diff options
30 files changed, 230 insertions, 190 deletions
diff --git a/flake.lock b/flake.lock index d157b10..ba36087 100644 --- a/flake.lock +++ b/flake.lock @@ -147,11 +147,11 @@ ] }, "locked": { - "lastModified": 1699437533, - "narHash": "sha256-lMoPz9c89CpPVuJ95OFFesM9JagCF0soGbQatj3ZhqM=", + "lastModified": 1699569089, + "narHash": "sha256-MdOnyXrmMdVU9o7GpcbWKgehoK9L76ihp8rTikPcC1k=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "eb2b9b64238349bd351561e32e260cac15db6f9a", + "rev": "c8f385766ba076a096caa794309c40f89894d88a", "type": "github" }, "original": { @@ -309,11 +309,11 @@ ] }, "locked": { - "lastModified": 1699233548, - "narHash": "sha256-oV0OdM6BOmPOM2CES3zZ24XFMkIrUKw4hjH50RxfWqw=", + "lastModified": 1699492773, + "narHash": "sha256-VsW4ZMGC/9LMs1iv3jVPjtbyKZ7sUejp6tpXILBXVWI=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "3888af3947c721fb51ee97f24fef891566b1552f", + "rev": "7be0b495e1413fdac957b1f223430190a4d27f81", "type": "github" }, "original": { @@ -336,11 +336,11 @@ ] }, "locked": { - "lastModified": 1699406699, - "narHash": "sha256-Y/cuCmpmkAIhhKmoF97k4ZG4I2hRH6kcZe00BH3KN3U=", + "lastModified": 1699579295, + "narHash": "sha256-W1HsyOFLmyWw46e+cuAIazQTD6g6dgxLMIIuaBoJzF8=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "57af5d8164187dcb4015e9efc823f7bd33d9c6fc", + "rev": "5d33996d98e9ff45a73a6f9ed293d548f6c14a39", "type": "github" }, "original": { @@ -384,11 +384,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1699481204, - "narHash": "sha256-VthbrNgoxDUjVcMqX6IciqfrraiHIbPV1LHQvG0jnvc=", + "lastModified": 1699654502, + "narHash": "sha256-1IskzzUp5G7k76GjPJp4u46l4jLQaBQA0pY4wvwJw98=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e4bbb01ebfa4a1ce322f036007ec4d653071523", + "rev": "a27b0a663b7c4fcac7a6bbb92b6b7f21d85cd3c4", "type": "github" }, "original": { @@ -400,11 +400,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1699458350, - "narHash": "sha256-AHoi7cM4SzQTpu4ZMzt+KDoxxka/qjGPvR+0lvaLgf0=", + "lastModified": 1699646590, + "narHash": "sha256-f81xS0qN6H1ULTyArpZgdjsly4FY0BnvPXdmSb7hq+o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "da44563672fb0faca83dc56185472e56d1a21852", + "rev": "1d55765508b8316798429875712dc1ef5e62a2fa", "type": "github" }, "original": { @@ -478,11 +478,11 @@ }, "nur": { "locked": { - "lastModified": 1699481792, - "narHash": "sha256-7gt0Cci+AQoEWNVEMkmxALy/08hdup9/4KQ5zOYW3iE=", + "lastModified": 1699645538, + "narHash": "sha256-CKzsVfYM/9ccp0VDgzB91c33Ts8KSub7q5FWLNJouXk=", "owner": "nix-community", "repo": "NUR", - "rev": "a865eb8d6829bd7317360abcb53a94381a21eeb1", + "rev": "9ffcf2dd6ac13cd0469a0ac2664296f45d879ffb", "type": "github" }, "original": { diff --git a/lib/default.nix b/lib/default.nix index be32e60..7fbaeec 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -14,7 +14,7 @@ lib: _: rec { assert exponent > 0; builtins.foldl' (x: _: x * base) 1 (builtins.genList (_: _) exponent); - mapListToAttrs = f: xs: + mapListToAttrs = f: attrs: builtins.listToAttrs (map (name: { name = if builtins.isList name @@ -22,25 +22,25 @@ lib: _: rec { else name; value = f name; }) - xs); + attrs); mkTcpMem = min: ini: max: assert min <= ini && ini <= max; lib.concatMapStrings (x: toString x + " ") (map (pow 2) [min ini max]); - # TODO Move these to the NGINX module. - nginxInternalOnly = '' - if ($internal != 1) { - return 403; - } - access_log off; - ''; - nginxAppendHead = text: '' - sub_filter '</head>' '${lib.concatStrings text}</head>'; - sub_filter_once on; - ''; - htmlPlausibleScript = { - domain ? "$host", - src ? "https://plausible.shire.net/js/script.js", - }: ''<script defer data-domain="${domain}" src="${src}"></script>''; + moduleFromRef = module: ref: sha256: { + disabledModules = [module]; + imports = [ + (let + src = builtins.fetchTarball { + url = let + cons = lib.splitString ":" ref; + owner = lib.head cons; + branch = lib.last cons; + in "https://github.com/${owner}/nixpkgs/archive/refs/heads/${branch}.tar.gz"; + inherit sha256; + }; + in "${src}/nixos/modules/${module}") + ]; + }; } diff --git a/modules/common/emacs/default.nix b/modules/common/emacs/default.nix index e7597ad..c5cf7ed 100644 --- a/modules/common/emacs/default.nix +++ b/modules/common/emacs/default.nix @@ -195,6 +195,10 @@ in { '') muAccounts; in '' + ;; A stupid hack. This needs to be fixed upstream in either Doom + ;; or Nixpkgs. + (add-to-list 'load-path "${pkgs.mu.mu4e}/share/emacs/site-lisp/mu4e") + (setq mu4e-root-maildir "${maildirBasePath}") ${mu4eAccounts} diff --git a/modules/common/emacs/doom/config.el b/modules/common/emacs/doom/config.el index df8b82e..7cecfba 100644 --- a/modules/common/emacs/doom/config.el +++ b/modules/common/emacs/doom/config.el @@ -2,32 +2,35 @@ ;;; Misc ;; -(setq display-line-numbers-type t) +(setq frame-title-format '("GNU Emacs")) -(setq scroll-margin 10 - hscroll-margin 10) +(setq-hook! 'prog-mode-hook + display-line-numbers-type 'relative + scroll-margin 10 + hscroll-margin 10) -(setq browse-url-generic-program (executable-find "firefox") - browse-url-browser-function 'browse-url-generic) +(when IS-LINUX + (setq browse-url-generic-program (executable-find "firefox") + browse-url-browser-function 'browse-url-generic)) ;; ;;; Doom-specific ;; -;; Make it more default-ey. -(setq frame-title-format '("Emacs") - icon-title-format frame-title-format) - -(setq doom-theme 'doom-tomorrow-night) - -(setq +format-on-save-enabled-modes '(not nix-mode json-mode yaml-mode)) +(setq doom-theme 'doom-tomorrow-night + doom-modeline-icon nil + doom-modeline-indent-info t + doom-modeline-total-line-number t + doom-modeline-height 30) ;; ;;; LSP ;; (setq lsp-enable-suggest-server-download nil - lsp-file-watch-threshold 512) + lsp-enable-file-watchers t + lsp-file-watch-threshold 2048 + lsp-modeline-code-actions-enable nil) ;; ;;; Org @@ -174,12 +177,13 @@ (setq circe-network-options (mapcar (lambda (server) - `(,server :server-buffer-name ,server - :host "shire.net" - :port 6667 - :user ,(concat circe-default-user "/" server) - :pass ,(lambda (&rest _) - (+pass-get-secret "server/soju.manwe.shire.net/azahi")))) + `(,server + :server-buffer-name ,server + :host "shire.net" + :port 6667 + :user ,(concat circe-default-user "/" server) + :pass ,(lambda (&rest _) + (+pass-get-secret "server/soju.manwe.shire.net/azahi")))) '("libera" "oftc" "hackint" "rizon"))) ;; diff --git a/modules/common/emacs/doom/init.el b/modules/common/emacs/doom/init.el index 3b26e0d..0acd008 100644 --- a/modules/common/emacs/doom/init.el +++ b/modules/common/emacs/doom/init.el @@ -14,8 +14,8 @@ hl-todo hydra indent-guides - (ligatures +extra) - (modeline +light) + ligatures + modeline ;; nav-flash ophints (popup +defaults) diff --git a/modules/common/git.nix b/modules/common/git.nix index da33eb2..4ed7c03 100644 --- a/modules/common/git.nix +++ b/modules/common/git.nix @@ -116,7 +116,7 @@ in { fuck = "!