about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2022-09-07 01:54:12 +0300
committerAzat Bahawi <azat@bahawi.net>2022-09-07 01:54:12 +0300
commit3399a58442ad0a93fc3b6f68d1b878ab078a0e06 (patch)
tree27a24e8c0ad29575742653de4f494bbdf913d7a4
parent2022-09-01 (diff)
2022-09-07
-rw-r--r--configurations/manwe/default.nix16
-rw-r--r--configurations/melian/default.nix1
-rw-r--r--flake.lock72
-rw-r--r--flake.nix1
-rw-r--r--lib/my.nix2
-rw-r--r--modules/nixfiles/alertmanager.nix3
-rw-r--r--modules/nixfiles/chromium.nix1
-rw-r--r--modules/nixfiles/common/tmp.nix4
-rw-r--r--modules/nixfiles/emacs/doom/config.el4
-rw-r--r--modules/nixfiles/emacs/doom/init.el10
-rw-r--r--modules/nixfiles/firefox/default.nix3
-rw-r--r--modules/nixfiles/firefox/profile.nix19
-rw-r--r--modules/nixfiles/firefox/userContent.css19
-rw-r--r--modules/nixfiles/gotify.nix14
-rw-r--r--modules/nixfiles/grafana.nix8
-rw-r--r--modules/nixfiles/hydra.nix3
-rw-r--r--modules/nixfiles/ipfs.nix11
-rw-r--r--modules/nixfiles/lidarr.nix3
-rw-r--r--modules/nixfiles/loki.nix3
-rw-r--r--modules/nixfiles/matrix/dendrite.nix3
-rw-r--r--modules/nixfiles/matrix/synapse.nix3
-rw-r--r--modules/nixfiles/nginx.nix12
-rw-r--r--modules/nixfiles/nsd.nix2
-rw-r--r--modules/nixfiles/prometheus.nix3
-rw-r--r--modules/nixfiles/radarr.nix3
-rw-r--r--modules/nixfiles/radicale.nix3
-rw-r--r--modules/nixfiles/rss-bridge.nix9
-rw-r--r--modules/nixfiles/rtorrent.nix3
-rw-r--r--modules/nixfiles/searx.nix3
-rw-r--r--modules/nixfiles/sonarr.nix3
-rw-r--r--modules/nixfiles/syncthing.nix3
-rw-r--r--modules/nixfiles/vaultwarden.nix18
-rw-r--r--modules/nixfiles/wireguard.nix13
33 files changed, 165 insertions, 113 deletions
diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix
index 4f6b8ef..f3b59f5 100644
--- a/configurations/manwe/default.nix
+++ b/configurations/manwe/default.nix
@@ -100,14 +100,14 @@ with lib; {
           }
         ];
       }
-      # {
-      #   job_name = "wireguard";
-      #   static_configs = [{
-      #     targets = with wireguard; [
-      #       "${manwe.hostname}:${toString port}"
-      #     ];
-      #   }];
-      # }
+      {
+        job_name = "wireguard";
+        static_configs = [
+          {
+            targets = with wireguard; ["${manwe.hostname}:${toString port}"];
+          }
+        ];
+      }
     ];
   };
 
diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix
index 710f26c..fb9b6e6 100644
--- a/configurations/melian/default.nix
+++ b/configurations/melian/default.nix
@@ -61,7 +61,6 @@ with lib; {
     home.packages = with pkgs; [
       (aspellWithDicts (p: with p; [en ru]))
       calibre
-      iaito
       kotatogram-desktop
       nheko
       tor-browser
diff --git a/flake.lock b/flake.lock
index 0a25bd1..06647cb 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1652712410,
-        "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=",
+        "lastModified": 1662046976,
+        "narHash": "sha256-BrTReGRhkVm/Kmmf4zQrL+oYWy0sds/BDBgXNX1CL3c=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b",
+        "rev": "9f136ecfa5bf954538aed3245e4408cf87c85097",
         "type": "github"
       },
       "original": {
@@ -121,11 +121,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1661856816,
-        "narHash": "sha256-pb/Xu1p5q3xtk5nxBj25eoeM02SFSQ53FjSBqT+FNhE=",
+        "lastModified": 1662179110,
+        "narHash": "sha256-13KYsuzprRvJQK3XXzaFGNyWZS9Pucxl+OZO6gJVzE8=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "b726259df1d6defe5af8c5be45ff6457885f2a5f",
+        "rev": "b042c46bb68bbd24b3b8f80f21889237b3b23eef",
         "type": "github"
       },
       "original": {
@@ -377,11 +377,11 @@
         "ws-butler": "ws-butler"
       },
       "locked": {
-        "lastModified": 1661480711,
-        "narHash": "sha256-gwvvwppGDBFYXfuchpvRRHiKBM8XCE1ZnpldryKPN9o=",
+        "lastModified": 1662085301,
+        "narHash": "sha256-eEnqSDEORBJOrD0yuPU9FDjF8QOs8CSmVDvC0lRjBjI=",
         "owner": "nix-community",
         "repo": "nix-doom-emacs",
-        "rev": "ae22b4a3fe31ae31b3e8b415889f8c2c5a77d8dc",
+        "rev": "b4efdd150232f6d11312ddb0e4d35dd15cbbe01c",
         "type": "github"
       },
       "original": {
@@ -401,11 +401,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1661824817,
-        "narHash": "sha256-rKKTjwIVRD5YyD4/X0HMgQkPunAI1rb9vwP2l3M7NWY=",
+        "lastModified": 1662169888,
+        "narHash": "sha256-vXcEbRINemb+ype/JQohaU8TyzUbclOFwiv+soYn6wI=",
         "owner": "jyooru",
         "repo": "nix-minecraft-servers",
-        "rev": "835355ef3f51f9ba1a75a35315f997b189337d81",
+        "rev": "7921fbc0656f8e8c5a95f1142aaf07bf6253aa55",
         "type": "github"
       },
       "original": {
@@ -433,11 +433,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1660407119,
-        "narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=",
+        "lastModified": 1662092548,
+        "narHash": "sha256-nmAbyJ5+DBXcNJ2Rcy/Gx84maqtLdr6xEe82+AXCaY8=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1",
+        "rev": "786633331724f36967853b98d9100b5cfaa4d798",
         "type": "github"
       },
       "original": {
@@ -449,11 +449,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1661353537,
-        "narHash": "sha256-1E2IGPajOsrkR49mM5h55OtYnU0dGyre6gl60NXKITE=",
+        "lastModified": 1662096612,
+        "narHash": "sha256-R+Q8l5JuyJryRPdiIaYpO5O3A55rT+/pItBrKcy7LM4=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0e304ff0d9db453a4b230e9386418fd974d5804a",
+        "rev": "21de2b973f9fee595a7a1ac4693efff791245c34",
         "type": "github"
       },
       "original": {
@@ -465,11 +465,11 @@
     },
     "nixpkgs-endlessh-go": {
       "locked": {
-        "lastModified": 1661766727,
-        "narHash": "sha256-4K3q+YOG2wpx+aighjiuxWFdgNb08YLhQSbJNC07tVY=",
+        "lastModified": 1662056195,
+        "narHash": "sha256-aVRDrBgZUyGT9FMTOvJmiemu6baJTlYEfdpVKloOOj0=",
         "owner": "azahi",
         "repo": "nixpkgs",
-        "rev": "157111fe56e266928b46d88d3c14e7b9a2624385",
+        "rev": "c23131bc34da36f938c6f64de685afbd0f149039",
         "type": "github"
       },
       "original": {
@@ -481,11 +481,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1661882215,
-        "narHash": "sha256-7hfA5v0ZXQr963htXo8q4d/OUnoEjPWx8WiSt3DGC9c=",
+        "lastModified": 1662195462,
+        "narHash": "sha256-eGgXhg58bnNmqy09s+XKyP1fn8ZKvUXlG16q57egP+A=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "3402d9c4a4fe77e245c1b3b061997a83e6f7504e",
+        "rev": "bef7a8c36fa01d4427f1854bf2ae09a2368ca1f3",
         "type": "github"
       },
       "original": {
@@ -497,11 +497,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1661864979,
-        "narHash": "sha256-ajXYYTE1uoY3ei/P1v+Knklf2QNCBxMtw1gByaPTGU4=",
+        "lastModified": 1662197005,
+        "narHash": "sha256-E1XUvRbdOMiooVyUpHnYe3tSOTwEq5ePKQZ1qMETtnQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "a28adc36c20fd2fbaeb06ec9bbd79b6bf7443979",
+        "rev": "a69918f60e882d7cb685e502d8260af68933c853",
         "type": "github"
       },
       "original": {
@@ -563,11 +563,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1661883947,
-        "narHash": "sha256-qaz+6u+PJAfiW/dhSd8HWu5Mpm9jru53aH/gk3TruIM=",
+        "lastModified": 1662195553,
+        "narHash": "sha256-XSlibodNyO5N5m7AnRfJ1jQWZi56jeqBcE2STAtXOyA=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "2ec06c9e786ef01e7dd4bfab9644ffe0d9e0a71d",
+        "rev": "d685b4574fc5f6422101461473a411af7ab08b44",
         "type": "github"
       },
       "original": {
@@ -596,11 +596,11 @@
     "org": {
       "flake": false,
       "locked": {
-        "lastModified": 1661237582,
-        "narHash": "sha256-pebP1mA019FejUe6CURqDUaqPyTUZ3wRcqfd6gE+YVg=",
+        "lastModified": 1662044935,
+        "narHash": "sha256-ZpxKw8L/IpxolkGyQMDut6V4i8I1T5za0QBBrztfcts=",
         "owner": "emacs-straight",
         "repo": "org-mode",
-        "rev": "3c11e9df6e8353ae5d7e1179f9bcb114f469c942",
+        "rev": "e36c3cc21b8b1471e1f7928a118de693819c3f12",
         "type": "github"
       },
       "original": {
@@ -785,11 +785,11 @@
     "ts-fold": {
       "flake": false,
       "locked": {
-        "lastModified": 1661407110,
-        "narHash": "sha256-tJfJFYeANRGu3ObQHGTxhXqS++JVVQREh8RTMwwbwYQ=",
+        "lastModified": 1662006199,
+        "narHash": "sha256-gDelW/h2LyknTQNkHODvzCJCKelLdLIQoDh/L1lk3KA=",
         "owner": "jcs-elpa",
         "repo": "ts-fold",
-        "rev": "3b2e70db92f127dc2e8e302e009447c1a9eb49aa",
+        "rev": "28409a0ceede0751ed9d520c6a19d1f5f1211502",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index cfd62b6..8d7981a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -138,7 +138,6 @@
       owner = "numtide";
       repo = "flake-utils";
       ref = "master";
-      inputs.nixpkgs.follows = "nixpkgs";
     };
 
