about summary refs log tree commit diff
path: root/modules
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-11-12 17:50:43 +0300
committerAzat Bahawi <azat@bahawi.net>2023-11-12 17:50:43 +0300
commit011c1632f3762e1bc1ecfdee9d9f3b3f44be74e5 (patch)
treee9d7d5955f25f82cdb671f1c44da663d2d839485 /modules
parent2023-11-09 (diff)
2023-11-12
Diffstat (limited to 'modules')
-rw-r--r--modules/common/emacs/default.nix4
-rw-r--r--modules/common/emacs/doom/config.el42
-rw-r--r--modules/common/emacs/doom/init.el4
-rw-r--r--modules/common/git.nix2
-rw-r--r--modules/common/nmap.nix2
-rw-r--r--modules/nixos/alertmanager.nix5
-rw-r--r--modules/nixos/games/lutris.nix4
-rw-r--r--modules/nixos/git/default.nix6
-rw-r--r--modules/nixos/gotify.nix3
-rw-r--r--modules/nixos/grafana.nix3
-rw-r--r--modules/nixos/ipfs.nix5
-rw-r--r--modules/nixos/jackett.nix3
-rw-r--r--modules/nixos/lidarr.nix3
-rw-r--r--modules/nixos/loki.nix3
-rw-r--r--modules/nixos/nginx.nix17
-rw-r--r--modules/nixos/ntfy.nix3
-rw-r--r--modules/nixos/plausible.nix198
-rw-r--r--modules/nixos/prometheus.nix3
-rw-r--r--modules/nixos/radarr.nix3
-rw-r--r--modules/nixos/radicale.nix3
-rw-r--r--modules/nixos/rss-bridge.nix3
-rw-r--r--modules/nixos/rtorrent.nix8
-rw-r--r--modules/nixos/searx.nix3
-rw-r--r--modules/nixos/sonarr.nix3
-rw-r--r--modules/nixos/syncthing.nix3
-rw-r--r--modules/nixos/victoriametrics.nix3
26 files changed, 190 insertions, 149 deletions
diff --git a/modules/common/emacs/default.nix b/modules/common/emacs/default.nix
index e7597ad..c5cf7ed 100644
--- a/modules/common/emacs/default.nix
+++ b/modules/common/emacs/default.nix
@@ -195,6 +195,10 @@ in {
                   '')
                 muAccounts;
             in ''
+              ;; A stupid hack. This needs to be fixed upstream in either Doom
+              ;; or Nixpkgs.
+              (add-to-list 'load-path "${pkgs.mu.mu4e}/share/emacs/site-lisp/mu4e")
+
               (setq mu4e-root-maildir "${maildirBasePath}")
 
               ${mu4eAccounts}
diff --git a/modules/common/emacs/doom/config.el b/modules/common/emacs/doom/config.el
index df8b82e..7cecfba 100644
--- a/modules/common/emacs/doom/config.el
+++ b/modules/common/emacs/doom/config.el
@@ -2,32 +2,35 @@
 ;;; Misc
 ;;
 
-(setq display-line-numbers-type t)
+(setq frame-title-format '("GNU Emacs"))
 
-(setq scroll-margin 10
-      hscroll-margin 10)
+(setq-hook! 'prog-mode-hook
+  display-line-numbers-type 'relative
+  scroll-margin 10
+  hscroll-margin 10)
 
-(setq browse-url-generic-program (executable-find "firefox")
-      browse-url-browser-function 'browse-url-generic)
+(when IS-LINUX
+  (setq browse-url-generic-program (executable-find "firefox")
+        browse-url-browser-function 'browse-url-generic))
 
 ;;
 ;;; Doom-specific
 ;;
 
-;; Make it more default-ey.
-(setq frame-title-format '("Emacs")
-      icon-title-format frame-title-format)
-
-(setq doom-theme 'doom-tomorrow-night)
-
-(setq +format-on-save-enabled-modes '(not nix-mode json-mode yaml-mode))
+(setq doom-theme 'doom-tomorrow-night
+      doom-modeline-icon nil
+      doom-modeline-indent-info t
+      doom-modeline-total-line-number t
+      doom-modeline-height 30)
 
 ;;
 ;;; LSP
 ;;
 
 (setq lsp-enable-suggest-server-download nil
-      lsp-file-watch-threshold 512)
+      lsp-enable-file-watchers t
+      lsp-file-watch-threshold 2048
+      lsp-modeline-code-actions-enable nil)
 