${git} reset --hard && ${git} clean --force -dx"; get = "pull --all --recurse-submodules --autostash"; gud = ''commit -m "git gud"''; - refresh = "clean --force -X"; + refresh = "clean --force -dx"; tree = "log --graph --date=relative --pretty=tformat:'%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%an %ad)%Creset'"; uncommit = "reset --soft HEAD~1"; untrack = "rm --cache --"; diff --git a/modules/common/nmap.nix b/modules/common/nmap.nix index 03586c0..c13a9bc 100644 --- a/modules/common/nmap.nix +++ b/modules/common/nmap.nix @@ -14,7 +14,7 @@ in { hm = { home = { file = { - ".nmap/scripts/vulners/vulners.nse".source = "${inputs.nmap-vulners}/vulners.nse"; + ".nmap/scripts/vulners".source = inputs.nmap-vulners; ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse"; }; diff --git a/modules/nixos/alertmanager.nix b/modules/nixos/alertmanager.nix index c8f0bf2..acbf7df 100644 --- a/modules/nixos/alertmanager.nix +++ b/modules/nixos/alertmanager.nix @@ -2,6 +2,7 @@ config, inputs, lib, + libNginx, ... }: with lib; let @@ -28,12 +29,12 @@ in { config = mkIf cfg.enable { nixfiles.modules = { ntfy.enable = true; - nginx = with cfg; { + nginx = { enable = true; upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://alertmanager"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; }; diff --git a/modules/nixos/games/lutris.nix b/modules/nixos/games/lutris.nix index ad1e43e..feaeefa 100644 --- a/modules/nixos/games/lutris.nix +++ b/modules/nixos/games/lutris.nix @@ -17,7 +17,9 @@ in { }; hm.home.packages = with pkgs; [ - lutris + (lutris.override { + extraPkgs = _: [wine]; + }) vkBasalt winetricks ]; diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix index 4268f82..67cc07b 100644 --- a/modules/nixos/git/default.nix +++ b/modules/nixos/git/default.nix @@ -1,5 +1,7 @@ { config, + libNginx, + libPlausible, lib, pkgs, ... @@ -73,9 +75,9 @@ in { fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; - ${nginxAppendHead [ + ${libNginx.config.appendHead [ ''<meta name="go-import" content="$host$uri git https://$host$uri">'' - (htmlPlausibleScript {inherit (cfg.server) domain;}) + (libPlausible.htmlPlausibleScript {inherit (cfg.server) domain;}) ]} ''; "~* ^.+(cgit.css|robots.txt)$".extraConfig = '' diff --git a/modules/nixos/gotify.nix b/modules/nixos/gotify.nix index db47bb4..41e1956 100644 --- a/modules/nixos/gotify.nix +++ b/modules/nixos/gotify.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, ... }: with lib; let @@ -29,7 +30,7 @@ in { proxyPass = "http://gotify"; proxyWebsockets = true; }; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; postgresql = { diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix index c191e38..ae79d17 100644 --- a/modules/nixos/grafana.nix +++ b/modules/nixos/grafana.nix @@ -1,5 +1,6 @@ { config, + libNginx, inputs, lib, ... @@ -56,7 +57,7 @@ in { proxyPass = "http://grafana"; proxyWebsockets = true; }; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; postgresql = { diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix index 43ddb70..bf93a3c 100644 --- a/modules/nixos/ipfs.nix +++ b/modules/nixos/ipfs.nix @@ -1,5 +1,6 @@ { config, + libNginx, lib, this, ... @@ -129,7 +130,7 @@ in { virtualHosts = { ${cfg.domain} = { locations."/".proxyPass = "http://kubo_gateway"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; "api.${cfg.domain}" = { locations = { @@ -138,7 +139,7 @@ in { optionalString config.nixfiles.modules.acme.enable "s" }://api.${cfg.domain}/webui"; }; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; }; diff --git a/modules/nixos/jackett.nix b/modules/nixos/jackett.nix index f8e45ba..772e0e9 100644 --- a/modules/nixos/jackett.nix +++ b/modules/nixos/jackett.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, ... }: with lib; let @@ -24,7 +25,7 @@ in { upstreams.jackett.servers."127.0.0.1:9117" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://jackett"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/lidarr.nix b/modules/nixos/lidarr.nix index ffa0735..b0c833c 100644 --- a/modules/nixos/lidarr.nix +++ b/modules/nixos/lidarr.