     # NOTE Used indirectly by nix-minecraft-servers.
diff --git a/lib/my.nix b/lib/my.nix
index 9203246..977b70e 100644
--- a/lib/my.nix
+++ b/lib/my.nix
@@ -138,13 +138,13 @@ with lib;
                 "alertmanager.${shire}"
                 "frodo.${rohan}"
                 "frodo.${gondor}"
-                "bitwarden.${shire}"
                 "gotify.${shire}"
                 "grafana.${shire}"
                 "loki.${shire}"
                 "prometheus.${shire}"
                 "radicale.${shire}"
                 "rss-bridge.${shire}"
+                "vaultwarden.${shire}"
                 azahi
                 rohan
                 gondor
diff --git a/modules/nixfiles/alertmanager.nix b/modules/nixfiles/alertmanager.nix
index 5d9ca30..b7dd5a3 100644
--- a/modules/nixfiles/alertmanager.nix
+++ b/modules/nixfiles/alertmanager.nix
@@ -25,8 +25,9 @@ in {
   config = mkIf cfg.enable {
     nixfiles.modules.nginx = with cfg; {
       enable = true;
+      upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {};
       virtualHosts.${cfg.domain}.locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString port}";
+        proxyPass = "http://alertmanager";
         extraConfig = ''
           if ($internal != 1) {
             return 403;
diff --git a/modules/nixfiles/chromium.nix b/modules/nixfiles/chromium.nix
index 32045c0..0f5a93e 100644
--- a/modules/nixfiles/chromium.nix
+++ b/modules/nixfiles/chromium.nix
@@ -25,6 +25,7 @@ in {
             {id = "cnojnbdhbhnkbcieeekonklommdnndci";} # Search By Image
             {id = "doojmbjmlfjjnbmnoijecmcbfeoakpjm";} # NoScript
             {id = "eimadpbcbfnmbkopoojfekhnkhdbieeh";} # Dark Reader
+            {id = "hlepfoohegkhhmjieoechaddaejaokhf";} # Refined GitHub
             {id = "jinjaccalgkegednnccohejagnlnfdag";} # Violentmonkey
             {id = "nibjojkomfdiaoajekhjakgkdhaomnch";} # IPFS Companion
             {id = "nngceckbapebfimnlniiiahkandclblb";} # Bitwarden
diff --git a/modules/nixfiles/common/tmp.nix b/modules/nixfiles/common/tmp.nix
index 3fbf253..9527f28 100644
--- a/modules/nixfiles/common/tmp.nix
+++ b/modules/nixfiles/common/tmp.nix
@@ -1,9 +1,9 @@
 _: {
   systemd.mounts = [
     {
+      type = "tmpfs";
       what = "tmpfs";
       where = "/tmp";
-      type = "tmpfs";
       mountConfig.Options = [
         "huge=within_size"
         "mode=1777"
@@ -11,7 +11,7 @@ _: {
         "nodev"
         "nosuid"
         "rw"
-        "size=25%"
+        "size=50%"
       ];
     }
   ];
diff --git a/modules/nixfiles/emacs/doom/config.el b/modules/nixfiles/emacs/doom/config.el
index d4fb577..29eabc9 100644
--- a/modules/nixfiles/emacs/doom/config.el
+++ b/modules/nixfiles/emacs/doom/config.el
@@ -92,11 +92,11 @@
   (lsp-register-client
    (make-lsp-client :new-connection (lsp-stdio-connection '("rnix-lsp"))
                     :major-modes '(nix-mode)
-                    :server-id 'nix))
-  (add-hook! 'nix-mode-hook #'lsp!))
+                    :server-id 'nix)))
 
 ;;
 ;;; YAML
+
 ;;
 