 ;;
 ;;; Org
@@ -174,12 +177,13 @@
 
 (setq circe-network-options
       (mapcar (lambda (server)
-                `(,server :server-buffer-name ,server
-                          :host "shire.net"
-                          :port 6667
-                          :user ,(concat circe-default-user "/" server)
-                          :pass ,(lambda (&rest _)
-                                   (+pass-get-secret "server/soju.manwe.shire.net/azahi"))))
+                `(,server
+                  :server-buffer-name ,server
+                  :host "shire.net"
+                  :port 6667
+                  :user ,(concat circe-default-user "/" server)
+                  :pass ,(lambda (&rest _)
+                           (+pass-get-secret "server/soju.manwe.shire.net/azahi"))))
               '("libera" "oftc" "hackint" "rizon")))
 
 ;;
diff --git a/modules/common/emacs/doom/init.el b/modules/common/emacs/doom/init.el
index 3b26e0d..0acd008 100644
--- a/modules/common/emacs/doom/init.el
+++ b/modules/common/emacs/doom/init.el
@@ -14,8 +14,8 @@
        hl-todo
        hydra
        indent-guides
-       (ligatures +extra)
-       (modeline +light)
+       ligatures
+       modeline
        ;; nav-flash
        ophints
        (popup +defaults)
diff --git a/modules/common/git.nix b/modules/common/git.nix
index da33eb2..4ed7c03 100644
--- a/modules/common/git.nix
+++ b/modules/common/git.nix
@@ -116,7 +116,7 @@ in {
             fuck = "!${git} reset --hard && ${git} clean --force -dx";
             get = "pull --all --recurse-submodules --autostash";
             gud = ''commit -m "git gud"'';
-            refresh = "clean --force -X";
+            refresh = "clean --force -dx";
             tree = "log --graph --date=relative --pretty=tformat:'%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%an %ad)%Creset'";
             uncommit = "reset --soft HEAD~1";
             untrack = "rm --cache --";
diff --git a/modules/common/nmap.nix b/modules/common/nmap.nix
index 03586c0..c13a9bc 100644
--- a/modules/common/nmap.nix
+++ b/modules/common/nmap.nix
@@ -14,7 +14,7 @@ in {
     hm = {
       home = {
         file = {
-          ".nmap/scripts/vulners/vulners.nse".source = "${inputs.nmap-vulners}/vulners.nse";
+          ".nmap/scripts/vulners".source = inputs.nmap-vulners;
           ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse";
         };
 
diff --git a/modules/nixos/alertmanager.nix b/modules/nixos/alertmanager.nix
index c8f0bf2..acbf7df 100644
--- a/modules/nixos/alertmanager.nix
+++ b/modules/nixos/alertmanager.nix
@@ -2,6 +2,7 @@
   config,
   inputs,
   lib,
+  libNginx,
   ...
 }:
 with lib; let
@@ -28,12 +29,12 @@ in {
   config = mkIf cfg.enable {
     nixfiles.modules = {
       ntfy.enable = true;
-      nginx = with cfg; {
+      nginx = {
         enable = true;
         upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {};
         virtualHosts.${cfg.domain} = {
           locations."/".proxyPass = "http://alertmanager";
-          extraConfig = nginxInternalOnly;
+          extraConfig = libNginx.config.internalOnly;
         };
       };
     };
diff --git a/modules/nixos/games/lutris.nix b/modules/nixos/games/lutris.nix
index ad1e43e..feaeefa 100644
--- a/modules/nixos/games/lutris.nix
+++ b/modules/nixos/games/lutris.nix
@@ -17,7 +17,9 @@ in {
     };
 
     hm.home.packages = with pkgs; [
-      lutris
+      (lutris.override {
+        extraPkgs = _: [wine];
+      })
       vkBasalt
       winetricks
     ];
diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix
index 4268f82..67cc07b 100644
--- a/modules/nixos/git/default.nix
+++ b/modules/nixos/git/default.nix
@@ -1,5 +1,7 @@
 {
   config,
+  libNginx,
+  libPlausible,
   lib,
   pkgs,
   ...
@@ -73,9 +75,9 @@ in {
             fastcgi_param QUERY_STRING $args;
             fastcgi_param HTTP_HOST $server_name;
 
