about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-09-28 03:41:22 +0300
committerAzat Bahawi <azat@bahawi.net>2023-09-28 03:41:22 +0300
commitfa40015d45d721eba1b363fbca3e55881f296b87 (patch)
tree2377044fdc99870678b3752ae05ee037e8cb14ca
parent2023-09-20 (diff)
2023-09-28
-rw-r--r--darwinConfigurations/mairon/default.nix2
-rw-r--r--flake.lock78
-rw-r--r--modules/common/common/nix/default.nix50
-rw-r--r--modules/common/profiles/dev/containers.nix2
-rw-r--r--modules/common/profiles/dev/default.nix7
-rw-r--r--modules/nixos/plausible-nixpkgs-override.nix312
-rw-r--r--modules/nixos/plausible.nix19
-rw-r--r--nixosConfigurations/eonwe/default.nix12
-rw-r--r--packages/nixfiles.nix213
9 files changed, 229 insertions, 466 deletions
diff --git a/darwinConfigurations/mairon/default.nix b/darwinConfigurations/mairon/default.nix
index 96538ec..00df257 100644
--- a/darwinConfigurations/mairon/default.nix
+++ b/darwinConfigurations/mairon/default.nix
@@ -26,10 +26,12 @@ with lib; {
       {name = "burp-suite";}
       {name = "cocoapods";}
       {name = "docker";}
+      {name = "go";}
       {name = "jetbrains-toolbox";}
       {name = "obs";}
       {name = "openlens";}
       {name = "postman";}
+      {name = "shadowsocksx-ng";}
       {name = "vial";}
       {name = "vnc-viewer";}
       {name = "wireshark";}
diff --git a/flake.lock b/flake.lock
index aaff461..7aa25b1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -13,11 +13,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694793763,
-        "narHash": "sha256-y6gTE1C9mIoSkymRYyzCmv62PFgy+hbZ5j8fuiQK5KI=",
+        "lastModified": 1695384796,
+        "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "572baca9b0c592f71982fca0790db4ce311e3c75",
+        "rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4",
         "type": "github"
       },
       "original": {
@@ -70,11 +70,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1693814299,
-        "narHash": "sha256-DdmhEwIkd/t8vb7i2HS+M/rzcgSsxufC0F7LCDh0F/I=",
+        "lastModified": 1695631916,
+        "narHash": "sha256-/VSzU9MRKB/9EE5EP6vkamC6Ree14hRdzZkdmdGmEFM=",
         "owner": "dwarfmaster",
         "repo": "arkenfox-nixos",
-        "rev": "64bfb7623798d17c0ea0541f7f1488975ab4ff73",
+        "rev": "4e724d5102a289400ea535429c331b23b3799de5",
         "type": "github"
       },
       "original": {
@@ -147,11 +147,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694810318,
-        "narHash": "sha256-LuvrVj2oj9TzdnnwtQUClqcXjpgwCP01FFVBM7azGV8=",
+        "lastModified": 1695686713,
+        "narHash": "sha256-rJATx5B/nwlBpt7CJUf85LV27qWPbul5UVV8fu6ABPg=",
         "owner": "LnL7",
         "repo": "nix-darwin",
-        "rev": "80bb201f4925cdda5a7a3c7b1900fb26bb2af2e8",
+        "rev": "e236a1e598a9a59265897948ac9874c364b9555f",
         "type": "github"
       },
       "original": {
@@ -287,11 +287,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694643239,
-        "narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=",
+        "lastModified": 1695738267,
+        "narHash": "sha256-LTNAbTQ96xSj17xBfsFrFS9i56U2BMLpD0BduhrsVkU=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d9b88b43524db1591fb3d9410a21428198d75d49",
+        "rev": "0f4e5b4999fd6a42ece5da8a3a2439a50e48e486",
         "type": "github"
       },
       "original": {
@@ -346,11 +346,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694740557,
-        "narHash": "sha256-9HZ8cHeSv3uy6xcErO4Eb60lhcov7uXXeUFmqbAcjYs=",
+        "lastModified": 1695777360,
+        "narHash": "sha256-dU1Baq0ae2JRCLwg7puSZ8+4lfd401gnQEVHKA4QYH8=",
         "owner": "Infinidoge",
         "repo": "nix-minecraft",