 (setq-hook! 'yaml-mode-hook +format-with-lsp nil)
diff --git a/modules/nixfiles/emacs/doom/init.el b/modules/nixfiles/emacs/doom/init.el
index 9ad69c6..b547cb9 100644
--- a/modules/nixfiles/emacs/doom/init.el
+++ b/modules/nixfiles/emacs/doom/init.el
@@ -86,14 +86,14 @@
        emacs-lisp
        (go +lsp +tree-sitter)
        ;; graphql
-       (haskell +lsp)
+       (haskell +lsp +tree-sitter)
        (java +lsp +tree-sitter)
        (javascript +lsp +tree-sitter)
-       (json +tree-sitter)
-       (latex +lsp +tree-sitter)
+       json
+       (latex +lsp)
        (lua +lsp +tree-sitter)
        markdown
-       (nix +lsp +tree-sitter)
+       (nix +lsp)
        (org +hugo
             +journal
             +noter
@@ -109,7 +109,7 @@
        ;; (scheme +racket)
        (sh +lsp +tree-sitter)
        (web +lsp +tree-sitter)
-       (yaml +tree-sitter)
+       yaml
        (zig +lsp +tree-sitter)
 
        :email
diff --git a/modules/nixfiles/firefox/default.nix b/modules/nixfiles/firefox/default.nix
index d7afdae..6e42d76 100644
--- a/modules/nixfiles/firefox/default.nix
+++ b/modules/nixfiles/firefox/default.nix
@@ -32,7 +32,7 @@ in {
           };
         };
 
-        profiles.default = (import ./profile.nix) config.nixfiles.modules lib;
+        profiles.default = (import ./profile.nix) config lib;
 
         extensions = with pkgs.nur.repos.rycee.firefox-addons;
           [
@@ -41,6 +41,7 @@ in {
             ipfs-companion
             noscript
             privacy-redirect
+            refined-github
             stylus
             ublock-origin
             violentmonkey
diff --git a/modules/nixfiles/firefox/profile.nix b/modules/nixfiles/firefox/profile.nix
index 3382b85..6735db3 100644
--- a/modules/nixfiles/firefox/profile.nix
+++ b/modules/nixfiles/firefox/profile.nix
@@ -1,8 +1,8 @@
-modules: lib:
+config: lib:
 with lib; let
   mkCssWithRoot = css:
     mkMerge [
-      (with modules.profiles.common.colourScheme; ''
+      (with config.colourScheme; ''
         :root {
             --black: ${black};
             --red: ${red};
@@ -23,7 +23,7 @@ with lib; let
             --background: ${background};
             --foreground: ${foreground};
       '')
-      (with modules.fonts.fontScheme; ''
+      (with config.fontScheme; ''
             --sans-serif-font-family: "${sansSerifFont.family}", "${sansSerifFontFallback.family}", sans-serif;
             --sans-serif-font-size: ${toString sansSerifFont.size};
             --serif-font-family: "${serifFont.family}", "${serifFontFallback.family}", serif;
@@ -39,10 +39,13 @@ in {
 
   isDefault = true;
 
+  # A way to change the look of the Firefox itself.
   userChrome = mkCssWithRoot ./userChrome.css;
 
+  # A way to remove annoyances and visual bloat of many webpages.
   userContent = mkCssWithRoot ./userContent.css;
 