-            ${nginxAppendHead [
+            ${libNginx.config.appendHead [
               ''<meta name="go-import" content="$host$uri git https://$host$uri">''
-              (htmlPlausibleScript {inherit (cfg.server) domain;})
+              (libPlausible.htmlPlausibleScript {inherit (cfg.server) domain;})
             ]}
           '';
           "~* ^.+(cgit.css|robots.txt)$".extraConfig = ''
diff --git a/modules/nixos/gotify.nix b/modules/nixos/gotify.nix
index db47bb4..41e1956 100644
--- a/modules/nixos/gotify.nix
+++ b/modules/nixos/gotify.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  libNginx,
   ...
 }:
 with lib; let
@@ -29,7 +30,7 @@ in {
               proxyPass = "http://gotify";
               proxyWebsockets = true;
             };
-            extraConfig = nginxInternalOnly;
+            extraConfig = libNginx.config.internalOnly;
           };
         };
         postgresql = {
diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix
index c191e38..ae79d17 100644
--- a/modules/nixos/grafana.nix
+++ b/modules/nixos/grafana.nix
@@ -1,5 +1,6 @@
 {
   config,
+  libNginx,
   inputs,
   lib,
   ...
@@ -56,7 +57,7 @@ in {
               proxyPass = "http://grafana";
               proxyWebsockets = true;
             };
-            extraConfig = nginxInternalOnly;
+            extraConfig = libNginx.config.internalOnly;
           };
         };
         postgresql = {
diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix
index 43ddb70..bf93a3c 100644
--- a/modules/nixos/ipfs.nix
+++ b/modules/nixos/ipfs.nix
@@ -1,5 +1,6 @@
 {
   config,
+  libNginx,
   lib,
   this,
   ...
@@ -129,7 +130,7 @@ in {
         virtualHosts = {
           ${cfg.domain} = {
             locations."/".proxyPass = "http://kubo_gateway";
-            extraConfig = nginxInternalOnly;
+            extraConfig = libNginx.config.internalOnly;
           };
           "api.${cfg.domain}" = {
             locations = {
@@ -138,7 +139,7 @@ in {
                 optionalString config.nixfiles.modules.acme.enable "s"
               }://api.${cfg.domain}/webui";
             };
-            extraConfig = nginxInternalOnly;
+            extraConfig = libNginx.config.internalOnly;
           };
         };
       };
diff --git a/modules/nixos/jackett.nix b/modules/nixos/jackett.nix
index f8e45ba..772e0e9 100644
--- a/modules/nixos/jackett.nix
+++ b/modules/nixos/jackett.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  libNginx,
   ...
 }:
 with lib; let
@@ -24,7 +25,7 @@ in {
       upstreams.jackett.servers."127.0.0.1:9117" = {};
       virtualHosts.${cfg.domain} = {
         locations."/".proxyPass = "http://jackett";
-        extraConfig = nginxInternalOnly;
+        extraConfig = libNginx.config.internalOnly;
       };
     };
 
diff --git a/modules/nixos/lidarr.nix b/modules/nixos/lidarr.nix
index ffa0735..b0c833c 100644
--- a/modules/nixos/lidarr.nix
+++ b/modules/nixos/lidarr.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  libNginx,
   ...
 }:
 with lib; let
@@ -24,7 +25,7 @@ in {
       upstreams.lidarr.servers."127.0.0.1:8686" = {};
       virtualHosts.${cfg.domain} = {
         locations."/".proxyPass = "http://lidarr";
-        extraConfig = nginxInternalOnly;
+        extraConfig = libNginx.config.internalOnly;
       };
     };
 
diff --git a/modules/nixos/loki.nix b/modules/nixos/loki.nix
index 90a051c..c5194e1 100644
--- a/modules/nixos/loki.nix
+++ b/modules/nixos/loki.nix
@@ -1,5 +1,6 @@
 {
   config,
+  libNginx,
   lib,
   pkgs,
   ...
@@ -31,7 +32,7 @@ in {
       upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {};
       virtualHosts.${domain} = {
         locations."/".proxyPass = "http://loki";
-        extraConfig = nginxInternalOnly;
+        extraConfig = libNginx.config.internalOnly;
       };
     };
 
diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix
index 9ca6936..05c6a06 100644
--- a/modules/nixos/nginx.nix
+++ b/modules/nixos/nginx.nix
@@ -25,6 +25,23 @@ in {
   };
 