-        "rev": "20d2f5ccd03b8b1549f2b2e92d4d147318bc1296",
+        "rev": "769afc9e3338697d0ff129ef096a7fde6db3d696",
         "type": "github"
       },
       "original": {
@@ -373,11 +373,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694740775,
-        "narHash": "sha256-cxnaqGPye8mN7WaCpF1TGlcQaSHAyEIgSVImOTuVrsQ=",
+        "lastModified": 1695777563,
+        "narHash": "sha256-eRYVpsEgU61yjBRdwEm+fvmwbl1had2GSULpAaB8KWI=",
         "owner": "nix-community",
         "repo": "nix-vscode-extensions",
-        "rev": "d073d60efa6c3400d9de3c91bcddba5c4c419159",
+        "rev": "c64fa1726fda5190c5f6fe0f1a76262cca1962cd",
         "type": "github"
       },
       "original": {
@@ -389,11 +389,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1694710316,
-        "narHash": "sha256-uRh46iIC86D8BD1wCDA5gRrt+hslUXiD0kx/UjnjBcs=",
+        "lastModified": 1695541019,
+        "narHash": "sha256-rs++zfk41K9ArWkDAlmBDlGlKO8qeRIRzdjo+9SmNFI=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "570256327eb6ca6f7bebe8d93af49459092a0c43",
+        "rev": "61283b30d11f27d5b76439d43f20d0c0c8ff5296",
         "type": "github"
       },
       "original": {
@@ -405,11 +405,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1694760568,
-        "narHash": "sha256-3G07BiXrp2YQKxdcdms22MUx6spc6A++MSePtatCYuI=",
+        "lastModified": 1695806987,
+        "narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "46688f8eb5cd6f1298d873d4d2b9cf245e09e88e",
+        "rev": "f3dab3509afca932f3f4fd0908957709bb1c1f57",
         "type": "github"
       },
       "original": {
@@ -421,11 +421,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1694810993,
-        "narHash": "sha256-SWYQdFzdcRyGoX4b2G1sZfGwvizrVejBaVB54OUjgBc=",
+        "lastModified": 1695859332,
+        "narHash": "sha256-w2a7NW3VtI5FgFPUKslYRGAj5Qb7y4i0I2QO0S/lBMQ=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "7fb1b6096567f4a5e7e5f195396950a77d8d85d7",
+        "rev": "248a83fffc10b627da67fa6b25d2c13fc7542628",
         "type": "github"
       },
       "original": {
@@ -437,11 +437,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1694810104,
-        "narHash": "sha256-9UCF1nno2Cy+a4uu5lScW3cIrfUQAdTteYCDGCeIUWE=",
+        "lastModified": 1695857902,
+        "narHash": "sha256-zBTlSQ1TMKdGjZCQk4KrVmDmosq3MQf98ichJ2sXBBE=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "15af07fe9e9e8c01dcaaff0e1ee71186c64f04f7",
+        "rev": "c9ac6ec01314e8ff2669bd723bfb98bb072723b4",
         "type": "github"
       },
       "original": {
@@ -465,11 +465,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694341786,
-        "narHash": "sha256-7xp0lZ0Ihx1f9WLYxOWP73PlM0HOa0Wrp3/iF7D++zc=",
+        "lastModified": 1695804493,
+        "narHash": "sha256-LcHdI5TjeomY7Q244iKwcZUUwT5uZUUFANORNIoslKY=",
         "owner": "nix-community",
         "repo": "nixvim",
-        "rev": "9e6892e8391a5bcc3727802b6a9fb2b9b52537df",
+        "rev": "9e448b7ff002505774c53b815726edbb677afea6",
         "type": "github"
       },
       "original": {
@@ -515,11 +515,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1694810691,
-        "narHash": "sha256-PiJzhZcBIYMAolB3IL8qiYJwERlqxexY0lK0/XRTaAk=",
+        "lastModified": 1695858410,
+        "narHash": "sha256-Y/xJxDBhrI8WZGX0L8GDw0vTdFpmh1P10lq9sws6YKo=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "0ea96f83aba38b8e75462f16ae7862285b772b2c",
+        "rev": "b7a926cb0b29662ee27f382bf1c2aa26608f45ec",
         "type": "github"
       },
       "original": {
@@ -606,11 +606,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1694364351,
-        "narHash": "sha256-oadhSCqopYXxURwIA6/Anpe5IAG11q2LhvTJNP5zE6o=",