+  # Mostly appropriated from https://github.com/arkenfox/user.js
   settings = {
     # Updates
     #
@@ -395,6 +398,7 @@ in {
     #
     "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
     #
+    "browser.startup.page" = 1;
     "browser.startup.homepage" = "about:blank"; # TODO Custom?
     "browser.startup.homepage_welcome_url" = "";
     "browser.startup.homepage_welcome_url.additional" = "";
@@ -406,11 +410,6 @@ in {
     "browser.newtabpage.enabled" = false;
     "browser.newtabpage.enhanced" = false;
     "browser.newtabpage.activity-stream.default.sites" = "";
-    "browser.newtabpage.activity-stream.asrouter.disable-captive-portal-vpn-promo" =
-      true;
-    "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
-    "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" =
-      false;
     "browser.newtabpage.activity-stream.discoverystream.enabled" = false;
     "browser.newtabpage.activity-stream.feeds.discoverystreamfeed" = false;
     "browser.newtabpage.activity-stream.feeds.places" = false;
@@ -422,6 +421,8 @@ in {
     "browser.newtabpage.activity-stream.showSponsored" = false;
     "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
     "browser.newtabpage.activity-stream.telemetry" = false;
+    "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons" = false;
+    "browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features" = false;
     #
     "layout.css.color-mix.enabled" = true;
     #
@@ -473,7 +474,7 @@ in {
     # Toolbar
     #
     "browser.uiCustomization.state" = ''
-      {"placements":{"widget-overflow-fixed-list":["ublock0_raymondhill_net-browser-action","_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_b7f9d2cd-d772-4302-8c3f-eb941af36f76_-browser-action","ipfs-firefox-addon_lidel_org-browser-action","addon_darkreader_org-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action"],"nav-bar":["back-button","forward-button","urlbar-container","save-to-pocket-button"],"toolbar-menubar":["menubar-items"],"TabsToolbar":["tabbrowser-tabs","new-tab-button","alltabs-button"],"PersonalToolbar":["personal-bookmarks"]},"seen":["addon_darkreader_org-browser-action","ipfs-firefox-addon_lidel_org-browser-action","plasma-browser-integration_kde_org-browser-action","ublock0_raymondhill_net-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action","_b7f9d2cd-d772-4302-8c3f-eb941af36f76_-browser-action","developer-button"],"dirtyAreaCache":["nav-bar","widget-overflow-fixed-list","toolbar-menubar","TabsToolbar","PersonalToolbar"],"currentVersion":17,"newElementCount":6}
+      {"placements":{"widget-overflow-fixed-list":["ublock0_raymondhill_net-browser-action","_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","ipfs-firefox-addon_lidel_org-browser-action","addon_darkreader_org-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action"],"nav-bar":["back-button","forward-button","urlbar-container","save-to-pocket-button"],"toolbar-menubar":["menubar-items"],"TabsToolbar":["tabbrowser-tabs","new-tab-button","alltabs-button"],"PersonalToolbar":["personal-bookmarks"]},"seen":["addon_darkreader_org-browser-action","ipfs-firefox-addon_lidel_org-browser-action","plasma-browser-integration_kde_org-browser-action","ublock0_raymondhill_net-browser-action","_2e5ff8c8-32fe-46d0-9fc8-6b8986621f3c_-browser-action","_446900e4-71c2-419f-a6a7-df9c091e268b_-browser-action","_73a6fe31-595d-460b-a920-fcc0f8843232_-browser-action","_7a7a4a92-a2a0-41d1-9fd7-1e92480d612d_-browser-action","_aecec67f-0d10-4fa7-b7c7-609a2db280cf_-browser-action","_b7f9d2cd-d772-4302-8c3f-eb941af36f76_-browser-action","developer-button","_a4c4eda4-fb84-4a84-b4a1-f7c1cbf2a1ad_-browser-action"],"dirtyAreaCache":["nav-bar","widget-overflow-fixed-list","toolbar-menubar","TabsToolbar","PersonalToolbar"],"currentVersion":17,"newElementCount":7}
     '';
   };
 }
diff --git a/modules/nixfiles/firefox/userContent.css b/modules/nixfiles/firefox/userContent.css
index b93d5dd..97365f9 100644
--- a/modules/nixfiles/firefox/userContent.css
+++ b/modules/nixfiles/firefox/userContent.css
@@ -26,6 +26,14 @@
 
 @-moz-document url-prefix(https://github.com/), url-prefix(https://gist.github.com/)
 {
+    .footer {
+        display: none !important;
+    }
+
+    .application-main {
+        padding-bottom: 20px !important;
+    }
+
     .blob-num,
     .blob-code-inner {
         font-family: var(--monospace-font-family) !important;
@@ -250,3 +258,14 @@
         --offset: default !important;
     }
 }
+
+@-moz-document regexp("https:\/\/\.*\.wikipedia\.org/.*") {
+    #footer,
+    #mp-topbanner,
+    #mw-head,
+    #mw-page-base,
+    #siteNotice,
+    .wbc-editpage {
+        display: none !important;
+    }
+}
diff --git a/modules/nixfiles/gotify.nix b/modules/nixfiles/gotify.nix
index 440aff8..1cfd9a7 100644
--- a/modules/nixfiles/gotify.nix
+++ b/modules/nixfiles/gotify.nix
@@ -23,11 +23,15 @@ in {
       nixfiles.modules = {
         nginx = {
           enable = true;
-          virtualHosts.${cfg.domain} = {
-            locations."/" = {
-              proxyPass = "http://127.0.0.1:${toString config.services.gotify.port}";
-              proxyWebsockets = true;
-            };
+          upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = {};
+          virtualHosts.${cfg.domain}.locations."/" = {
+            proxyPass = "http://gotify";
+            proxyWebsockets = true;
+            extraConfig = ''
+              if ($internal != 1) {
+                return 403;
+              }
+            '';
           };
         };
         postgresql.enable = true;
diff --git a/modules/nixfiles/grafana.nix b/modules/nixfiles/grafana.nix
index 66cde70..fcc85f8 100644
--- a/modules/nixfiles/grafana.nix
+++ b/modules/nixfiles/grafana.nix
@@ -40,9 +40,15 @@ in {
     nixfiles.modules = {
       nginx = {
         enable = true;
+        upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = {};
         virtualHosts.${cfg.domain}.locations."/" = {
-          proxyPass = "http://127.0.0.1:${toString cfg.port}";
+          proxyPass = "http://grafana";
           proxyWebsockets = true;
+          extraConfig = ''
+            if ($internal != 1) {
+              return 403;
+            }
+          '';
         };
       };
       postgresql.enable = true;
diff --git a/modules/nixfiles/hydra.nix b/modules/nixfiles/hydra.nix
index 0814b3a..2168ed5 100644
--- a/modules/nixfiles/hydra.nix
+++ b/modules/nixfiles/hydra.nix
@@ -26,7 +26,8 @@ in {
     nixfiles.modules = {
       nginx = {
         enable = true;
-        virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}";
+        upstreams.hydra.servers."127.0.0.1:${toString cfg.port}" = {};
+        virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://hydra";
       };
       postgresql.enable = true;
     };
diff --git a/modules/nixfiles/ipfs.nix b/modules/nixfiles/ipfs.nix
index 455f8e8..8bdbc12 100644
--- a/modules/nixfiles/ipfs.nix
+++ b/modules/nixfiles/ipfs.nix
@@ -134,8 +134,13 @@ in {
     (mkIf this.isHeadless {
       nixfiles.modules.nginx = {
         enable = true;
+        upstreams = {
+          ipfs_gateway.servers."127.0.0.1:${toString cfg.gatewayPort}" = {};
+          ipfs_swarm.servers."127.0.0.1:${toString cfg.swarmPort}" = {};
+          ipfs_api.servers."127.0.0.1:${toString cfg.apiPort}" = {};
+        };
         virtualHosts = {
-          ${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:${toString cfg.gatewayPort}";
+          ${cfg.domain}.locations."/".proxyPass = "http://ipfs_gateway";
           "swarm.${cfg.domain}" = {
             serverName = cfg.domain;
             listen = [
@@ -148,12 +153,12 @@ in {
                 port = swarmDefaultPort;
               }
             ];
-            locations."/".proxyPass = "http://127.0.0.1:${toString cfg.swarmPort}";
+            locations."/".proxyPass = "http://ipfs_swarm";
           };
           "api.${cfg.domain}" = {
             # TODO Redirect "/" to "/webui" but keep other endpoints.
             locations."/" = {
-              proxyPass = "http://127.0.0.1:${toString cfg.apiPort}";
+              proxyPass = "http://ipfs_api";
               extraConfig = ''
                 if ($internal != 1) {
                   return 403;
diff --git a/modules/nixfiles/lidarr.nix b/modules/nixfiles/lidarr.nix
index 15e91ae..f73f917 100644
--- a/modules/nixfiles/lidarr.nix
+++ b/modules/nixfiles/lidarr.nix
@@ -19,7 +19,8 @@ in {
   config = mkIf cfg.enable {
     nixfiles.modules.nginx = {
       enable = true;
-      virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:8686";
+      upstreams.lidarr.servers."127.0.0.1:8686" = {};
+      virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://lidarr";
     };
 
