diff options
| author | Azat Bahawi <azat@bahawi.net> | 2023-11-12 17:50:43 +0300 |
|---|---|---|
| committer | Azat Bahawi <azat@bahawi.net> | 2023-11-12 17:50:43 +0300 |
| commit | 011c1632f3762e1bc1ecfdee9d9f3b3f44be74e5 (patch) | |
| tree | e9d7d5955f25f82cdb671f1c44da663d2d839485 /modules/nixos/plausible.nix | |
| parent | 2023-11-09 (diff) | |
2023-11-12
Diffstat (limited to '')
| -rw-r--r-- | modules/nixos/plausible.nix | 198 |
1 files changed, 98 insertions, 100 deletions
diff --git a/modules/nixos/plausible.nix b/modules/nixos/plausible.nix index 6553462..91bdff9 100644 --- a/modules/nixos/plausible.nix +++ b/modules/nixos/plausible.nix @@ -6,126 +6,124 @@ }: with lib; let cfg = config.nixfiles.modules.plausible; -in { - options.nixfiles.modules.plausible = { - enable = mkEnableOption "Plausible Analytics"; +in + { + options.nixfiles.modules.plausible = { + enable = mkEnableOption "Plausible Analytics"; - port = mkOption { - description = "Port."; - type = with types; port; - default = 8000; - }; + port = mkOption { + description = "Port."; + type = with types; port; + default = 8000; + }; - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "plausible.${config.networking.domain}"; + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "plausible.${config.networking.domain}"; + }; }; - }; - config = let - db = "plausible"; - in - mkIf cfg.enable { - secrets = { - plausible-key = { - file = "${inputs.self}/secrets/plausible-key"; - mode = "0444"; # The user is dynamic so the file must be world-readable. + config = let + db = "plausible"; + in + mkIf cfg.enable { + _module.args.libPlausible = { + htmlPlausibleScript = { + domain ? "$host", + src ? "https://${cfg.domain}/js/script.js", + }: ''<script defer data-domain="${domain}" src="${src}"></script>''; }; - plausible-admin-password = { - file = "${inputs.self}/secrets/plausible-admin-password"; - mode = "0444"; # The user is dynamic so the file must be world-readable. - }; - plausible-smtp-password = { - file = "${inputs.self}/secrets/smtp-password"; - mode = "0444"; # The user is dynamic so the file must be world-readable. - }; - plausible-release-cookie = { - file = "${inputs.self}/secrets/plausible-release-cookie"; - mode = "0444"; # The user is dynamic so the file must be world-readable. + + secrets = { + plausible-key.file = "${inputs.self}/secrets/plausible-key"; + plausible-admin-password.file = "${inputs.self}/secrets/plausible-admin-password"; + plausible-smtp-password.file = "${inputs.self}/secrets/smtp-password"; }; - }; - nixfiles.modules = { - nginx = { - enable = true; - upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://plausible"; - proxyWebsockets = true; + nixfiles.modules = { + nginx = { + enable = true; + upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${cfg.domain}.locations."/" = { + proxyPass = "http://plausible"; + proxyWebsockets = true; + }; + }; + postgresql = { + enable = true; + extraPostStart = [ + '' + $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' + $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext' + '' + ]; }; + clickhouse.enable = true; }; - postgresql = { - enable = true; - extraPostStart = [ - '' - $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' - $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext' - '' + + services.postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } ]; }; - clickhouse.enable = true; - }; - services.postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; - } - ]; - }; - - services.plausible = { - enable = true; + services.plausible = { + enable = true; - adminUser = { - name = "admin"; - email = "admin@${my.domain.shire}"; - passwordFile = config.secrets.plausible-admin-password.path; - activate = false; - }; + adminUser = { + name = "admin"; + email = "admin@${my.domain.shire}"; + passwordFile = config.secrets.plausible-admin-password.path; + activate = false; + }; - mail = { - email = "admin+plausible@${my.domain.shire}"; - smtp = { - hostAddr = my.domain.shire; - hostPort = 465; - enableSSL = true; - user = "azahi@${my.domain.shire}"; - passwordFile = config.secrets.plausible-smtp-password.path; + mail = { + email = "admin+plausible@${my.domain.shire}"; + smtp = { + hostAddr = my.domain.shire; + hostPort = 465; + enableSSL = true; + user = "azahi@${my.domain.shire}"; + passwordFile = config.secrets.plausible-smtp-password.path; + }; }; - }; - database = { - clickhouse = { - setup = false; - url = "http://127.0.0.1:8123/default"; + database = { + clickhouse = { + setup = false; + url = "http://127.0.0.1:8123/default"; + }; + + postgres = { + setup = true; + dbname = db; + }; }; - postgres = { - setup = true; - dbname = db; + server = { + baseUrl = "https://${cfg.domain}"; + disableRegistration = true; + listenAddress = "127.0.0.1"; + inherit (cfg) port; + secretKeybaseFile = config.secrets.plausible-key.path; }; }; - server = { - baseUrl = "https://${cfg.domain}"; - disableRegistration = true; - inherit (cfg) port; - secretKeybaseFile = config.secrets.plausible-key.path; + systemd.services.plausible = rec { + after = [ + "postgresql.service" + "clickhouse.service" + ]; + requires = after; }; - - releaseCookiePath = config.secrets.plausible-release-cookie.path; }; - - systemd.services.plausible = rec { - after = [ - "postgresql.service" - "clickhouse.service" - ]; - requires = after; - }; - }; -} + } + // lib.moduleFromRef + "services/web-apps/plausible.nix" + "nh2:plausible-listen-address-no-distributed-erlang" + "080c1rdz99xj8y876cw1p3zxmmaqq75jhrpf9f5z1da8v7yvs078" |