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, ... }: with lib; let @@ -24,7 +25,7 @@ in { upstreams.lidarr.servers."127.0.0.1:8686" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://lidarr"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/loki.nix b/modules/nixos/loki.nix index 90a051c..c5194e1 100644 --- a/modules/nixos/loki.nix +++ b/modules/nixos/loki.nix @@ -1,5 +1,6 @@ { config, + libNginx, lib, pkgs, ... @@ -31,7 +32,7 @@ in { upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${domain} = { locations."/".proxyPass = "http://loki"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix index 9ca6936..05c6a06 100644 --- a/modules/nixos/nginx.nix +++ b/modules/nixos/nginx.nix @@ -25,6 +25,23 @@ in { }; config = mkIf cfg.enable { + _module.args.libNginx.config = { + internalOnly = '' + if ($internal != 1) { + return 403; + } + access_log off; + ''; + appendHead = text: '' + sub_filter '</head>' '${lib.concatStrings text}</head>'; + sub_filter_once on; + ''; + noProxyBuffering = '' + proxy_buffering off; + proxy_cache off; + ''; + }; + services = { nginx = { enable = true; diff --git a/modules/nixos/ntfy.nix b/modules/nixos/ntfy.nix index 1682b7e..037f84a 100644 --- a/modules/nixos/ntfy.nix +++ b/modules/nixos/ntfy.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, this, ... }: @@ -55,7 +56,7 @@ in { deny all; ''; }; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/plausible.nix b/modules/nixos/plausible.nix index 6553462..91bdff9 100644 --- a/modules/nixos/plausible.nix +++ b/modules/nixos/plausible.nix @@ -6,126 +6,124 @@ }: with lib; let cfg = config.nixfiles.modules.plausible; -in { - options.nixfiles.modules.plausible = { - enable = mkEnableOption "Plausible Analytics"; +in + { + options.nixfiles.modules.plausible = { + enable = mkEnableOption "Plausible Analytics"; - port = mkOption { - description = "Port."; - type = with types; port; - default = 8000; - }; + port = mkOption { + description = "Port."; + type = with types; port; + default = 8000; + }; - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "plausible.${config.networking.domain}"; + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "plausible.${config.networking.domain}"; + }; }; - }; - config = let - db = "plausible"; - in - mkIf cfg.enable { - secrets = { - plausible-key = { - file = "${inputs.self}/secrets/plausible-key"; - mode = "0444"; # The user is dynamic so the file must be world-readable. + config = let + db = "plausible"; + in + mkIf cfg.enable { + _module.args.libPlausible = { + htmlPlausibleScript = { + domain ? "$host", + src ? "https://${cfg.domain}/js/script.js", + }: ''<script defer data-domain="${domain}" src="${src}"></script>''; }; - plausible-admin-password = { - file = "${inputs.self}/secrets/plausible-admin-password"; - mode = "0444"; # The user is dynamic so the file must be world-readable. - }; - plausible-smtp-password = { - file = "${inputs.self}/secrets/smtp-password"; - mode = "0444"; # The user is dynamic so the file must be world-readable. - }; - plausible-release-cookie = { - file = "${inputs.self}/secrets/plausible-release-cookie"; - mode = "0444"; # The user is dynamic so the file must be world-readable. + + secrets = { + plausible-key.file = "${inputs.self}/secrets/plausible-key"; + plausible-admin-password.file = "${inputs.self}/secrets/plausible-admin-password"; + plausible-smtp-password.file = "${inputs.self}/secrets/smtp-password"; }; - }; - nixfiles.modules = { - nginx = { - enable = true; - upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://plausible"; - proxyWebsockets = true; + nixfiles.modules = { + nginx = { + enable = true; + upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${cfg.domain}.locations."