+        "lastModified": 1695576016,
+        "narHash": "sha256-71KxwRhTfVuh7kNrg3/edNjYVg9DCyKZl2QIKbhRggg=",
         "owner": "cachix",
         "repo": "pre-commit-hooks.nix",
-        "rev": "4f883a76282bc28eb952570afc3d8a1bf6f481d7",
+        "rev": "cb770e93516a1609652fa8e945a0f310e98f10c0",
         "type": "github"
       },
       "original": {
diff --git a/modules/common/common/nix/default.nix b/modules/common/common/nix/default.nix
index d6cd362..dc99434 100644
--- a/modules/common/common/nix/default.nix
+++ b/modules/common/common/nix/default.nix
@@ -37,6 +37,7 @@ with lib; {
       experimental-features = concatStringsSep " " [
         "flakes"
         "nix-command"
+        "recursive-nix"
         "repl-flake"
       ];
 
@@ -123,30 +124,31 @@ with lib; {
     )
   ];
 
-  environment.systemPackages = with pkgs;
-    optionals this.isHeadful [
-      nix-top
-      nix-tree
-    ];
+  environment = {
+    systemPackages = with pkgs;
+      optionals this.isHeadful [
+        nix-top
+        nix-tree
+        nixfiles
+      ];
+    variables.NIXFILES = "${config.my.home}/src/nixfiles";
+  };
 
-  hm.home.file.".nix-defexpr/default.nix".text =
-    optionalString this.isHeadful
-    (
+  hm.home.file.".nix-defexpr/default.nix".text = let
+    hostname = strings.escapeNixIdentifier this.hostname;
+  in
+    optionalString this.isHeadful ''
       let
-        hostname = strings.escapeNixIdentifier this.hostname;
-      in ''
-        let
-          self = builtins.getFlake "nixfiles";
-          configurations = self.nixosConfigurations;
-          local = configurations.${hostname};
-        in rec {
-          inherit self;
-          inherit (self) inputs lib;
-          inherit (lib) my;
-          this = my.configurations.${hostname};
-          inherit (local) config;
-          inherit (local.config.system.build) toplevel vm vmWithBootLoader manual;
-        } // configurations // local._module.args
-      ''
-    );
+        self = builtins.getFlake "nixfiles";
+        configurations = self.nixosConfigurations;
+        local = configurations.${hostname};
+      in rec {
+        inherit self;
+        inherit (self) inputs lib;
+        inherit (lib) my;
+        this = my.configurations.${hostname};
+        inherit (local) config;
+        inherit (local.config.system.build) toplevel vm vmWithBootLoader manual;
+      } // configurations // local._module.args
+    '';
 }
diff --git a/modules/common/profiles/dev/containers.nix b/modules/common/profiles/dev/containers.nix
index 06826f9..61a9f09 100644
--- a/modules/common/profiles/dev/containers.nix
+++ b/modules/common/profiles/dev/containers.nix
@@ -44,7 +44,7 @@ in {
           kubelogin-oidc
           kubent
           kubernetes-helm
-          kubescape
+          # kubescape
           kubeseal
           kubespy
           minikube
diff --git a/modules/common/profiles/dev/default.nix b/modules/common/profiles/dev/default.nix
index 442a03a..4f2a80f 100644
--- a/modules/common/profiles/dev/default.nix
+++ b/modules/common/profiles/dev/default.nix
@@ -79,13 +79,14 @@ in {
       };
 
       packages = with pkgs; [
-        htmlq
-        hydra-check
-        jq
         nix-index
         nix-update
         nixpkgs-review
+        hydra-check
+        jq
         yq
+        htmlq
+        sops
       ];
     };
   };
diff --git a/modules/nixos/plausible-nixpkgs-override.nix b/modules/nixos/plausible-nixpkgs-override.nix
deleted file mode 100644
index 67fffdc..0000000
--- a/modules/nixos/plausible-nixpkgs-override.nix
+++ /dev/null
@@ -1,312 +0,0 @@
-{
-  lib,
-  pkgs,
-  config,
-  ...
