 2023-11-19 12:00:50 -07:00
Kellen Renshaw
503b97a2ed Switch to catthehacker image for Docker binary
All checks were successful
Docker Image Creation / build-docker (push) Successful in 8m22s
Details 
Signed-off-by: Kellen Renshaw <kellen@bluequartz.xyz>
 2023-11-19 11:58:09 -07:00
Kellen Renshaw
bcf1eab953 Create Gitea workflow to build and push the Docker image.
Some checks failed
Docker Image Creation / build-docker (push) Failing after 47s
Details 
Signed-off-by: Kellen Renshaw <kellen@bluequartz.xyz>
 2023-11-19 11:41:39 -07:00
alk3pInjection
8d02b31688 Revert "use static linking in Dockerfile" 
The root cause of glibc version mismatch (#60) is we're trying to
build on bookworm and run on bullseye. The proper fix is simply
aligning the distro version during multi-stage builds.

While it's okay to statically link against musl libc, I don't see
any benefits in doing so, which _might_ also introduce performance
regressions.

Switch to smaller "distroless" image while we're at it.

This partially reverts commit dc6f9b5ec6.

Signed-off-by: alk3pInjection <webmaster@raspii.tech>
 2023-10-22 12:19:12 +01:00
Alistair Bahr
dc6f9b5ec6 use static linking in Dockerfile; add docker-compose.yml 2023-10-17 16:56:01 +01:00
Jordan Doyle
793c2476af Add flake.nix 2022-12-04 20:27:07 +00:00
Kellen Renshaw
89fe9a15a0 Add registry config
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details 
Signed-off-by: Kellen Renshaw <kellen@bluequartz.xyz>
 2022-10-14 18:15:47 -07:00
Kellen Renshaw
ac93a7d379 Revert workarounds, Let's Encrypt certs in place.
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details 
Signed-off-by: Kellen Renshaw <kellen@bluequartz.xyz>
 2022-10-14 16:47:46 -07:00
Kellen Renshaw
dc04017e67 Fix /home/kellen issue
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details 
Signed-off-by: Kellen Renshaw <kellen@bluequartz.xyz>
 2022-10-13 20:25:08 -07:00
Kellen Renshaw
322b131550 Fix SSL issue in clone
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details 
Signed-off-by: Kellen Renshaw <kellen@bluequartz.xyz>
 2022-10-13 17:00:31 -07:00
Kellen Renshaw
316cad44d8 Tweak to CI
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details 
Signed-off-by: Kellen Renshaw <kellen@bluequartz.xyz>
 2022-10-12 22:07:55 -07:00
Kellen Renshaw
8353c82b63 Added Woodpecker CI config
Some checks failed
ci/woodpecker/push/woodpecker Pipeline failed
Details 
Signed-off-by: Kellen Renshaw <kellen@bluequartz.xyz>
 2022-10-12 21:38:22 -07:00
8 changed files with 226 additions and 26 deletions
Expand all files Collapse all files

33
.gitea/workflows/docker.yaml Normal file
View File

@@ -0,0 +1,33 @@
name: Docker Image Creation
run-name: ${{ gitea.actor }} building Docker image
on: [push]
jobs:
build-docker:
runs-on: ubuntu-22.04
steps:
- name: Checkout the repo
uses: actions/checkout@v4
- name: Login to Gitea Docker Registry
uses: docker/login-action@v3
with:
registry: git.bluequartz.xyz
username: ${{ gitea.actor }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: git.bluequartz.xyz/kellen/bin
- name: Build and Push
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}

