From 011c1632f3762e1bc1ecfdee9d9f3b3f44be74e5 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sun, 12 Nov 2023 17:50:43 +0300 Subject: 2023-11-12 --- modules/common/emacs/default.nix | 4 + modules/common/emacs/doom/config.el | 42 ++++---- modules/common/emacs/doom/init.el | 4 +- modules/common/git.nix | 2 +- modules/common/nmap.nix | 2 +- modules/nixos/alertmanager.nix | 5 +- modules/nixos/games/lutris.nix | 4 +- modules/nixos/git/default.nix | 6 +- modules/nixos/gotify.nix | 3 +- modules/nixos/grafana.nix | 3 +- modules/nixos/ipfs.nix | 5 +- modules/nixos/jackett.nix | 3 +- modules/nixos/lidarr.nix | 3 +- modules/nixos/loki.nix | 3 +- modules/nixos/nginx.nix | 17 ++++ modules/nixos/ntfy.nix | 3 +- modules/nixos/plausible.nix | 198 ++++++++++++++++++------------------ modules/nixos/prometheus.nix | 3 +- modules/nixos/radarr.nix | 3 +- modules/nixos/radicale.nix | 3 +- modules/nixos/rss-bridge.nix | 3 +- modules/nixos/rtorrent.nix | 8 +- modules/nixos/searx.nix | 3 +- modules/nixos/sonarr.nix | 3 +- modules/nixos/syncthing.nix | 3 +- modules/nixos/victoriametrics.nix | 3 +- 26 files changed, 190 insertions(+), 149 deletions(-) (limited to 'modules') diff --git a/modules/common/emacs/default.nix b/modules/common/emacs/default.nix index e7597ad..c5cf7ed 100644 --- a/modules/common/emacs/default.nix +++ b/modules/common/emacs/default.nix @@ -195,6 +195,10 @@ in { '') muAccounts; in '' + ;; A stupid hack. This needs to be fixed upstream in either Doom + ;; or Nixpkgs. + (add-to-list 'load-path "${pkgs.mu.mu4e}/share/emacs/site-lisp/mu4e") + (setq mu4e-root-maildir "${maildirBasePath}") ${mu4eAccounts} diff --git a/modules/common/emacs/doom/config.el b/modules/common/emacs/doom/config.el index df8b82e..7cecfba 100644 --- a/modules/common/emacs/doom/config.el +++ b/modules/common/emacs/doom/config.el @@ -2,32 +2,35 @@ ;;; Misc ;; -(setq display-line-numbers-type t) +(setq frame-title-format '("GNU Emacs")) -(setq scroll-margin 10 - hscroll-margin 10) +(setq-hook! 'prog-mode-hook + display-line-numbers-type 'relative + scroll-margin 10 + hscroll-margin 10) -(setq browse-url-generic-program (executable-find "firefox") - browse-url-browser-function 'browse-url-generic) +(when IS-LINUX + (setq browse-url-generic-program (executable-find "firefox") + browse-url-browser-function 'browse-url-generic)) ;; ;;; Doom-specific ;; -;; Make it more default-ey. -(setq frame-title-format '("Emacs") - icon-title-format frame-title-format) - -(setq doom-theme 'doom-tomorrow-night) - -(setq +format-on-save-enabled-modes '(not nix-mode json-mode yaml-mode)) +(setq doom-theme 'doom-tomorrow-night + doom-modeline-icon nil + doom-modeline-indent-info t + doom-modeline-total-line-number t + doom-modeline-height 30) ;; ;;; LSP ;; (setq lsp-enable-suggest-server-download nil - lsp-file-watch-threshold 512) + lsp-enable-file-watchers t + lsp-file-watch-threshold 2048 + lsp-modeline-code-actions-enable nil) ;; ;;; Org @@ -174,12 +177,13 @@ (setq circe-network-options (mapcar (lambda (server) - `(,server :server-buffer-name ,server - :host "shire.net" - :port 6667 - :user ,(concat circe-default-user "/" server) - :pass ,(lambda (&rest _) - (+pass-get-secret "server/soju.manwe.shire.net/azahi")))) + `(,server + :server-buffer-name ,server + :host "shire.net" + :port 6667 + :user ,(concat circe-default-user "/" server) + :pass ,(lambda (&rest _) + (+pass-get-secret "server/soju.manwe.shire.net/azahi")))) '("libera" "oftc" "hackint" "rizon"))) ;; diff --git a/modules/common/emacs/doom/init.el b/modules/common/emacs/doom/init.el index 3b26e0d..0acd008 100644 --- a/modules/common/emacs/doom/init.el +++ b/modules/common/emacs/doom/init.el @@ -14,8 +14,8 @@ hl-todo hydra indent-guides - (ligatures +extra) - (modeline +light) + ligatures + modeline ;; nav-flash ophints (popup +defaults) diff --git a/modules/common/git.nix b/modules/common/git.nix index da33eb2..4ed7c03 100644 --- a/modules/common/git.nix +++ b/modules/common/git.nix @@ -116,7 +116,7 @@ in { fuck = "!