base: create flake input exporter

base/default.nix

@@ -1,4 +1,9 @@
-{ pkgs, lib, fp, ... }:
+{
+  pkgs,
+  lib,
+  fp,
+  ...
+}:
 
 {
   imports = [
@@ -8,6 +13,7 @@
     ./networking.nix
     ./nix.nix
     ./vm.nix
+    ./flake-input-exporter.nix
 
     ./services/acme.nix
     ./services/uptimed.nix
@@ -57,11 +63,11 @@
   # home-manager usually handles this for you: https://github.com/nix-community/home-manager/blob/22a36aa709de7dd42b562a433b9cefecf104a6ee/modules/programs/bash.nix#L203-L209
   # btw, programs.bash.shellInit just goes into environment.shellInit which in turn goes into /etc/profile, spooky shit
   programs.bash.shellInit = ''
-   if [ -n "''${BASH_VERSION:-}" ]; then
+    if [ -n "''${BASH_VERSION:-}" ]; then
-     if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
+      if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
-      [[ -f ~/.bashrc ]] && . ~/.bashrc
+       [[ -f ~/.bashrc ]] && . ~/.bashrc
-     fi
+      fi
-   fi
+    fi
   '';
 
   programs.zsh.enable = true;

base/flake-input-exporter.nix

@@ -0,0 +1,40 @@
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+let
+  data = lib.flip lib.mapAttrs inputs (
+    name: input: {
+      inherit (input)
+        lastModified
+        ;
+    }
+  );
+  folder = pkgs.writeTextDir "share/flake-inputs" (
+    lib.concatMapStringsSep "\n" (
+      { name, value }:
+      "nixos_last_modified_input{flake=${name},host=${config.networking.hostName}} ${toString value.lastModified}"
+    ) (lib.attrsToList data)
+  );
+in
+{
+  services.nginx.virtualHosts."${config.networking.fqdn}" = {
+    forceSSL = true;
+    enableACME = true;
+    kTLS = true;
+    serverAliases = [
+      "${config.networking.hostName}.pvv.org"
+    ];
+    locations."/metrics" = {
+      root = "${folder}/share";
+    };
+    extraConfig = ''
+      allow 129.241.210.128/25;
+      allow 2001:700:300:1900::/64;
+      deny all;
+    '';
+  };
+}