     services.lidarr.enable = true;
diff --git a/modules/nixfiles/loki.nix b/modules/nixfiles/loki.nix
index 7f85852..77b6ca0 100644
--- a/modules/nixfiles/loki.nix
+++ b/modules/nixfiles/loki.nix
@@ -26,8 +26,9 @@ in {
   config = mkIf cfg.enable {
     nixfiles.modules.nginx = with cfg; {
       enable = true;
+      upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {};
       virtualHosts.${domain}.locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString port}";
+        proxyPass = "http://loki";
         extraConfig = ''
           if ($internal != 1) {
             return 403;
diff --git a/modules/nixfiles/matrix/dendrite.nix b/modules/nixfiles/matrix/dendrite.nix
index eb3c437..4792f0e 100644
--- a/modules/nixfiles/matrix/dendrite.nix
+++ b/modules/nixfiles/matrix/dendrite.nix
@@ -27,8 +27,9 @@ in {
     nixfiles.modules = {
       nginx = {
         enable = true;
+        upstreams.dendrite.servers."127.0.0.1:${toString config.services.dendrite.httpPort}" = {};
         virtualHosts.${cfg.domain}.locations = {
-          "/_matrix".proxyPass = "http://127.0.0.1:${toString config.services.dendrite.httpPort}";
+          "/_matrix".proxyPass = "http://dendrite";
           "= /.well-known/matrix/server" = {
             extraConfig = ''
               add_header Content-Type application/json;
diff --git a/modules/nixfiles/matrix/synapse.nix b/modules/nixfiles/matrix/synapse.nix
index 877d7e9..5f16b7d 100644
--- a/modules/nixfiles/matrix/synapse.nix
+++ b/modules/nixfiles/matrix/synapse.nix
@@ -25,8 +25,9 @@ in {
       nixfiles.modules = {
         nginx = {
           enable = true;
+          upstreams.synapse.servers."${bind_address}:${toString port}" = {};
           virtualHosts.${cfg.domain}.locations = {
-            "~ ^(/_matrix|/_synapse/client)".proxyPass = "http://${bind_address}:${toString port}";
+            "~ ^(/_matrix|/_synapse/client)".proxyPass = "http://synapse";
             "= /.well-known/matrix/server" = {
               extraConfig = ''
                 add_header Content-Type application/json;
diff --git a/modules/nixfiles/nginx.nix b/modules/nixfiles/nginx.nix
index d08fdab..38fc613 100644
--- a/modules/nixfiles/nginx.nix
+++ b/modules/nixfiles/nginx.nix
@@ -11,10 +11,14 @@ in {
   options.nixfiles.modules.nginx = {
     enable = mkEnableOption "Nginx";
 