1
.gitignore vendored
View File

@@ -7,3 +7,4 @@
# These are backup files generated by rustfmt
**/*.rs.bk
result

43
Cargo.lock generated
View File

@@ -45,9 +45,9 @@ dependencies = [
[[package]]
name = "actix-http"
version = "3.2.2"
version = "3.0.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "0c83abf9903e1f0ad9973cc4f7b9767fd5a03a583f51a5b7a339e07987cd2724"
checksum = "a5885cb81a0d4d0d322864bea1bb6c2a8144626b4fdc625d4c51eba197e7797a"
dependencies = [
"actix-codec",
"actix-rt",
@@ -70,13 +70,13 @@ dependencies = [
"itoa",
"language-tags",
"local-channel",
"log",
"mime",
"percent-encoding",
"pin-project-lite",
"rand 0.8.5",
"sha1",
"sha-1",
"smallvec",
"tracing",
"zstd",
]
@@ -155,9 +155,9 @@ dependencies = [
[[package]]
name = "actix-web"
version = "4.2.1"
version = "4.0.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "d48f7b6534e06c7bfc72ee91db7917d4af6afe23e7d223b51e68fffbb21e96b9"
checksum = "f4e5ebffd51d50df56a3ae0de0e59487340ca456f05dd0b90c0a7a6dd6a74d31"
dependencies = [
"actix-codec",
"actix-http",
@@ -177,7 +177,6 @@ dependencies = [
"encoding_rs",
"futures-core",
"futures-util",
"http",
"itoa",
"language-tags",
"log",
@@ -196,9 +195,9 @@ dependencies = [
[[package]]
name = "actix-web-codegen"
version = "4.1.0"
version = "4.0.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1fa9362663c8643d67b2d5eafba49e4cb2c8a053a29ed00a0bea121f17c76b13"
checksum = "7525bedf54704abb1d469e88d7e7e9226df73778798a69cea5022d53b2ae91bc"
dependencies = [
"actix-router",
"proc-macro2",
@@ -689,9 +688,9 @@ dependencies = [
[[package]]
name = "digest"
version = "0.10.5"
version = "0.10.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "adfbc57365a37acbd2ebf2b64d7e69bb766e2fea813521ed536f5d0520dcf86c"
checksum = "f2fb860ca6fafa5552fb6d0e816a69c8e49f0908bf524e30a90d97c85892d506"
dependencies = [
"block-buffer",
"crypto-common",
@@ -1100,9 +1099,9 @@ checksum = "e9025058dae765dee5070ec375f591e2ba14638c63feff74f13805a72e523163"
[[package]]
name = "http"
version = "0.2.8"
version = "0.2.6"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "75f43d41e26995c17e71ee126451dd3941010b0514a81a9d11f3b341debc2399"
checksum = "31f4c6746584866f0feabcc69893c5b51beef3831656a968ed7ae254cdc4fd03"
dependencies = [
"bytes",
"fnv",
@@ -1790,10 +1789,10 @@ dependencies = [
]
[[package]]
name = "sha1"
version = "0.10.5"
name = "sha-1"
version = "0.10.0"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f04293dc80c3993519f2d7f6f511707ee7094fe0c6d3406feb330cdb3540eba3"
checksum = "028f48d513f9678cda28f6e4064755b3fbb2af6acd672f2c209b62323f7aea0f"
dependencies = [
"cfg-if",
"cpufeatures",
@@ -2268,18 +2267,18 @@ dependencies = [
[[package]]
name = "zstd"
version = "0.11.2+zstd.1.5.2"
version = "0.10.0+zstd.1.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "20cc960326ece64f010d2d2107537f26dc589a6573a316bd5b1dba685fa5fde4"
checksum = "3b1365becbe415f3f0fcd024e2f7b45bacfb5bdd055f0dc113571394114e7bdd"
dependencies = [
"zstd-safe",
]
[[package]]
name = "zstd-safe"
version = "5.0.2+zstd.1.5.2"
version = "4.1.4+zstd.1.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1d2a5585e04f9eea4b2a3d1eca508c4dee9592a89ef6f450c11719da0726f4db"
checksum = "2f7cd17c9af1a4d6c24beb1cc54b17e2ef7b593dc92f19e9d9acad8b182bbaee"
dependencies = [
"libc",
"zstd-sys",
@@ -2287,9 +2286,9 @@ dependencies = [
[[package]]
name = "zstd-sys"
version = "2.0.1+zstd.1.5.2"
version = "1.6.3+zstd.1.5.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "9fd07cbbc53846d9145dbffdf6dd09a7a0aa52be46741825f5c97bdd4f73f12b"
checksum = "fc49afa5c8d634e75761feda8c592051e7eeb4683ba827211eb0d731d3402ea8"
dependencies = [
"cc",
"libc",