/" = { + proxyPass = "http://plausible"; + proxyWebsockets = true; + }; + }; + postgresql = { + enable = true; + extraPostStart = [ + '' + $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' + $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext' + '' + ]; }; + clickhouse.enable = true; }; - postgresql = { - enable = true; - extraPostStart = [ - '' - $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' - $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext' - '' + + services.postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } ]; }; - clickhouse.enable = true; - }; - services.postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; - } - ]; - }; - - services.plausible = { - enable = true; + services.plausible = { + enable = true; - adminUser = { - name = "admin"; - email = "admin@${my.domain.shire}"; - passwordFile = config.secrets.plausible-admin-password.path; - activate = false; - }; + adminUser = { + name = "admin"; + email = "admin@${my.domain.shire}"; + passwordFile = config.secrets.plausible-admin-password.path; + activate = false; + }; - mail = { - email = "admin+plausible@${my.domain.shire}"; - smtp = { - hostAddr = my.domain.shire; - hostPort = 465; - enableSSL = true; - user = "azahi@${my.domain.shire}"; - passwordFile = config.secrets.plausible-smtp-password.path; + mail = { + email = "admin+plausible@${my.domain.shire}"; + smtp = { + hostAddr = my.domain.shire; + hostPort = 465; + enableSSL = true; + user = "azahi@${my.domain.shire}"; + passwordFile = config.secrets.plausible-smtp-password.path; + }; }; - }; - database = { - clickhouse = { - setup = false; - url = "http://127.0.0.1:8123/default"; + database = { + clickhouse = { + setup = false; + url = "http://127.0.0.1:8123/default"; + }; + + postgres = { + setup = true; + dbname = db; + }; }; - postgres = { - setup = true; - dbname = db; + server = { + baseUrl = "https://${cfg.domain}"; + disableRegistration = true; + listenAddress = "127.0.0.1"; + inherit (cfg) port; + secretKeybaseFile = config.secrets.plausible-key.path; }; }; - server = { - baseUrl = "https://${cfg.domain}"; - disableRegistration = true; - inherit (cfg) port; - secretKeybaseFile = config.secrets.plausible-key.path; + systemd.services.plausible = rec { + after = [ + "postgresql.service" + "clickhouse.service" + ]; + requires = after; }; - - releaseCookiePath = config.secrets.plausible-release-cookie.path; }; - - systemd.services.plausible = rec { - after = [ - "postgresql.service" - "clickhouse.service" - ]; - requires = after; - }; - }; -} + } + // lib.moduleFromRef + "services/web-apps/plausible.nix" + "nh2:plausible-listen-address-no-distributed-erlang" + "080c1rdz99xj8y876cw1p3zxmmaqq75jhrpf9f5z1da8v7yvs078" diff --git a/modules/nixos/prometheus.nix b/modules/nixos/prometheus.nix index 6de294f..5e61e73 100644 --- a/modules/nixos/prometheus.nix +++ b/modules/nixos/prometheus.nix @@ -1,5 +1,6 @@ { config, + libNginx, lib, ... }: @@ -28,7 +29,7 @@ in { upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${domain} = { locations."/".proxyPass = "http://prometheus"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/radarr.nix b/modules/nixos/radarr.nix index 1551934..72abfac 100644 --- a/modules/nixos/radarr.nix +++ b/modules/nixos/radarr.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, ... }: with lib; let @@ -24,7 +25,7 @@ in { upstreams.radarr.servers."127.0.0.1:7878" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://radarr"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/radicale.nix b/modules/nixos/radicale.nix index d072899..3c6a230 100644 --- a/modules/nixos/radicale.nix +++ b/modules/nixos/radicale.nix @@ -1,4 +1,5 @@ { + libNginx, config, inputs, lib, @@ -34,7 +35,7 @@ in { upstreams.radicale.servers."127.0.0.1:${toString port}" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://radicale"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/rss-bridge.nix b/modules/nixos/rss-bridge.nix index 1fcaac8..486f2bf 100644 --- a/modules/nixos/rss-bridge.nix +++ b/modules/nixos/rss-bridge.