purge: update

2025-01-18 17:11:39 +01:00 · 2024-03-25 19:06:38 +01:00 · 2024-03-25 19:06:38 +01:00 · 4fcf655dc4
commit 4fcf655dc4
parent dcb384b1cd
5 changed files with 16 additions and 11 deletions
--- a/flake.lock
+++ b/flake.lock
@ -398,11 +398,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1709309729,
-        "narHash": "sha256-W6RjXe2/LGFnNGfY9ML4YCDasmqksUWKoMRVPHkIguM=",
+        "lastModified": 1711389856,
+        "narHash": "sha256-fz75+eNnBgYnLvH1PlG6Rxr+YU7mvltyz0MyQQbG1CA=",
        "owner": "rouven0",
        "repo": "purge",
-        "rev": "0d083d35316101755d2ecb9bba32fefc42df914d",
+        "rev": "4efddb7c14ac11e20f1fa7cfc98711c47ad75bad",
        "type": "github"
      },
      "original": {
--- a/hosts/falkenstein/modules/nginx/default.nix
+++ b/hosts/falkenstein/modules/nginx/default.nix
@ -5,6 +5,8 @@
    services.nginx.virtualHosts = mkOption {
      type = types.attrsOf (types.submodule
        ({ name, ... }: {
+          enableACME = true;
+          forceSSL = true;
          # enable http3 for all hosts
          quic = true;
          http3 = true;
--- a/hosts/falkenstein/modules/purge/default.nix
+++ b/hosts/falkenstein/modules/purge/default.nix
@ -7,6 +7,7 @@ in
    file = ../../../../secrets/falkenstein/purge.age;
  };
  services.purge = {
+    inherit domain;
    enable = true;
    discord = {
      clientId = "941041925216157746";
@ -14,11 +15,4 @@ in
      tokenFile = config.age.secrets.purge.path;
    };
  };
-  services.nginx.virtualHosts."${domain}" = {
-    enableACME = true;
-    forceSSL = true;
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:${toString config.services.purge.listenPort}";
-    };
-  };
 }
--- a/hosts/nuc/modules/nginx/default.nix
+++ b/hosts/nuc/modules/nginx/default.nix
@ -6,6 +6,8 @@
      type = types.attrsOf (types.submodule
        ({ name, ... }: {
          # split up nginx access logs per vhost
+          enableACME = true;
+          forceSSL = true;
          extraConfig = ''
            access_log /var/log/nginx/${name}_access.log;
            error_log /var/log/nginx/${name}_error.log;
--- a/shared/activation.nix
+++ b/shared/activation.nix
@ -1,9 +1,16 @@
-{ config, ... }:
+{ pkgs, config, ... }:
 {
  system.activationScripts.report-nixos-changes = ''
    if [ -e /run/current-system ] && [ -e $systemConfig ]; then
      echo System package diff:
      ${config.nix.package}/bin/nix store diff-closures /run/current-system $systemConfig || true
    fi
+    NO_FORMAT="\033[0m"
+    F_BOLD="\033[1m"
+    C_RED="\033[38;5;9m"
+    ${pkgs.diffutils}/bin/cmp --silent \
+      <(readlink /run/current-system/{initrd,kernel,kernel-modules}) \
+      <(readlink $systemConfig/{initrd,kernel,kernel-modules}) \
+      || echo -e "''${F_BOLD}''${C_RED}Kernel version changed, reboot is advised.''${NO_FORMAT}"
  '';
 }