-}:
-with lib; let
-  cfg = config.services.plausible;
-in {
-  options.services.plausible = {
-    enable = mkEnableOption (lib.mdDoc "plausible");
-
-    package = mkPackageOptionMD pkgs "plausible" {};
-
-    releaseCookiePath = mkOption {
-      type = with types; either str path;
-      description = lib.mdDoc ''
-        The path to the file with release cookie. (used for remote connection to the running node).
-      '';
-    };
-
-    adminUser = {
-      name = mkOption {
-        default = "admin";
-        type = types.str;
-        description = lib.mdDoc ''
-          Name of the admin user that plausible will created on initial startup.
-        '';
-      };
-
-      email = mkOption {
-        type = types.str;
-        example = "admin@localhost";
-        description = lib.mdDoc ''
-          Email-address of the admin-user.
-        '';
-      };
-
-      passwordFile = mkOption {
-        type = types.either types.str types.path;
-        description = lib.mdDoc ''
-          Path to the file which contains the password of the admin user.
-        '';
-      };
-
-      activate = mkEnableOption (lib.mdDoc "activating the freshly created admin-user");
-    };
-
-    database = {
-      clickhouse = {
-        setup = mkEnableOption (lib.mdDoc "creating a clickhouse instance") // {default = true;};
-        url = mkOption {
-          default = "http://localhost:8123/default";
-          type = types.str;
-          description = lib.mdDoc ''
-            The URL to be used to connect to `clickhouse`.
-          '';
-        };
-      };
-      postgres = {
-        setup = mkEnableOption (lib.mdDoc "creating a postgresql instance") // {default = true;};
-        dbname = mkOption {
-          default = "plausible";
-          type = types.str;
-          description = lib.mdDoc ''
-            Name of the database to use.
-          '';
-        };
-        socket = mkOption {
-          default = "/run/postgresql";
-          type = types.str;
-          description = lib.mdDoc ''
-            Path to the UNIX domain-socket to communicate with `postgres`.
-          '';
-        };
-      };
-    };
-
-    server = {
-      disableRegistration = mkOption {
-        default = true;
-        type = types.bool;
-        description = lib.mdDoc ''
-          Whether to prohibit creating an account in plausible's UI.
-        '';
-      };
-      secretKeybaseFile = mkOption {
-        type = types.either types.path types.str;
-        description = lib.mdDoc ''
-          Path to the secret used by the `phoenix`-framework. Instructions
-          how to generate one are documented in the
-          [
-          framework docs](https://hexdocs.pm/phoenix/Mix.Tasks.Phx.Gen.Secret.html#content).
-        '';
-      };
-      port = mkOption {
-        default = 8000;
-        type = types.port;
-        description = lib.mdDoc ''
-          Port where the service should be available.
-        '';
-      };
-      baseUrl = mkOption {
-        type = types.str;
-        description = lib.mdDoc ''
-          Public URL where plausible is available.
-
-          Note that `/path` components are currently ignored:
-          [
-            https://github.com/plausible/analytics/issues/1182
-          ](https://github.com/plausible/analytics/issues/1182).
-        '';
-      };
-    };
-
-    mail = {
-      email = mkOption {
-        default = "hello@plausible.local";
-        type = types.str;
-        description = lib.mdDoc ''
-          The email id to use for as *from* address of all communications
-          from Plausible.
-        '';
-      };
-      smtp = {
-        hostAddr = mkOption {
-          default = "localhost";
-          type = types.str;
-          description = lib.mdDoc ''
-            The host address of your smtp server.
-          '';
-        };
-        hostPort = mkOption {
-          default = 25;
-          type = types.port;
-          description = lib.mdDoc ''
-            The port of your smtp server.
-          '';
-        };
-        user = mkOption {
-          default = null;
-          type = types.nullOr types.str;
-          description = lib.mdDoc ''
-            The username/email in case SMTP auth is enabled.
-          '';
-        };
-        passwordFile = mkOption {
-          default = null;
-          type = with types; nullOr (either str path);
-          description = lib.mdDoc ''
-            The path to the file with the password in case SMTP auth is enabled.
-          '';
-        };
-        enableSSL = mkEnableOption (lib.mdDoc "SSL when connecting to the SMTP server");
-        retries = mkOption {
-          type = types.ints.unsigned;
-          default = 2;
-          description = lib.mdDoc ''
-            Number of retries to make until mailer gives up.