   config = mkIf cfg.enable {
+    _module.args.libNginx.config = {
+      internalOnly = ''
+        if ($internal != 1) {
+          return 403;
+        }
+        access_log off;
+      '';
+      appendHead = text: ''
+        sub_filter '</head>' '${lib.concatStrings text}</head>';
+        sub_filter_once on;
+      '';
+      noProxyBuffering = ''
+        proxy_buffering off;
+        proxy_cache off;
+      '';
+    };
+
     services = {
       nginx = {
         enable = true;
diff --git a/modules/nixos/ntfy.nix b/modules/nixos/ntfy.nix
index 1682b7e..037f84a 100644
--- a/modules/nixos/ntfy.nix
+++ b/modules/nixos/ntfy.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  libNginx,
   this,
   ...
 }:
@@ -55,7 +56,7 @@ in {
             deny all;
           '';
         };
-        extraConfig = nginxInternalOnly;
+        extraConfig = libNginx.config.internalOnly;
       };
     };
 
diff --git a/modules/nixos/plausible.nix b/modules/nixos/plausible.nix
index 6553462..91bdff9 100644
--- a/modules/nixos/plausible.nix
+++ b/modules/nixos/plausible.nix
@@ -6,126 +6,124 @@
 }:
 with lib; let
   cfg = config.nixfiles.modules.plausible;
-in {
-  options.nixfiles.modules.plausible = {
-    enable = mkEnableOption "Plausible Analytics";
+in
+  {
+    options.nixfiles.modules.plausible = {
+      enable = mkEnableOption "Plausible Analytics";
 
-    port = mkOption {
-      description = "Port.";
-      type = with types; port;
-      default = 8000;
-    };
+      port = mkOption {
+        description = "Port.";
+        type = with types; port;
+        default = 8000;
+      };
 
-    domain = mkOption {
-      description = "Domain name sans protocol scheme.";
-      type = with types; nullOr str;
-      default = "plausible.${config.networking.domain}";
+      domain = mkOption {
+        description = "Domain name sans protocol scheme.";
+        type = with types; nullOr str;
+        default = "plausible.${config.networking.domain}";
+      };
     };
-  };
 
-  config = let
-    db = "plausible";
-  in
-    mkIf cfg.enable {
-      secrets = {
-        plausible-key = {
-          file = "${inputs.self}/secrets/plausible-key";
-          mode = "0444"; # The user is dynamic so the file must be world-readable.
+    config = let
+      db = "plausible";
+    in
+      mkIf cfg.enable {
+        _module.args.libPlausible = {
+          htmlPlausibleScript = {
+            domain ? "$host",
+            src ? "https://${cfg.domain}/js/script.js",
+          }: ''<script defer data-domain="${domain}" src="${src}"></script>'';
         };
-        plausible-admin-password = {
-          file = "${inputs.self}/secrets/plausible-admin-password";
-          mode = "0444"; # The user is dynamic so the file must be world-readable.
-        };
-        plausible-smtp-password = {
-          file = "${inputs.self}/secrets/smtp-password";
-          mode = "0444"; # The user is dynamic so the file must be world-readable.
-        };
-        plausible-release-cookie = {
-          file = "${inputs.self}/secrets/plausible-release-cookie";
-          mode = "0444"; # The user is dynamic so the file must be world-readable.
+
+        secrets = {
+          plausible-key.file = "${inputs.self}/secrets/plausible-key";
+          plausible-admin-password.file = "${inputs.self}/secrets/plausible-admin-password";
+          plausible-smtp-password.file = "${inputs.self}/secrets/smtp-password";
         };
-      };
 
-      nixfiles.modules = {
-        nginx = {
-          enable = true;
-          upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {};
-          virtualHosts.${cfg.domain}.locations."/" = {
-            proxyPass = "http://plausible";
-            proxyWebsockets = true;
+        nixfiles.modules = {
+          nginx = {
+            enable = true;
+            upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {};
+            virtualHosts.${cfg.domain}.locations."/" = {
+              proxyPass = "http://plausible";
+              proxyWebsockets = true;
+            };
+          };
+          postgresql = {
+            enable = true;
+            extraPostStart = [
+              ''
+                $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"'
+                $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext'
+              ''
+            ];
           };
+          clickhouse.enable = true;
         };
-        postgresql = {
-          enable = true;
-          extraPostStart = [
-            ''
-              $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"'
-              $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext'
-            ''
+
+        services.postgresql = {
+          ensureDatabases = [db];
+          ensureUsers = [
+            {
+              name = db;
+              ensurePermissions."DATABASE \"${db}\"" = "ALL";
+            }
           ];
         };
-        clickhouse.enable = true;
-      };
 
