-
Notifications
You must be signed in to change notification settings - Fork 0
/
plausible.nix
52 lines (47 loc) · 1.58 KB
/
plausible.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
{ config, lib, pkgs, ... }:
# copied from https://carjorvaz.com/posts/setting-up-plausible-analytics-on-nixos/
# one time setup must be done before this config is applied
# mkdir -p /var/secrets/plausible/
# openssl rand -base64 64 | tr -d '\n' > /var/secrets/plausible/plausibleSecretKeybase
# openssl rand -base64 64 | tr -d '\n' > /var/secrets/plausible/plausibleAdminPassword
let
domain = "plausible.flakm.com";
in
{
services = {
plausible = {
enable = true;
adminUser = {
# activate is used to skip the email verification of the admin-user that's
# automatically created by plausible. This is only supported if
# postgresql is configured by the module. This is done by default, but
# can be turned off with services.plausible.database.postgres.setup.
name = "plausible";
activate = true;
email = "[email protected]";
passwordFile = "/var/secrets/plausible/plausibleAdminPassword";
};
server = {
baseUrl = "https://${domain}";
secretKeybaseFile = "/var/secrets/plausible/plausibleSecretKeybase";
};
};
nginx = {
virtualHosts.${domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:8000";
recommendedProxySettings = true;
};
# include X-Forwarded-Ip header in proxied requests using realip module
# https://nginx.org/en/docs/http/ngx_http_realip_module.html
};
};
};
security.acme = {
certs = {
${domain}.email = "[email protected]";
};
};
}