-          '';
-        };
-      };
-    };
-  };
-
-  config = mkIf cfg.enable {
-    assertions = [
-      {
-        assertion = cfg.adminUser.activate -> cfg.database.postgres.setup;
-        message = ''
-          Unable to automatically activate the admin-user if no locally managed DB for
-          postgres (`services.plausible.database.postgres.setup') is enabled!
-        '';
-      }
-    ];
-
-    services = {
-      postgresql = mkIf cfg.database.postgres.setup {
-        enable = true;
-      };
-
-      clickhouse = mkIf cfg.database.clickhouse.setup {
-        enable = true;
-      };
-
-      epmd.enable = true;
-    };
-
-    environment.systemPackages = [cfg.package];
-
-    systemd.services = mkMerge [
-      {
-        plausible = {
-          inherit (cfg.package.meta) description;
-          documentation = ["https://plausible.io/docs/self-hosting"];
-          wantedBy = ["multi-user.target"];
-          after =
-            optional cfg.database.clickhouse.setup "clickhouse.service"
-            ++ optionals cfg.database.postgres.setup [
-              "postgresql.service"
-              "plausible-postgres.service"
-            ];
-          requires =
-            optional cfg.database.clickhouse.setup "clickhouse.service"
-            ++ optionals cfg.database.postgres.setup [
-              "postgresql.service"
-              "plausible-postgres.service"
-            ];
-
-          environment =
-            {
-              # NixOS specific option to avoid that it's trying to write into its store-path.
-              # See also https://github.com/lau/tzdata#data-directory-and-releases
-              STORAGE_DIR = "/var/lib/plausible/elixir_tzdata";
-
-              # Configuration options from
-              # https://plausible.io/docs/self-hosting-configuration
-              PORT = toString cfg.server.port;
-              DISABLE_REGISTRATION = boolToString cfg.server.disableRegistration;
-
-              RELEASE_TMP = "/var/lib/plausible/tmp";
-              # Home is needed to connect to the node with iex
-              HOME = "/var/lib/plausible";
-
-              ADMIN_USER_NAME = cfg.adminUser.name;
-              ADMIN_USER_EMAIL = cfg.adminUser.email;
-
-              DATABASE_SOCKET_DIR = cfg.database.postgres.socket;
-              DATABASE_NAME = cfg.database.postgres.dbname;
-              CLICKHOUSE_DATABASE_URL = cfg.database.clickhouse.url;
-
-              BASE_URL = cfg.server.baseUrl;
-
-              MAILER_EMAIL = cfg.mail.email;
-              SMTP_HOST_ADDR = cfg.mail.smtp.hostAddr;
-              SMTP_HOST_PORT = toString cfg.mail.smtp.hostPort;
-              SMTP_RETRIES = toString cfg.mail.smtp.retries;
-              SMTP_HOST_SSL_ENABLED = boolToString cfg.mail.smtp.enableSSL;
-
-              SELFHOST = "true";
-            }
-            // (optionalAttrs (cfg.mail.smtp.user != null) {
-              SMTP_USER_NAME = cfg.mail.smtp.user;
-            });
-
-          path =
-            [cfg.package]
-            ++ optional cfg.database.postgres.setup config.services.postgresql.package;
-          script = ''
-            export RELEASE_COOKIE="$(< $CREDENTIALS_DIRECTORY/RELEASE_COOKIE )"
-            export ADMIN_USER_PWD="$(< $CREDENTIALS_DIRECTORY/ADMIN_USER_PWD )"
-            export SECRET_KEY_BASE="$(< $CREDENTIALS_DIRECTORY/SECRET_KEY_BASE )"
-
-            ${lib.optionalString (cfg.mail.smtp.passwordFile != null)
-              ''export SMTP_USER_PWD="$(< $CREDENTIALS_DIRECTORY/SMTP_USER_PWD )"''}
-
-            # setup
-            ${cfg.package}/createdb.sh
-            ${cfg.package}/migrate.sh
-            export IP_GEOLOCATION_DB=${pkgs.dbip-country-lite}/share/dbip/dbip-country-lite.mmdb
-            ${cfg.package}/bin/plausible eval "(Plausible.Release.prepare() ; Plausible.Auth.create_user(\"$ADMIN_USER_NAME\", \"$ADMIN_USER_EMAIL\", \"$ADMIN_USER_PWD\"))"
-            ${optionalString cfg.adminUser.activate ''
-              psql -d plausible <<< "UPDATE users SET email_verified=true where email = '$ADMIN_USER_EMAIL';"
-            ''}
-
-            exec plausible start
-          '';
-
-          serviceConfig = {
-            DynamicUser = true;
-            PrivateTmp = true;
-            WorkingDirectory = "/var/lib/plausible";
-            StateDirectory = "plausible";
-            LoadCredential =
-              [
-                "ADMIN_USER_PWD:${cfg.adminUser.passwordFile}"
-                "SECRET_KEY_BASE:${cfg.server.secretKeybaseFile}"
-                "RELEASE_COOKIE:${cfg.releaseCookiePath}"
-              ]
-              ++ lib.optionals (cfg.mail.smtp.passwordFile != null) ["SMTP_USER_PWD:${cfg.mail.smtp.passwordFile}"];
-          };
-        };
-      }
-      (mkIf cfg.database.postgres.setup {
-        # `plausible' requires the `citext'-extension.
