about summary refs log tree commit diff
path: root/modules/nixos/plausible.nix
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--modules/nixos/plausible.nix198
1 files changed, 98 insertions, 100 deletions
diff --git a/modules/nixos/plausible.nix b/modules/nixos/plausible.nix
index 6553462..91bdff9 100644
--- a/modules/nixos/plausible.nix
+++ b/modules/nixos/plausible.nix
@@ -6,126 +6,124 @@
 }:
 with lib; let
   cfg = config.nixfiles.modules.plausible;
-in {
-  options.nixfiles.modules.plausible = {
-    enable = mkEnableOption "Plausible Analytics";
+in
+  {
+    options.nixfiles.modules.plausible = {
+      enable = mkEnableOption "Plausible Analytics";
 
-    port = mkOption {
-      description = "Port.";
-      type = with types; port;
-      default = 8000;
-    };
+      port = mkOption {
+        description = "Port.";
+        type = with types; port;
+        default = 8000;
+      };
 
-    domain = mkOption {
-      description = "Domain name sans protocol scheme.";
-      type = with types; nullOr str;
-      default = "plausible.${config.networking.domain}";
+      domain = mkOption {
+        description = "Domain name sans protocol scheme.";
+        type = with types; nullOr str;
+        default = "plausible.${config.networking.domain}";
+      };
     };
-  };
 
-  config = let
-    db = "plausible";
-  in
-    mkIf cfg.enable {
-      secrets = {
-        plausible-key = {
-          file = "${inputs.self}/secrets/plausible-key";
-          mode = "0444"; # The user is dynamic so the file must be world-readable.
+    config = let
+      db = "plausible";
+    in
+      mkIf cfg.enable {
+        _module.args.libPlausible = {
+          htmlPlausibleScript = {
+            domain ? "$host",
+            src ? "https://${cfg.domain}/js/script.js",
+          }: ''<script defer data-domain="${domain}" src="${src}"></script>'';
         };
-        plausible-admin-password = {
-          file = "${inputs.self}/secrets/plausible-admin-password";
-          mode = "0444"; # The user is dynamic so the file must be world-readable.
-        };
-        plausible-smtp-password = {
-          file = "${inputs.self}/secrets/smtp-password";
-          mode = "0444"; # The user is dynamic so the file must be world-readable.
-        };
-        plausible-release-cookie = {
-          file = "${inputs.self}/secrets/plausible-release-cookie";
-          mode = "0444"; # The user is dynamic so the file must be world-readable.
+
+        secrets = {
+          plausible-key.file = "${inputs.self}/secrets/plausible-key";
+          plausible-admin-password.file = "${inputs.self}/secrets/plausible-admin-password";
+          plausible-smtp-password.file = "${inputs.self}/secrets/smtp-password";
         };
-      };
 
-      nixfiles.modules = {
-        nginx = {
-          enable = true;
-          upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {};
-          virtualHosts.${cfg.domain}.locations."/" = {
-            proxyPass = "http://plausible";
-            proxyWebsockets = true;
+        nixfiles.modules = {
+          nginx = {
+            enable = true;
+            upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {};
+            virtualHosts.${cfg.domain}.locations."/" = {
+              proxyPass = "http://plausible";
+              proxyWebsockets = true;
+            };
+          };
+          postgresql = {
+            enable = true;
+            extraPostStart = [
+              ''
+                $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"'
+                $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext'
+              ''
+            ];
           };
+          clickhouse.enable = true;
         };
-        postgresql = {
-          enable = true;
-          extraPostStart = [
-            ''
-              $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"'
-              $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext'
-            ''
+
+        services.postgresql = {
+          ensureDatabases = [db];
+          ensureUsers = [
+            {
+              name = db;
+              ensurePermissions."DATABASE \"${db}\"" = "ALL";
+            }
           ];
         };
-        clickhouse.enable = true;
-      };
 
-      services.postgresql = {
-        ensureDatabases = [db];
-        ensureUsers = [
-          {
-            name = db;
-            ensurePermissions."DATABASE \"${db}\"" = "ALL";
-          }
-        ];
-      };
-
-      services.plausible = {
-        enable = true;
+        services.plausible = {
+          enable = true;
 
-        adminUser = {
-          name = "admin";
-          email = "admin@${my.domain.shire}";
-          passwordFile = config.secrets.plausible-admin-password.path;
-          activate = false;
-        };
+          adminUser = {
+            name = "admin";
+            email = "admin@${my.domain.shire}";
+            passwordFile = config.secrets.plausible-admin-password.path;
+            activate = false;
+          };
 
-        mail = {
-          email = "admin+plausible@${my.domain.shire}";
-          smtp = {
-            hostAddr = my.domain.shire;
-            hostPort = 465;
-            enableSSL = true;
-            user = "azahi@${my.domain.shire}";
-            passwordFile = config.secrets.plausible-smtp-password.path;
+          mail = {
+            email = "admin+plausible@${my.domain.shire}";
+            smtp = {
+              hostAddr = my.domain.shire;
+              hostPort = 465;
+              enableSSL = true;
+              user = "azahi@${my.domain.shire}";
+              passwordFile = config.secrets.plausible-smtp-password.path;
+            };
           };
-        };
 
-        database = {
-          clickhouse = {
-            setup = false;
-            url = "http://127.0.0.1:8123/default";
+          database = {
+            clickhouse = {
+              setup = false;
+              url = "http://127.0.0.1:8123/default";
+            };
+
+            postgres = {
+              setup = true;
+              dbname = db;
+            };
           };
 
-          postgres = {
-            setup = true;
-            dbname = db;
+          server = {
+            baseUrl = "https://${cfg.domain}";
+            disableRegistration = true;
+            listenAddress = "127.0.0.1";
+            inherit (cfg) port;
+            secretKeybaseFile = config.secrets.plausible-key.path;
           };
         };
 
-        server = {
-          baseUrl = "https://${cfg.domain}";
-          disableRegistration = true;
-          inherit (cfg) port;
-          secretKeybaseFile = config.secrets.plausible-key.path;
+        systemd.services.plausible = rec {
+          after = [
+            "postgresql.service"
+            "clickhouse.service"
+          ];
+          requires = after;
         };
-
-        releaseCookiePath = config.secrets.plausible-release-cookie.path;
       };
-
-      systemd.services.plausible = rec {
-        after = [
-          "postgresql.service"
-          "clickhouse.service"
-        ];
-        requires = after;
-      };
-    };
-}
+  }
+  // lib.moduleFromRef
+  "services/web-apps/plausible.nix"
+  "nh2:plausible-listen-address-no-distributed-erlang"
+  "080c1rdz99xj8y876cw1p3zxmmaqq75jhrpf9f5z1da8v7yvs078"

Consider giving Nix/NixOS a try! <3