+    upstreams = mkOption {
+      description = "Defines a group of servers to use as proxy target.";
+      type = with types; anything;
+      default = null;
+    };
+
     virtualHosts = mkOption {
       description = "Attrset of virtual hosts.";
-      # Not sure how to "inherit" the type from the original Nixpkgs option.
-      # Just make sure it's compatible with service.nginx.virtualHosts, ok?
       type = with types; anything;
       default = null;
     };
@@ -30,6 +34,8 @@ in {
 
         statusPage = true;
 
+        serverTokens = false;
+
         recommendedGzipSettings = true;
         recommendedOptimisation = true;
         recommendedProxySettings = true;
@@ -50,6 +56,8 @@ in {
             ''))
         ];
 
+        inherit (cfg) upstreams;
+
         virtualHosts =
           {
             default = {
diff --git a/modules/nixfiles/nsd.nix b/modules/nixfiles/nsd.nix
index 35fd668..5426414 100644
--- a/modules/nixfiles/nsd.nix
+++ b/modules/nixfiles/nsd.nix
@@ -100,7 +100,6 @@ in {
                       # ns2 = varda;
 
                       alertmanager = manwe;
-                      bitwarden = manwe;
                       flood = yavanna;
                       gotify = manwe;
                       grafana = manwe;
@@ -108,6 +107,7 @@ in {
                       prometheus = manwe;
                       radicale = manwe;
                       rss-bridge = manwe;
+                      vaultwarden = manwe;
                     };
                   };
               })
diff --git a/modules/nixfiles/prometheus.nix b/modules/nixfiles/prometheus.nix
index 696cfe4..e816b74 100644
--- a/modules/nixfiles/prometheus.nix
+++ b/modules/nixfiles/prometheus.nix
@@ -25,8 +25,9 @@ in {
   config = mkIf cfg.enable {
     nixfiles.modules.nginx = with cfg; {
       enable = true;
+      upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {};
       virtualHosts.${domain}.locations."/" = {
-        proxyPass = with cfg; "http://127.0.0.1:${toString port}";
+        proxyPass = "http://prometheus";
         extraConfig = ''
           if ($internal != 1) {
             return 403;
diff --git a/modules/nixfiles/radarr.nix b/modules/nixfiles/radarr.nix
index 1ed0747..0abfdf2 100644
--- a/modules/nixfiles/radarr.nix
+++ b/modules/nixfiles/radarr.nix
@@ -19,7 +19,8 @@ in {
   config = mkIf cfg.enable {
     nixfiles.modules.nginx = {
       enable = true;
-      virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:7878";
+      upstreams.radarr.servers."127.0.0.1:7878" = {};
+      virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://radarr";
     };
 
     services.radarr.enable = true;
diff --git a/modules/nixfiles/radicale.nix b/modules/nixfiles/radicale.nix
index 45702b6..679a8be 100644
--- a/modules/nixfiles/radicale.nix
+++ b/modules/nixfiles/radicale.nix
@@ -29,8 +29,9 @@ in {
 
       nixfiles.modules.nginx = {
         enable = true;
+        upstreams.radicale.servers."127.0.0.1:${toString port}" = {};
         virtualHosts.${cfg.domain}.locations."/" = {
-          proxyPass = "http://127.0.0.1:${toString port}";
+          proxyPass = "http://radicale";
           extraConfig = ''
             if ($internal != 1) {
               return 403;
diff --git a/modules/nixfiles/rss-bridge.nix b/modules/nixfiles/rss-bridge.nix
index c35b749..42bb7d0 100644
--- a/modules/nixfiles/rss-bridge.nix
+++ b/modules/nixfiles/rss-bridge.nix
@@ -17,14 +17,7 @@ in {
   };
 
   config = mkIf cfg.enable {
-    nixfiles.modules.nginx = {
-      enable = true;
-      virtualHosts.${cfg.domain}.extraConfig = ''
-        if ($internal != 1) {
-          return 403;
-        }
-      '';
-    };
+    nixfiles.modules.nginx.enable = true;
 
     services = {
       rss-bridge = {
diff --git a/modules/nixfiles/rtorrent.nix b/modules/nixfiles/rtorrent.nix
index 3560be2..320da03 100644
--- a/modules/nixfiles/rtorrent.nix
+++ b/modules/nixfiles/rtorrent.nix
@@ -190,6 +190,7 @@ in {
         mkIf cfg.flood.enable {
           nixfiles.modules.nginx = {
             enable = true;
+            upstreams.flood.servers."127.0.0.1:${toString cfg.port}" = {};
             virtualHosts.${cfg.flood.domain} = {
               root = "${pkg}/lib/node_modules/flood/dist/assets";
               locations = {
@@ -202,7 +203,7 @@ in {
                   '';
                 };
                 "/api" = {
-                  proxyPass = "http://127.0.0.1:${toString port}";
+                  proxyPass = "http://flood";
                   extraConfig = ''
                     proxy_buffering off;
                     proxy_cache off;
diff --git a/modules/nixfiles/searx.nix b/modules/nixfiles/searx.nix
index c01c517..fd11904 100644
--- a/modules/nixfiles/searx.nix
+++ b/modules/nixfiles/searx.nix
@@ -32,8 +32,9 @@ in {
 