-        plausible-postgres = {
-          after = ["postgresql.service"];
-          partOf = ["plausible.service"];
-          serviceConfig = {
-            Type = "oneshot";
-            User = config.services.postgresql.superUser;
-            RemainAfterExit = true;
-          };
-          script = with cfg.database.postgres; ''
-            PSQL() {
-              ${config.services.postgresql.package}/bin/psql --port=5432 "$@"
-            }
-            # check if the database already exists
-            if ! PSQL -lqt | ${pkgs.coreutils}/bin/cut -d \| -f 1 | ${pkgs.gnugrep}/bin/grep -qw ${dbname} ; then
-              PSQL -tAc "CREATE ROLE plausible WITH LOGIN;"
-              PSQL -tAc "CREATE DATABASE ${dbname} WITH OWNER plausible;"
-              PSQL -d ${dbname} -tAc "CREATE EXTENSION IF NOT EXISTS citext;"
-            fi
-          '';
-        };
-      })
-    ];
-  };
-
-  meta.maintainers = with maintainers; [ma27];
-  meta.doc = ./plausible.md;
-}
diff --git a/modules/nixos/plausible.nix b/modules/nixos/plausible.nix
index 856b318..6553462 100644
--- a/modules/nixos/plausible.nix
+++ b/modules/nixos/plausible.nix
@@ -2,18 +2,11 @@
   config,
   inputs,
   lib,
-  pkgsPr,
   ...
 }:
 with lib; let
   cfg = config.nixfiles.modules.plausible;
 in {
-  disabledModules = ["services/web-apps/plausible.nix"];
-  imports = [
-    # TODO Wait for https://github.com/NixOS/nixpkgs/pull/253687
-    ./plausible-nixpkgs-override.nix
-  ];
-
   options.nixfiles.modules.plausible = {
     enable = mkEnableOption "Plausible Analytics";
 
@@ -57,12 +50,9 @@ in {
         nginx = {
           enable = true;
           upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {};
-          virtualHosts.${cfg.domain} = {
-            locations."/" = {
-              proxyPass = "http://plausible";
-              proxyWebsockets = true;
-            };
-            extraConfig = nginxInternalOnly;
+          virtualHosts.${cfg.domain}.locations."/" = {
+            proxyPass = "http://plausible";
+            proxyWebsockets = true;
           };
         };
         postgresql = {
@@ -90,9 +80,6 @@ in {
       services.plausible = {
         enable = true;
 
-        # TODO Wait for https://github.com/NixOS/nixpkgs/pull/253687
-        package = (pkgsPr 253687 "sha256-36nXNVmZDgf//MrM6/VC7W4Vm013tJ6MlXvYQElhRRw=").plausible;
-
         adminUser = {
           name = "admin";
           email = "admin@${my.domain.shire}";
diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix
index e7f0187..852dc07 100644
--- a/nixosConfigurations/eonwe/default.nix
+++ b/nixosConfigurations/eonwe/default.nix
@@ -14,23 +14,22 @@ with lib; {
 
     wireguard.client.enable = true;
 
+    ipfs.enable = true;
     syncthing.enable = true;
 
     openssh.server.enable = true;
 
+    android.enable = true;
+    beets.enable = true;
+    bluetooth.enable = true;
     games = {
       lutris.enable = true;
       minecraft.client.enable = true;
-
       steam.enable = true;
     };
-    android.enable = true;
-    bluetooth.enable = true;
-    beets.enable = true;
     libvirtd.enable = true;
-    qutebrowser.enable = true;
     mpd.enable = true;
-    ipfs.enable = true;
+    qutebrowser.enable = true;
   };
 
   hm = {
@@ -47,6 +46,7 @@ with lib; {
       radeontop
       vcmi
       vial
+      wireshark
       xonotic
     ];
 
diff --git a/packages/nixfiles.nix b/packages/nixfiles.nix
index 47b2c49..3f17edc 100644
--- a/packages/nixfiles.nix
+++ b/packages/nixfiles.nix
@@ -3,71 +3,154 @@
   jq,
   nix,
   openssh,
+  symlinkJoin,
   writeShellApplication,
-}:
-writeShellApplication {
-  name = "nixfiles";
-  runtimeInputs = [git jq nix openssh];
-  text = ''
-    cmd="$1"
-    shift
-    case "$cmd" in
-    update)
-      if (( $# )); then
-        args=()
-        for input do args+=(--update-input "$input"); done
-        exec nix flake lock "." "''${args[@]}"
-      else
-        exec nix flake update -v "."