${git} reset --hard && ${git} clean --force -dx"; get = "pull --all --recurse-submodules --autostash"; gud = ''commit -m "git gud"''; - refresh = "clean --force -X"; + refresh = "clean --force -dx"; tree = "log --graph --date=relative --pretty=tformat:'%Cred%h%Creset -%C(auto)%d%Creset %s %Cgreen(%an %ad)%Creset'"; uncommit = "reset --soft HEAD~1"; untrack = "rm --cache --"; diff --git a/modules/common/nmap.nix b/modules/common/nmap.nix index 03586c0..c13a9bc 100644 --- a/modules/common/nmap.nix +++ b/modules/common/nmap.nix @@ -14,7 +14,7 @@ in { hm = { home = { file = { - ".nmap/scripts/vulners/vulners.nse".source = "${inputs.nmap-vulners}/vulners.nse"; + ".nmap/scripts/vulners".source = inputs.nmap-vulners; ".nmap/scripts/vulscan/vulscan.nse".source = "${inputs.nmap-vulscan}/vulscan.nse"; }; diff --git a/modules/nixos/alertmanager.nix b/modules/nixos/alertmanager.nix index c8f0bf2..acbf7df 100644 --- a/modules/nixos/alertmanager.nix +++ b/modules/nixos/alertmanager.nix @@ -2,6 +2,7 @@ config, inputs, lib, + libNginx, ... }: with lib; let @@ -28,12 +29,12 @@ in { config = mkIf cfg.enable { nixfiles.modules = { ntfy.enable = true; - nginx = with cfg; { + nginx = { enable = true; upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://alertmanager"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; }; diff --git a/modules/nixos/games/lutris.nix b/modules/nixos/games/lutris.nix index ad1e43e..feaeefa 100644 --- a/modules/nixos/games/lutris.nix +++ b/modules/nixos/games/lutris.nix @@ -17,7 +17,9 @@ in { }; hm.home.packages = with pkgs; [ - lutris + (lutris.override { + extraPkgs = _: [wine]; + }) vkBasalt winetricks ]; diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix index 4268f82..67cc07b 100644 --- a/modules/nixos/git/default.nix +++ b/modules/nixos/git/default.nix @@ -1,5 +1,7 @@ { config, + libNginx, + libPlausible, lib, pkgs, ... @@ -73,9 +75,9 @@ in { fastcgi_param QUERY_STRING $args; fastcgi_param HTTP_HOST $server_name; - ${nginxAppendHead [ + ${libNginx.config.appendHead [ '''' - (htmlPlausibleScript {inherit (cfg.server) domain;}) + (libPlausible.htmlPlausibleScript {inherit (cfg.server) domain;}) ]} ''; "~* ^.+(cgit.css|robots.txt)$".extraConfig = '' diff --git a/modules/nixos/gotify.nix b/modules/nixos/gotify.nix index db47bb4..41e1956 100644 --- a/modules/nixos/gotify.nix +++ b/modules/nixos/gotify.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, ... }: with lib; let @@ -29,7 +30,7 @@ in { proxyPass = "http://gotify"; proxyWebsockets = true; }; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; postgresql = { diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix index c191e38..ae79d17 100644 --- a/modules/nixos/grafana.nix +++ b/modules/nixos/grafana.nix @@ -1,5 +1,6 @@ { config, + libNginx, inputs, lib, ... @@ -56,7 +57,7 @@ in { proxyPass = "http://grafana"; proxyWebsockets = true; }; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; postgresql = { diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix index 43ddb70..bf93a3c 100644 --- a/modules/nixos/ipfs.nix +++ b/modules/nixos/ipfs.nix @@ -1,5 +1,6 @@ { config, + libNginx, lib, this, ... @@ -129,7 +130,7 @@ in { virtualHosts = { ${cfg.domain} = { locations."/".proxyPass = "http://kubo_gateway"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; "api.