     nixfiles.modules.nginx = {
       enable = true;
+      upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {};
       virtualHosts.${cfg.domain}.locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString cfg.port}";
+        proxyPass = "http://searx";
         extraConfig = ''
           if ($internal != 1) {
             return 403;
diff --git a/modules/nixfiles/sonarr.nix b/modules/nixfiles/sonarr.nix
index 1b22d63..8c79175 100644
--- a/modules/nixfiles/sonarr.nix
+++ b/modules/nixfiles/sonarr.nix
@@ -19,7 +19,8 @@ in {
   config = mkIf cfg.enable {
     nixfiles.modules.nginx = {
       enable = true;
-      virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://127.0.0.1:8989";
+      upstreams.sonarr.servers."127.0.0.1:8989" = {};
+      virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://sonarr";
     };
 
     services.sonarr.enable = true;
diff --git a/modules/nixfiles/syncthing.nix b/modules/nixfiles/syncthing.nix
index 8f68675..6e6e629 100644
--- a/modules/nixfiles/syncthing.nix
+++ b/modules/nixfiles/syncthing.nix
@@ -144,8 +144,9 @@ in {
     (mkIf this.isHeadless {
       nixfiles.modules.nginx = {
         enable = true;
+        upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {};
         virtualHosts.${cfg.domain}.locations."/" = {
-          proxyPass = "http://${config.services.syncthing.guiAddress}";
+          proxyPass = "http://syncthing";
           extraConfig = ''
             if ($internal != 1) {
               return 403;
diff --git a/modules/nixfiles/vaultwarden.nix b/modules/nixfiles/vaultwarden.nix
index f40e4f5..dc8bb84 100644
--- a/modules/nixfiles/vaultwarden.nix
+++ b/modules/nixfiles/vaultwarden.nix
@@ -13,7 +13,7 @@ in {
     domain = mkOption {
       description = "Domain name sans protocol scheme.";
       type = with types; str;
-      default = "bitwarden.${config.networking.domain}";
+      default = "vaultwarden.${config.networking.domain}";
     };
   };
 
@@ -27,17 +27,21 @@ in {
     nixfiles.modules = {
       nginx = {
         enable = true;
-        virtualHosts.${cfg.domain} = with config.services.vaultwarden.config; {
+        upstreams = with config.services.vaultwarden.config; {
+          vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = {};
+          vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = {};
+        };
+        virtualHosts.${cfg.domain} = {
           locations."/" = {
-            proxyPass = "http://[${ROCKET_ADDRESS}]:${toString ROCKET_PORT}";
+            proxyPass = "http://vaultwarden_rocket";
             proxyWebsockets = true;
           };
           locations."/notifications/hub" = {
-            proxyPass = "http://[${WEBSOCKET_ADDRESS}]:${toString WEBSOCKET_PORT}";
+            proxyPass = "http://vaultwarden_websocket";
             proxyWebsockets = true;
           };
           locations."/notifications/hub/negotiate" = {
-            proxyPass = "http://[${ROCKET_ADDRESS}]:${toString ROCKET_PORT}";
+            proxyPass = "http://vaultwarden_rocket";
             proxyWebsockets = true;
           };
         };
@@ -60,11 +64,11 @@ in {
           SIGNUPS_ALLOWED = false;
           INVITATIONS_ALLOWED = true;
 
-          ROCKET_ADDRESS = "::1";
+          ROCKET_ADDRESS = "127.0.0.1";
           ROCKET_PORT = 8812;
 
           WEBSOCKET_ENABLED = true;
-          WEBSOCKET_ADDRESS = "::1";
+          WEBSOCKET_ADDRESS = "127.0.0.1";
           WEBSOCKET_PORT = 8813;
 
           LOG_LEVEL = "error";
diff --git a/modules/nixfiles/wireguard.nix b/modules/nixfiles/wireguard.nix
index fa7ad34..c4fca1e 100644
--- a/modules/nixfiles/wireguard.nix
+++ b/modules/nixfiles/wireguard.nix
@@ -193,13 +193,12 @@ in {
           firewall.allowedUDPPorts = [cfg.server.port];
         };
 
-        # # TODO Dashboard for this.
-        # services.prometheus.exporters.wireguard = {
-        #   enable = true;
-        #   listenAddress = mkDefault this.wireguard.ipv4.address;
-        #   withRemoteIp = true;
-        #   port = 9586;
-        # };
+        services.prometheus.exporters.wireguard = {
+          enable = true;
+          listenAddress = mkDefault this.wireguard.ipv4.address;
+          withRemoteIp = true;
+          port = 9586;
+        };
       })
     ];
 }

Consider giving Nix/NixOS a try! <3