-      fi
-      ;;
-    rev)
-      nix flake metadata --json nixfiles |
-        if (( $# )); then
-          jq -r --arg input "$1" '.locks.nodes[$input].locked.rev'
-        else
-          jq -r '.revision // "dirty"'
-        fi
-      ;;
-    repl|eval|build)
-      args=()
-      for arg do case $arg in
-        -w|--wip) args+=(--override-flake config ".")
-        ;;
-        *) args+=("$arg")
-      esac done
-      set -- "''${args[@]}"
-      ;;&
-    repl)
-      exec nix repl ~/.nix-defexpr "$@"
-      ;;
-    eval)
-      exec nix eval -f ~/.nix-defexpr --json "$@" | jq -r .
-      ;;
-    build)
-      exec nix build -f ~/.nix-defexpr --json "$@" | jq -r .
-      ;;
-    home)
-      attr="nixosConfigurations.$HOSTNAME.config.hm.home.activationPackage"
-      export VERBOSE=1
-      exec nix shell --verbose ".#$attr" "$@" --command home-manager-generation
-      ;;
-    specialise)
-      name="$1"
+  writeTextDir,
+  xdg-utils,
+}: let
+  bin = writeShellApplication {
+    name = "nixfiles";
+
+    runtimeInputs = [
+      git
+      jq
+      nix
+      openssh
+      xdg-utils
+    ];
+
+    # Shamelessly appropriated from https://github.com/ncfavier/config.
+    # Hopefully Naïm will not sue me for copyright infrigment.
+    text = ''
+      nixfiles="''${NIXFILES:-$HOME/src/nixfiles}"
+      cmd=$1
       shift
-      exec sudo /run/current-system/specialisation/"$name"/bin/switch-to-configuration switch
-      ;;
-    revert)
-      exec sudo /nix/var/nix/profiles/system/bin/switch-to-configuration switch
-      ;;
-    @*)
-      host="''${cmd#@}"
-      hostname="$(ssh -q "$host" 'echo "$HOSTNAME"')"
-      exec nixos-rebuild -v --flake ".#$hostname" --target-host "$host" --use-remote-sudo "$@"
-      ;;
-    *)
-      exec nixos-rebuild -v --flake . --use-remote-sudo "$cmd" "$@"
-      ;;
-    esac
+      case $cmd in
+        repl|eval|build|rev)
+          args=() flakeArgs=()
+          for arg do case $arg in
+            -w|--wip) flakeArgs+=(--override-flake nixfiles "$nixfiles");;
+            *) args+=("$arg")
+          esac done
+          set -- "''${args[@]}"
+          ;;&
+
+        compare)
+          input=$1
+          # shellcheck disable=SC1090
+          . <(nix flake metadata --json nixfiles | jq -r --arg input "$input" '
+            def browse($url): @sh "xdg-open \($url)";
+            .locks.nodes[$input] |
+            if .locked.type == "github" then
+              browse("https://github.com/\(.locked.owner)/\(.locked.repo)/compare/\(.locked.rev)...\(.original.ref // "master")")
+            elif .locked.type == "gitlab" then
+              browse("https://gitlab.com/\(.locked.owner)/\(.locked.repo)/-/compare/\(.locked.rev)...\(.original.ref // "master")")
+            else
+              "echo unsupported input type \(.locked.type) (supported: github, gitlab)"
+            end
+          ')
+          ;;
+        update)
+          if (( $# )); then
+            args=()
+            for input do args+=(--update-input "$input"); done
+            exec nix flake lock --refresh "''${args[@]}" "$nixfiles"
+          else
+            # https://github.com/NixOS/nix/issues/6095
+            exec nix flake update -v --refresh "$nixfiles"
+          fi
+          ;;
+        rev)