${cfg.domain}" = { locations = { @@ -138,7 +139,7 @@ in { optionalString config.nixfiles.modules.acme.enable "s" }://api.${cfg.domain}/webui"; }; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; }; diff --git a/modules/nixos/jackett.nix b/modules/nixos/jackett.nix index f8e45ba..772e0e9 100644 --- a/modules/nixos/jackett.nix +++ b/modules/nixos/jackett.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, ... }: with lib; let @@ -24,7 +25,7 @@ in { upstreams.jackett.servers."127.0.0.1:9117" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://jackett"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/lidarr.nix b/modules/nixos/lidarr.nix index ffa0735..b0c833c 100644 --- a/modules/nixos/lidarr.nix +++ b/modules/nixos/lidarr.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, ... }: with lib; let @@ -24,7 +25,7 @@ in { upstreams.lidarr.servers."127.0.0.1:8686" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://lidarr"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/loki.nix b/modules/nixos/loki.nix index 90a051c..c5194e1 100644 --- a/modules/nixos/loki.nix +++ b/modules/nixos/loki.nix @@ -1,5 +1,6 @@ { config, + libNginx, lib, pkgs, ... @@ -31,7 +32,7 @@ in { upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${domain} = { locations."/".proxyPass = "http://loki"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix index 9ca6936..05c6a06 100644 --- a/modules/nixos/nginx.nix +++ b/modules/nixos/nginx.nix @@ -25,6 +25,23 @@ in { }; config = mkIf cfg.enable { + _module.args.libNginx.config = { + internalOnly = '' + if ($internal != 1) { + return 403; + } + access_log off; + ''; + appendHead = text: '' + sub_filter '' '${lib.concatStrings text}'; + sub_filter_once on; + ''; + noProxyBuffering = '' + proxy_buffering off; + proxy_cache off; + ''; + }; + services = { nginx = { enable = true; diff --git a/modules/nixos/ntfy.nix b/modules/nixos/ntfy.nix index 1682b7e..037f84a 100644 --- a/modules/nixos/ntfy.nix +++ b/modules/nixos/ntfy.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, this, ... }: @@ -55,7 +56,7 @@ in { deny all; ''; }; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/plausible.nix b/modules/nixos/plausible.nix index 6553462..91bdff9 100644 --- a/modules/nixos/plausible.nix +++ b/modules/nixos/plausible.nix @@ -6,126 +6,124 @@ }: with lib; let cfg = config.nixfiles.modules.plausible; -in { - options.nixfiles.modules.plausible = { - enable = mkEnableOption "Plausible Analytics"; +in + { + options.nixfiles.modules.plausible = { + enable = mkEnableOption "Plausible Analytics"; - port = mkOption { - description = "Port."; - type = with types; port; - default = 8000; - }; + port = mkOption { + description = "Port."; + type = with types; port; + default = 8000; + }; - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "plausible.${config.networking.domain}"; + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "plausible.${config.networking.domain}"; + }; }; - }; - config = let - db = "plausible"; - in - mkIf cfg.enable { - secrets = { - plausible-key = { - file = "${inputs.self}/secrets/plausible-key"; - mode = "0444"; # The user is dynamic so the file must be world-readable. + config = let + db = "plausible"; + in + mkIf cfg.enable { + _module.args.libPlausible = { + htmlPlausibleScript = { + domain ? "$host", + src ? "https://${cfg.domain}/js/script.js", + }: ''''; }; - plausible-admin-password = { - file = "${inputs.self}/secrets/plausible-admin-password"; - mode = "0444"; # The user is dynamic so the file must be world-readable. - }; - plausible-smtp-password = { - file = "${inputs.self}/secrets/smtp-password"; - mode = "0444"; # The user is dynamic so the file must be world-readable. - }; - plausible-release-cookie = { - file = "${inputs.self}/secrets/plausible-release-cookie"; - mode = "0444"; # The user is dynamic so the file must be world-readable. + + secrets = { + plausible-key.file = "${inputs.self}/secrets/plausible-key"; + plausible-admin-password.file = "${inputs.self}/secrets/plausible-admin-password"; + plausible-smtp-password.file = "${inputs.self}/secrets/smtp-password"; }; - }; - nixfiles.modules = { - nginx = { - enable = true; - upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain}.locations."/" = { - proxyPass = "http://plausible"; - proxyWebsockets = true; + nixfiles.modules = { + nginx = { + enable = true; + upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${cfg.domain}.locations."/" = { + proxyPass = "http://plausible"; + proxyWebsockets = true; + }; + }; + postgresql = { + enable = true; + extraPostStart = [ + '' + $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' + $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext' + '' + ]; }; + clickhouse.enable = true; }; - postgresql = { - enable = true; - extraPostStart = [ - '' - $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' - $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext' - '' + + services.postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } ]; }; - clickhouse.enable = true; - }; - services.postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; - } - ]; - }; - - services.plausible = { - enable = true; + services.plausible = { + enable = true; - adminUser = { - name = "admin"; - email = "admin@${my.domain.shire}"; - passwordFile = config.secrets.plausible-admin-password.path; - activate = false; - }; + adminUser = { + name = "admin"; + email = "admin@${my.domain.shire}"; + passwordFile = config.secrets.plausible-admin-password.path; + activate = false; + }; - mail = { - email = "admin+plausible@${my.domain.shire}"; - smtp = { - hostAddr = my.domain.shire; - hostPort = 465; - enableSSL = true; - user = "azahi@${my.domain.shire}"; - passwordFile = config.secrets.plausible-smtp-password.path; + mail = { + email = "admin+plausible@${my.domain.shire}"; + smtp = { + hostAddr = my.domain.shire; + hostPort = 465; + enableSSL = true; + user = "azahi@${my.domain.shire}"; + passwordFile = config.secrets.plausible-smtp-password.path; + }; }; - }; - database = { - clickhouse = { - setup = false; - url = "http://127.0.0.1:8123/default"; + database = { + clickhouse = { + setup = false; + url = "http://127.0.0.1:8123/default"; + }; + + postgres = { + setup = true; + dbname = db; + }; }; - postgres = { - setup = true; - dbname = db; + server = { + baseUrl = "https://${cfg.domain}"; + disableRegistration = true; + listenAddress = "127.0.0.1"; + inherit (cfg) port; + secretKeybaseFile = config.secrets.plausible-key.path; }; }; - server = { - baseUrl = "https://${cfg.domain}"; - disableRegistration = true; - inherit (cfg) port; - secretKeybaseFile = config.secrets.plausible-key.path; + systemd.services.plausible = rec { + after = [ + "postgresql.service" + "clickhouse.service" + ]; + requires = after; }; - - releaseCookiePath = config.secrets.plausible-release-cookie.path; }; - - systemd.services.plausible = rec { - after = [ - "postgresql.service" - "clickhouse.service" - ]; - requires = after; - }; - }; -} + } + // lib.moduleFromRef + "services/web-apps/plausible.nix" + "nh2:plausible-listen-address-no-distributed-erlang" + "080c1rdz99xj8y876cw1p3zxmmaqq75jhrpf9f5z1da8v7yvs078" diff --git a/modules/nixos/prometheus.nix b/modules/nixos/prometheus.nix index 6de294f..5e61e73 100644 --- a/modules/nixos/prometheus.nix +++ b/modules/nixos/prometheus.nix @@ -1,5 +1,6 @@ { config, + libNginx, lib, ... }: @@ -28,7 +29,7 @@ in { upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${domain} = { locations."