A self-hostable pastebin for your tailnet. It can store an infinite* number of pastes.
- Install Nix
- Enable flakes
nix develop
You can then test your changes to tclip by running go run ./cmd/tclipd
or go run ./cmd/tclip
as appropriate.
Note that for the first run of ./cmd/tclipd
, you must set
either the TS_AUTHKEY
environment variable, or run it with
--tsnet-verbose
to get the login URL for Tailscale.
The web server:
nix build .#tclipd
The docker image:
nix build .#docker
docker load < ./result
The portable service image:
nix build .#portable-service
These configuration options are available as command-line flags and environment variables. All of them are optional.
Command-line flag | Environment variable | Default value | Description |
---|---|---|---|
-hostname |
TSNET_HOSTNAME |
paste |
The hostname to use on your tailnet. |
-data-location |
DATA_DIR |
~/.config/tailscale/paste |
Where program data is stored. |
-tsnet-verbose |
TSNET_VERBOSE |
false |
If set, tsnet will log verbosely to stderr. |
-use-funnel |
USE_FUNNEL |
false |
If set, expose individual pastes to the public internet with Funnel. |
-hide-funnel-users |
HIDE_FUNNEL_USERS |
false |
If set, don't display the username and profile picture of the user who created the paste in funneled pastes. |
-http-port |
HTTP_PORT |
unset | If set, expose individual pastes on a HTTP server running on the given port. |
-control-url |
TSNET_CONTROL_URL |
unset | If set, a custom control server to use, e.g. for Headscale users. |
-disable-https |
DISABLE_HTTPS |
false |
If set, disable serving on HTTPS with Serve. Useful for Headscale deployments. |
-enable-line-numbers |
ENABLE_LINE_NUMBERS |
false |
If set, enable line numbers being shown when viewing a paste. |
-enable-word-wrap |
ENABLE_WORD_WRAP |
false |
If set, allows lines to break and wrap to the following line. |
There are several options you can take to deploy tclip. The most basic deployment method is to use fly.io, but we offer a few options so that you can make the decision that is right for you.
In order to deploy this service, you will need to get an authkey from
the admin panel. It
is a good idea to associate this with the tag tag:service
or its own
tag:tclip
. Please also do not set the ephemeral
tag as that
will destroy the node when the service shuts down.
Your authkey should start with tskey-auth
.
You will need to have Magic DNS enabled.
In one of your infrastructure management GitHub repositories, create a
folder for tclip and then copy the following
fly.toml
template
into that folder.
app = "FLY_APP_NAME"
[build]
image = "ghcr.io/tailscale-dev/tclip:latest"
[deploy]
strategy = "immediate"
[env]
DATA_DIR = "/data"
[mounts]
source = "tclip_data"
destination = "/data"
Replace FLY_APP_NAME
with a name such as yourorg-tclip
and
then run these commands with the flyctl
command:
$ flyctl apps create FLY_APP_NAME
$ flyctl volumes create tclip_data
$ flyctl secrets set TS_AUTHKEY=<key>
$ flyctl deploy
You should be able to open the app at http://paste and paste to your heart's content.
Run flyctl deploy
to update the service.
To run this service in Docker, run the following command:
docker run \
-d \
-v /var/lib/tclip:/data \
-e DATA_DIR=/data \
-e TS_AUTHKEY=<key> \
-n tclip \
--restart always \
ghcr.io/tailscale-dev/tclip:latest
Every so often you should pull a new version of tclip and recreate the container:
docker pull ghcr.io/tailscale-dev/tclip:latest
docker rm -f tclip
Then run the above command to recreate the container.
Add the path /var/lib/tclip
to your backup program of choice.
systemd has a mechanism for portable
service which are like Docker
images mixed with systemd unit configurations. This allows you to
install tclip on any Linux distribution with systemd (and the
portablectl
command, install systemd-container
to get this package
on Ubuntu). This lets you view tclip logs with journalctl
and
manage it like any other systemd service.
You can download the portable service image from CI by looking at the
recently finished
builds,
clicking on the most recent one, and downloading the
portable-service
artifact. This will get you a zipfile that contains
a single .raw
file. Copy this .raw
file to /var/lib/portable
on
your target server. Then run portablectl list
to get a list of
available portable services:
$ portablectl list
NAME TYPE RO CRTIME MTIME USAGE STATE
tclip_0.1.0-20230116 raw yes Mon 2023-01-16 16:49:58 UTC Mon 2023-01-16 16:53:59 UTC 14.8M detached
Copy the name of the tclip
service including the
auto-generated version number to your clipboard (for example:
tclip_0.1.0-20230116
) and pass that to portablectl attach
:
$ sudo portablectl attach tclip_0.1.0-20230116
Next, create the folder /etc/systemd/system/tclip.service.d
and create the file 10-ts-auth-key.conf
in it with the following
contents (be sure to replace <key>
with your tailnet authkey):
# /etc/systemd/system/tclip.service.d/10-ts-authkey.conf
[Service]
Environment=TS_AUTHKEY=<key>
Finally, enable tclip.service
and start it with systemctl enable --now
:
$ sudo systemctl enable --now tclip.service
Wait a moment for it to connect to Tailscale and then check on it with
tailscale status
. Your new node named paste
should show up in your
tailnet.
To update tclip, first detach the portable service using portablectl detach
after finding the list with portablectl list
. Then delete
the correlating .raw
file in /var/lib/portables
. Download a new
one in its place and re-attach and re-enable the service.
Add the path /var/lib/private/tclip
to your backup program of
choice.