diff --git a/services/default.nix b/services/default.nix
index aff3134..bd5c49f 100644
--- a/services/default.nix
+++ b/services/default.nix
@@ -9,6 +9,7 @@
./lldap.nix
# Dante not working right now, possibly misconfigured.
#./dante.nix
+ ./paste.nix
./btcpayserver.nix
./btc.nix
./vaultwarden.nix
diff --git a/services/paste.nix b/services/paste.nix
new file mode 100644
index 0000000..9619ffa
--- /dev/null
+++ b/services/paste.nix
@@ -0,0 +1,26 @@
+let
+ pastePort = 8087;
+ onionUrl = "http://s4h5nfnwwhzku55opxlqouobioibx4htwygnp2l4fkp256lur5s53rad.onion";
+in
+{
+ services.microbin = {
+ enable = true;
+ settings = {
+ MICROBIN_PORT = pastePort;
+ MICROBIN_ENABLE_BURN_AFTER = true;
+ MICROBIN_QR = true;
+ MICROBIN_NO_LISTING = true;
+ MICROBIN_HIGHLIGHTSYNTAX = true;
+ MICROBIN_PUBLIC_PATH = "https://paste.distrust.network/";
+ };
+ };
+
+ services.caddy.virtualHosts."https://paste.distrust.network ${onionUrl}".extraConfig = ''
+ reverse_proxy localhost:${toString pastePort}
+ header Onion-Location ${onionUrl}
+ '';
+
+ services.tor.relay.onionServices."microbin".map = [
+ 80
+ ];
+}
diff --git a/site/index.html b/site/index.html
index b91264f..be8515a 100755
--- a/site/index.html
+++ b/site/index.html
@@ -53,6 +53,7 @@
Static Site Hosting (TOR & clearnet, email me upon registration)
Forgejo [tor] [clearnet]
Vaultwarden [tor] [clearnet] [hover]
+ Microbin (Paste) [tor] [clearnet]
All services have a strict no-metrics policy, with logs being kept for at most 1 hour (for debugging purposes). Where it is difficult to configure this in a service, logs are directly piped and/or symlinked to /dev/null.
The server runs a hardened NixOS config, and is updated when appropriate for any security/hardening tweaks. This NixOS config is auditable and freely accessible over TOR and clearnet.