/".proxyPass = "http://prometheus"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/radarr.nix b/modules/nixos/radarr.nix index 1551934..72abfac 100644 --- a/modules/nixos/radarr.nix +++ b/modules/nixos/radarr.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, ... }: with lib; let @@ -24,7 +25,7 @@ in { upstreams.radarr.servers."127.0.0.1:7878" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://radarr"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/radicale.nix b/modules/nixos/radicale.nix index d072899..3c6a230 100644 --- a/modules/nixos/radicale.nix +++ b/modules/nixos/radicale.nix @@ -1,4 +1,5 @@ { + libNginx, config, inputs, lib, @@ -34,7 +35,7 @@ in { upstreams.radicale.servers."127.0.0.1:${toString port}" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://radicale"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/rss-bridge.nix b/modules/nixos/rss-bridge.nix index 1fcaac8..486f2bf 100644 --- a/modules/nixos/rss-bridge.nix +++ b/modules/nixos/rss-bridge.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, ... }: with lib; let @@ -21,7 +22,7 @@ in { nixfiles.modules.nginx = { enable = true; - virtualHosts.${cfg.domain}.extraConfig = nginxInternalOnly; + virtualHosts.${cfg.domain}.extraConfig = libNginx.config.internalOnly; }; services.rss-bridge = { diff --git a/modules/nixos/rtorrent.nix b/modules/nixos/rtorrent.nix index a4cade7..5d2dba5 100644 --- a/modules/nixos/rtorrent.nix +++ b/modules/nixos/rtorrent.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, pkgs, ... }: @@ -225,13 +226,10 @@ in { "/".tryFiles = "$uri /index.html"; "/api" = { proxyPass = "http://flood"; - extraConfig = '' - proxy_buffering off; - proxy_cache off; - ''; + extraConfig = libNginx.config.noProxyBuffering; }; }; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/searx.nix b/modules/nixos/searx.nix index 9462d5d..5c37f58 100644 --- a/modules/nixos/searx.nix +++ b/modules/nixos/searx.nix @@ -2,6 +2,7 @@ config, inputs, lib, + libNginx, ... }: with lib; let @@ -35,7 +36,7 @@ in { upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://searx"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/sonarr.nix b/modules/nixos/sonarr.nix index 2d2feb9..5cd8931 100644 --- a/modules/nixos/sonarr.nix +++ b/modules/nixos/sonarr.nix @@ -1,6 +1,7 @@ { config, lib, + libNginx, ... }: with lib; let @@ -24,7 +25,7 @@ in { upstreams.sonarr.servers."127.0.0.1:8989" = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://sonarr"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix index 8815f98..755e2db 100644 --- a/modules/nixos/syncthing.nix +++ b/modules/nixos/syncthing.nix @@ -1,5 +1,6 @@ { config, + libNginx, inputs, lib, this, @@ -137,7 +138,7 @@ in { upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {}; virtualHosts.${cfg.domain} = { locations."/".proxyPass = "http://syncthing"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; }) diff --git a/modules/nixos/victoriametrics.nix b/modules/nixos/victoriametrics.nix index 509ee17..89d3ddb 100644 --- a/modules/nixos/victoriametrics.nix +++ b/modules/nixos/victoriametrics.nix @@ -1,5 +1,6 @@ { config, + libNginx, lib, ... }: @@ -28,7 +29,7 @@ in { upstreams.victoriametrics.servers."127.0.0.1:${toString cfg.port}" = {}; virtualHosts.${domain} = { locations."/".proxyPass = "http://victoriametrics"; - extraConfig = nginxInternalOnly; + extraConfig = libNginx.config.internalOnly; }; }; -- cgit v1.2.3