_module.args bad

2025-03-20 13:30:55 +01:00 · 2025-03-20 13:30:55 +01:00 · da3f97b80d
commit da3f97b80d
parent efb5d45317
47 changed files with 288 additions and 148 deletions
--- a/profiles/http/default.nix
+++ b/profiles/http/default.nix
@ -1,111 +1,119 @@
 { config, pkgs, lib, ... }:
 let
-  mkDomain = subname: "${subname}.${config.networking.fqdn}";
+  inherit (config.pbsds.nginx) mkDomain allSubdomains;
 in
 {
-  # TODO: make these into nixos options with readonly=true
+  options.pbsds.nginx.mkDomain = lib.mkOption {
-  _module.args.mkDomain = mkDomain;
+    visible = false; internal = true; readOnly = true;
-  _module.args.allSubdomains = lib.pipe config.services.nginx.virtualHosts [
+    default = subname: "${subname}.${config.networking.fqdn}";
    #(lib.mapAttrsToList (domain: vhost: [ domain ] ++ vhost.serverAliases))
    (lib.mapAttrsToList (domain: vhost: [ domain ]))
    lib.flatten
    (builtins.filter (domain: domain != "" && domain != "_"))
    (lib.sort (x: y: x<y))
  ];
  security.acme.acceptTerms = true;
  security.acme.defaults.email = "pbsds+acme@hotmail.com"; # TODO: parametrize per host
  #security.acme.defaults.renewInterval = "daily";
  #security.acme.defaults.reloadServices
  # https://www.xf.is/2020/06/30/list-of-free-acme-ssl-providers/
  #security.acme.defaults.server = "https://acme-v02.api.letsencrypt.org/directory" # default
  #security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # STAGING
  #security.acme.defaults.server = "https://api.buypass.com/acme/directory"; # no wildcards, rate limit: 20 domains/week, 5 duplicate certs / week
  #security.acme.defaults.server = "https://api.test4.buypass.no/acme/directory"; # STAGING. no wildcards, rate limit: 20 domains/week, 5 duplicate certs / week
  # DNS-based ACME:
  # - https://go-acme.github.io/lego/dns/domeneshop/
  # - https://nixos.org/manual/nixos/stable/index.html#module-security-acme-config-dns-with-vhosts
  #security.acme.defaults.dnsProvider = "domeneshop";
  #security.acme.defaults.credentialsFile = "/var/lib/secrets/domeneshop.key"; # TODO: this file must be made by hand, containing env variables.
  services.nginx.enable = true;
  networking.firewall.allowedTCPPorts = [ 80 443 ];
  # TODO:
  #services.nginx.commonHttpConfig = ''
  #  proxy_hide_header X-Frame-Options;
  #'';
  # TODO: Somehow distribute and add this to all location."/".extraConfig
  #default = {
  #  #useACMEHost = config.networking.fqdn;
  #  forceSSL = true; # addSSL = true;
  #  enableACME = true; #useACMEHost = acmeDomain;
  #}
  # TODO: Somehow distribute and add this to all location."/".extraConfig
  #commonProxySettings = ''
  #  proxy_set_header Host $host;
  #  proxy_set_header X-Real-IP $remote_addr;
  #  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  #  proxy_set_header X-Forwarded-Proto $scheme;
  #  proxy_set_header X-Forwarded-Host $host;
  #  proxy_set_header X-Forwarded-Server $host;
  #'';
  services.nginx.recommendedGzipSettings = true;
  services.nginx.recommendedOptimisation = true;
  services.nginx.recommendedProxySettings = true;
  services.nginx.recommendedTlsSettings = true;
  # nginx return 444 for all nonexistent virtualhosts
  services.nginx.virtualHosts."_" = {
    addSSL = true;
    sslCertificate = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
    sslCertificateKey = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.key.pem";
    extraConfig = "return 444;";
  };
-
+  options.pbsds.nginx.allSubdomains = lib.mkOption {
-  /** /
+    visible = false; internal = true; readOnly = true;
-  services.nginx.virtualHosts."" = {
+    default = lib.pipe config.services.nginx.virtualHosts [
-    default = true;