2
Cargo.toml
View File

@@ -19,7 +19,7 @@ serde = { version = "1.0", features = ["derive"] }
rand = { version = "0.8" }
gpw = "0.1"
actix = "0.13"
actix-web = "4.2"
actix-web = "4.0"
htmlescape = "0.3"
askama = "0.11"
bat = "0.20"

5
Dockerfile
View File

@@ -1,4 +1,4 @@
FROM rust:1-slim AS builder
FROM rust:1-slim-bookworm AS builder
RUN apt update && apt install -y libclang-dev
@@ -7,8 +7,7 @@ WORKDIR /sources
RUN cargo build --release
RUN chown nobody:nogroup /sources/target/release/bin
FROM debian:bullseye-slim
FROM gcr.io/distroless/cc-debian12
COPY --from=builder /sources/target/release/bin /pastebin
USER nobody

8
docker-compose.yml Normal file
View File

@@ -0,0 +1,8 @@
version: '3'
services:
bin:
build:
context: .
dockerfile: Dockerfile
ports:
- "8000:8000"

77
flake.lock generated Normal file
View File

@@ -0,0 +1,77 @@
{
"nodes": {
"naersk": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1662220400,
"narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=",
"owner": "nix-community",
"repo": "naersk",
"rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "naersk",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1670118144,
"narHash": "sha256-tdh9H4oomljZaKpCkZox8jmwt8p78oGLpK9cjFBy3Qk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "95f1ec721652d91a2993311d6cf537d3724690be",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1670118144,
"narHash": "sha256-tdh9H4oomljZaKpCkZox8jmwt8p78oGLpK9cjFBy3Qk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "95f1ec721652d91a2993311d6cf537d3724690be",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"naersk": "naersk",
"nixpkgs": "nixpkgs_2",
"utils": "utils"
}
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

83
flake.nix Normal file
View File

@@ -0,0 +1,83 @@
{
inputs = {
naersk.url = "github:nix-community/naersk/master";
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
utils.url = "github:numtide/flake-utils";
};
outputs = { self, nixpkgs, utils, naersk }:
utils.lib.eachDefaultSystem (system:
let
pkgs = import nixpkgs { inherit system; };
naersk-lib = pkgs.callPackage naersk { };
in
{
defaultPackage = naersk-lib.buildPackage ./.;
devShell = with pkgs; mkShell {
buildInputs = [ cargo rustc rustfmt pre-commit rustPackages.clippy ];
RUST_SRC_PATH = rustPlatform.rustLibSrc;
};
nixosModules.default = { config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.paste-bin;
in
{
options.services.paste-bin = {
enable = mkEnableOption "paste-bin";
bindAddress = mkOption {
default = "[::]:8000";
description = "Address and port to listen on";
type = types.str;
};
maxPasteSize = mkOption {
default = 32768;
description = "Max allowed size of an individual paste";
type = types.int;
};
bufferSize = mkOption {
default = 1000;
description = "Maximum amount of pastes to store at a time";
type = types.int;
};
};
config = mkIf cfg.enable {
systemd.services.bin = {
enable = true;
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
serviceConfig = {
Type = "exec";
ExecStart = "${self.defaultPackage."${system}"}/bin/bin --buffer-size ${toString cfg.bufferSize} --max-paste-size ${toString cfg.maxPasteSize} ${cfg.bindAddress}";
Restart = "on-failure";
CapabilityBoundingSet = "";
NoNewPrivileges = true;
PrivateDevices = true;
PrivateTmp = true;
PrivateUsers = true;
PrivateMounts = true;
ProtectHome = true;
ProtectClock = true;
ProtectProc = "noaccess";
ProcSubset = "pid";
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectControlGroups = true;
ProtectHostname = true;
RestrictSUIDSGID = true;
RestrictRealtime = true;
RestrictNamespaces = true;
LockPersonality = true;
RemoveIPC = true;
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
SystemCallFilter = [ "@system-service" "~@privileged" ];
};
};
};
};
});
}