+          if (( $# )); then
+            expr=inputs.''${1//'/'/.inputs.}.rev
+          else
+            expr=self.revision
+          fi
+          nix eval "''${flakeArgs[@]}" -f ~/.nix-defexpr --raw "$expr"
+          echo
+          ;;
+
+        repl)
+          exec nix repl "''${flakeArgs[@]}" -f ~/.nix-defexpr "$@";;
+        eval)
+          exec nix eval "''${flakeArgs[@]}" -f ~/.nix-defexpr --json "$@" | jq -r .;;
+        build)
+          # https://github.com/NixOS/nix/issues/6661
+          exec nix-build --log-format bar-with-logs "''${flakeArgs[@]}" ~/.nix-defexpr -A "$@";;
+
+        specialise)
+          name=$1
+          shift
+          exec sudo /run/current-system/specialisation/"$name"/bin/switch-to-configuration switch;;
+        revert)
+          exec sudo /nix/var/nix/profiles/system/bin/switch-to-configuration switch;;
+
+        home)
+          attr=nixosConfigurations."$HOSTNAME".config.hm.home.activationPackage
+          export VERBOSE=1
+          exec nix shell -v ".#$attr" "$@" -c home-manager-generation;;
+        @*)
+          host=''${cmd#@}
+          hostname=$(ssh -q "$host" 'echo "$HOSTNAME"')
+          exec nixos-rebuild -v --flake ".#$hostname" --target-host "$host" --use-remote-sudo "$@";;
+        *)
+          exec nixos-rebuild -v --fast --flake "." --use-remote-sudo "$cmd" "$@";;
+      esac
+    '';
+  };
+
+  bashCompletion = writeTextDir "/share/bash-completion/completions/nixfiles" ''
+    __compreply() {
+        local completion
+        while IFS= read -r completion; do
+        COMPREPLY+=("$completion")
+        done < <(compgen "$@" -- "$cur")
+    }
+    __complete_nix_cmd() {
+        local skip=$1; shift
+        COMP_WORDS=("$@" "''${COMP_WORDS[@]:skip}")
+        (( COMP_CWORD += $# - skip ))
+        _completion_loader nix
+        _complete_nix
+    }
+    _nixfiles() {
+        local cur prev words cword
+        local nixfiles="''${NIXFILES:-$HOME/src/nixfiles}"
+        _init_completion -n ':=&'
+        if [[ "$cword" == 1 ]] || [[ "$cword" == 2 && "$prev" == @* ]]; then
+            if [[ $cur == @* ]]; then
+                _known_hosts_real -a -- "$cur"
+            else
+                __compreply -W 'compare update repl eval bld specialise revert home build build-vm test switch boot'
+            fi
+        else case ''${words[1]} in
+            compare|update|rev)
+                __complete_nix_cmd "$cword" nix flake lock "$nixfiles" --update-input
+                ;;
+            repl|eval|bld)
+                compreply -W '-w --wip'
+                ;;&
+            repl)
+                __complete_nix_cmd 2 nix repl ~/.nix-defexpr
+                ;;
+            eval)
+                __complete_nix_cmd 2 nix eval -f ~/.nix-defexpr --json
+                ;;
+            build)
+                __complete_nix_cmd 2 nix build -f ~/.nix-defexpr --json
+                ;;
+            home)
+                __complete_nix_cmd 2 nix shell "$nixfiles"
+                ;;
+            build|switch)
+                __complete_nix_cmd 2 nix build "$nixfiles"
+                ;;
+        esac fi
+    }
+    complete -F _nixfiles nixfiles
   '';
-}
+in
+  symlinkJoin {
+    name = "nixfiles";
+    paths = [bin bashCompletion];
+  }

Consider giving Nix/NixOS a try! <3