-      services.postgresql = {
-        ensureDatabases = [db];
-        ensureUsers = [
-          {
-            name = db;
-            ensurePermissions."DATABASE \"${db}\"" = "ALL";
-          }
-        ];
-      };
-
-      services.plausible = {
-        enable = true;
+        services.plausible = {
+          enable = true;
 
-        adminUser = {
-          name = "admin";
-          email = "admin@${my.domain.shire}";
-          passwordFile = config.secrets.plausible-admin-password.path;
-          activate = false;
-        };
+          adminUser = {
+            name = "admin";
+            email = "admin@${my.domain.shire}";
+            passwordFile = config.secrets.plausible-admin-password.path;
+            activate = false;
+          };
 
-        mail = {
-          email = "admin+plausible@${my.domain.shire}";
-          smtp = {
-            hostAddr = my.domain.shire;
-            hostPort = 465;
-            enableSSL = true;
-            user = "azahi@${my.domain.shire}";
-            passwordFile = config.secrets.plausible-smtp-password.path;
+          mail = {
+            email = "admin+plausible@${my.domain.shire}";
+            smtp = {
+              hostAddr = my.domain.shire;
+              hostPort = 465;
+              enableSSL = true;
+              user = "azahi@${my.domain.shire}";
+              passwordFile = config.secrets.plausible-smtp-password.path;
+            };
           };
-        };
 
-        database = {
-          clickhouse = {
-            setup = false;
-            url = "http://127.0.0.1:8123/default";
+          database = {
+            clickhouse = {
+              setup = false;
+              url = "http://127.0.0.1:8123/default";
+            };
+
+            postgres = {
+              setup = true;
+              dbname = db;
+            };
           };
 
-          postgres = {
-            setup = true;
-            dbname = db;
+          server = {
+            baseUrl = "https://${cfg.domain}";
+            disableRegistration = true;
+            listenAddress = "127.0.0.1";
+            inherit (cfg) port;
+            secretKeybaseFile = config.secrets.plausible-key.path;
           };
         };
 
-        server = {
-          baseUrl = "https://${cfg.domain}";
-          disableRegistration = true;
-          inherit (cfg) port;
-          secretKeybaseFile = config.secrets.plausible-key.path;
+        systemd.services.plausible = rec {
+          after = [
+            "postgresql.service"
+            "clickhouse.service"
+          ];
+          requires = after;
         };
-
-        releaseCookiePath = config.secrets.plausible-release-cookie.path;
       };
-
-      systemd.services.plausible = rec {
-        after = [
-          "postgresql.service"
-          "clickhouse.service"
-        ];
-        requires = after;
-      };
-    };
-}
+  }
+  // lib.moduleFromRef
+  "services/web-apps/plausible.nix"
+  "nh2:plausible-listen-address-no-distributed-erlang"
+  "080c1rdz99xj8y876cw1p3zxmmaqq75jhrpf9f5z1da8v7yvs078"
diff --git a/modules/nixos/prometheus.nix b/modules/nixos/prometheus.nix
index 6de294f..5e61e73 100644
--- a/modules/nixos/prometheus.nix
+++ b/modules/nixos/prometheus.nix
@@ -1,5 +1,6 @@
 {
   config,
+  libNginx,
   lib,
   ...
 }:
@@ -28,7 +29,7 @@ in {
       upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {};
       virtualHosts.${domain} = {
         locations."/".proxyPass = "http://prometheus";
-        extraConfig = nginxInternalOnly;
+        extraConfig = libNginx.config.internalOnly;
       };
     };
 
diff --git a/modules/nixos/radarr.nix b/modules/nixos/radarr.nix
index 1551934..72abfac 100644
--- a/modules/nixos/radarr.nix
+++ b/modules/nixos/radarr.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  libNginx,
   ...
 }:
 with lib; let
@@ -24,7 +25,7 @@ in {
       upstreams.radarr.servers."127.0.0.1:7878" = {};
       virtualHosts.${cfg.domain} = {
         locations."/".proxyPass = "http://radarr";
-        extraConfig = nginxInternalOnly;
+        extraConfig = libNginx.config.internalOnly;
       };
     };
 