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, ... }: with lib; let @@ -21,7 +22,7 @@ in { nixfiles.modules.nginx = { enable = true; - virtualHosts.${cfg.domain}.extraConfig = nginxInternalOnly; + virtualHosts.${cfg.domain}.extraConfig = libNginx.config.internalOnly; }; services.rss-bridge = { diff --git a/modules/nixos/rtorrent.nix b/modules/nixos/rtorrent.nix index a4cade7..5d2dba5 100644 --- a/modules/nixos/rtorrent.nix +++ b/modules/nixos/rtorrent.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, pkgs, ... }: @@ -225,13 +226,10 @@ in { "/".tryFiles = "$uri /index.html"; "/api" = { proxyPass = "http://flood"; - extraConfig = '' - proxy_buffering off; - proxy_cache off; - ''; + extraConfig = libNginx.config.noProxyBuffering; }; }; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/searx.nix b/modules/nixos/searx.nix index 9462d5d..5c37f58 100644 --- a/modules/nixos/searx.nix +++ b/modules/nixos/searx.nix @@ -2,6 +2,7 @@ config, inputs, lib, + libNginx, ... }: with lib; let @@ -35,7 +36,7 @@ in { upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://searx"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/sonarr.nix b/modules/nixos/sonarr.nix index 2d2feb9..5cd8931 100644 --- a/modules/nixos/sonarr.nix +++ b/modules/nixos/sonarr.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, ... }: with lib; let @@ -24,7 +25,7 @@ in { upstreams.sonarr.servers."127.0.0.1:8989" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://sonarr"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix index 8815f98..755e2db 100644 --- a/modules/nixos/syncthing.nix +++ b/modules/nixos/syncthing.nix @@ -1,5 +1,6 @@ { config, + libNginx, inputs, lib, this, @@ -137,7 +138,7 @@ in { upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://syncthing"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; }) diff --git a/modules/nixos/victoriametrics.nix b/modules/nixos/victoriametrics.nix index 509ee17..89d3ddb 100644 --- a/modules/nixos/victoriametrics.nix +++ b/modules/nixos/victoriametrics.nix @@ -1,5 +1,6 @@ { config, + libNginx, lib, ... }: @@ -28,7 +29,7 @@ in { upstreams.victoriametrics.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${domain} = { locations."/".proxyPass = "http://victoriametrics"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/nixosConfigurations/manwe/webserver.nix b/nixosConfigurations/manwe/webserver.nix index 5ea2418..324036a 100644 --- a/nixosConfigurations/manwe/webserver.nix +++ b/nixosConfigurations/manwe/webserver.nix @@ -1,4 +1,6 @@ { + libNginx, + libPlausible, inputs, lib, ... @@ -79,7 +81,9 @@ with lib; { serverAliases = ["frodo.${gondor}" "frodo.${rohan}"]; locations."/" = { root = inputs.azahi-cc; - extraConfig = nginxAppendHead [(htmlPlausibleScript {domain = azahi;})]; + extraConfig = libNginx.config.appendHead [ + (libPlausible.htmlPlausibleScript {domain = azahi;}) + ]; }; }; } diff --git a/nixosConfigurations/yavanna/default.nix b/nixosConfigurations/yavanna/default.nix index 4aacb9d..6f0d848 100644 --- a/nixosConfigurations/yavanna/default.nix +++ b/nixosConfigurations/yavanna/default.nix @@ -31,11 +31,6 @@ with lib; { listenAddress = this.wireguard.ipv4.address; environment.CONFIG = "/var/lib/lidarr/.config/Lidarr/config.xml"; }; - systemd.services.prometheus-exportarr-lidarr-exporter.serviceConfig = { - ProcSubset = "pid"; - ProtectProc = "invisible"; - SystemCallFilter = ["@system-service" "~@privileged"]; - }; boot.loader.grub = { enable = true; |