diff --git a/modules/nixos/radicale.nix b/modules/nixos/radicale.nix
index d072899..3c6a230 100644
--- a/modules/nixos/radicale.nix
+++ b/modules/nixos/radicale.nix
@@ -1,4 +1,5 @@
 {
+  libNginx,
   config,
   inputs,
   lib,
@@ -34,7 +35,7 @@ in {
         upstreams.radicale.servers."127.0.0.1:${toString port}" = {};
         virtualHosts.${cfg.domain} = {
           locations."/".proxyPass = "http://radicale";
-          extraConfig = nginxInternalOnly;
+          extraConfig = libNginx.config.internalOnly;
         };
       };
 
diff --git a/modules/nixos/rss-bridge.nix b/modules/nixos/rss-bridge.nix
index 1fcaac8..486f2bf 100644
--- a/modules/nixos/rss-bridge.nix
+++ b/modules/nixos/rss-bridge.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  libNginx,
   ...
 }:
 with lib; let
@@ -21,7 +22,7 @@ in {
 
     nixfiles.modules.nginx = {
       enable = true;
-      virtualHosts.${cfg.domain}.extraConfig = nginxInternalOnly;
+      virtualHosts.${cfg.domain}.extraConfig = libNginx.config.internalOnly;
     };
 
     services.rss-bridge = {
diff --git a/modules/nixos/rtorrent.nix b/modules/nixos/rtorrent.nix
index a4cade7..5d2dba5 100644
--- a/modules/nixos/rtorrent.nix
+++ b/modules/nixos/rtorrent.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  libNginx,
   pkgs,
   ...
 }:
@@ -225,13 +226,10 @@ in {
                 "/".tryFiles = "$uri /index.html";
                 "/api" = {
                   proxyPass = "http://flood";
-                  extraConfig = ''
-                    proxy_buffering off;
-                    proxy_cache off;
-                  '';
+                  extraConfig = libNginx.config.noProxyBuffering;
                 };
               };
-              extraConfig = nginxInternalOnly;
+              extraConfig = libNginx.config.internalOnly;
             };
           };
 
diff --git a/modules/nixos/searx.nix b/modules/nixos/searx.nix
index 9462d5d..5c37f58 100644
--- a/modules/nixos/searx.nix
+++ b/modules/nixos/searx.nix
@@ -2,6 +2,7 @@
   config,
   inputs,
   lib,
+  libNginx,
   ...
 }:
 with lib; let
@@ -35,7 +36,7 @@ in {
       upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {};
       virtualHosts.${cfg.domain} = {
         locations."/".proxyPass = "http://searx";
-        extraConfig = nginxInternalOnly;
+        extraConfig = libNginx.config.internalOnly;
       };
     };
 
diff --git a/modules/nixos/sonarr.nix b/modules/nixos/sonarr.nix
index 2d2feb9..5cd8931 100644
--- a/modules/nixos/sonarr.nix
+++ b/modules/nixos/sonarr.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  libNginx,
   ...
 }:
 with lib; let
@@ -24,7 +25,7 @@ in {
       upstreams.sonarr.servers."127.0.0.1:8989" = {};
       virtualHosts.${cfg.domain} = {
         locations."/".proxyPass = "http://sonarr";
-        extraConfig = nginxInternalOnly;
+        extraConfig = libNginx.config.internalOnly;
       };
     };
 
diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix
index 8815f98..755e2db 100644
--- a/modules/nixos/syncthing.nix
+++ b/modules/nixos/syncthing.nix
@@ -1,5 +1,6 @@
 {
   config,
+  libNginx,
   inputs,
   lib,
   this,
@@ -137,7 +138,7 @@ in {
         upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {};
         virtualHosts.${cfg.domain} = {
           locations."/".proxyPass = "http://syncthing";
-          extraConfig = nginxInternalOnly;
+          extraConfig = libNginx.config.internalOnly;
         };
       };
     })
diff --git a/modules/nixos/victoriametrics.nix b/modules/nixos/victoriametrics.nix
index 509ee17..89d3ddb 100644
--- a/modules/nixos/victoriametrics.nix
+++ b/modules/nixos/victoriametrics.nix
@@ -1,5 +1,6 @@
 {
   config,
+  libNginx,
   lib,
   ...
 }:
@@ -28,7 +29,7 @@ in {
       upstreams.victoriametrics.servers."127.0.0.1:${toString cfg.port}" = {};
       virtualHosts.${domain} = {
         locations."/".proxyPass = "http://victoriametrics";
-        extraConfig = nginxInternalOnly;
+        extraConfig = libNginx.config.internalOnly;
       };
     };
 

Consider giving Nix/NixOS a try! <3