+      #(lib.mapAttrsToList (domain: vhost: [ domain ] ++ vhost.serverAliases))
-    forceSSL = false;
+      (lib.mapAttrsToList (domain: vhost: [ domain ]))
-    enableACME = false;
+      lib.flatten
-    root = pkgs.writeTextDir "index.html" ''
+      (builtins.filter (domain: domain != "" && domain != "_"))
-      <!DOCTYPE html>
+      (lib.sort (x: y: x<y))
      no
    '';
  };
  /**/
  # Website tunnel
  # TODO: remove
  /** /
  services.nginx.virtualHosts.${config.networking.fqdn} = {
    forceSSL = true; # addSSL = true;
    enableACME = true;
    #acmeRoot = null; # use DNS
    default = true;
    serverAliases = map mkDomain [
      "www"
      #"*" # requires DNS ACME
    ];
    # The alternative to ^ is: config.security.acme.certs."${acmeDomain}".extraDomainNames = [ (mkDomain "foo") ];
    # TODO: 'nox' alias for everything
    locations."/" = {
      proxyPass = "http://pbuntu.pbsds.net";
      proxyWebsockets = true;
    };
  };
  #services.nginx.virtualHosts.${mkDomain "www"} = {
  #  addSSL = true;
  #  useACMEHost = acmeDomain; #enableACME = true;
  #  locations."/" = {
  #    proxyPass = "http://pbuntu.pbsds.net";
  #    proxyWebsockets = true;
  #  };
  #};
  /**/
  config = {
    security.acme.acceptTerms = true;
    security.acme.defaults.email = "pbsds+acme@hotmail.com"; # TODO: parametrize per host
    #security.acme.defaults.renewInterval = "daily";
    #security.acme.defaults.reloadServices
    # https://www.xf.is/2020/06/30/list-of-free-acme-ssl-providers/
    #security.acme.defaults.server = "https://acme-v02.api.letsencrypt.org/directory" # default
    #security.acme.defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory"; # STAGING
    #security.acme.defaults.server = "https://api.buypass.com/acme/directory"; # no wildcards, rate limit: 20 domains/week, 5 duplicate certs / week
    #security.acme.defaults.server = "https://api.test4.buypass.no/acme/directory"; # STAGING. no wildcards, rate limit: 20 domains/week, 5 duplicate certs / week
    # DNS-based ACME:
    # - https://go-acme.github.io/lego/dns/domeneshop/
    # - https://nixos.org/manual/nixos/stable/index.html#module-security-acme-config-dns-with-vhosts
    #security.acme.defaults.dnsProvider = "domeneshop";
    #security.acme.defaults.credentialsFile = "/var/lib/secrets/domeneshop.key"; # TODO: this file must be made by hand, containing env variables.
    services.nginx.enable = true;
    networking.firewall.allowedTCPPorts = [ 80 443 ];
    # TODO:
    #services.nginx.commonHttpConfig = ''
    #  proxy_hide_header X-Frame-Options;
    #'';
    # TODO: Somehow distribute and add this to all location."/".extraConfig
    #default = {
    #  #useACMEHost = config.networking.fqdn;
    #  forceSSL = true; # addSSL = true;
    #  enableACME = true; #useACMEHost = acmeDomain;
    #}
    # TODO: Somehow distribute and add this to all location."/".extraConfig
    #commonProxySettings = ''
    #  proxy_set_header Host $host;
    #  proxy_set_header X-Real-IP $remote_addr;
    #  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    #  proxy_set_header X-Forwarded-Proto $scheme;
    #  proxy_set_header X-Forwarded-Host $host;
    #  proxy_set_header X-Forwarded-Server $host;
    #'';
    services.nginx.recommendedGzipSettings = true;
    services.nginx.recommendedOptimisation = true;
    services.nginx.recommendedProxySettings = true;
    services.nginx.recommendedTlsSettings = true;
    # nginx return 444 for all nonexistent virtualhosts
    services.nginx.virtualHosts."_" = {
      addSSL = true;
      sslCertificate = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
      sslCertificateKey = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.key.pem";
      extraConfig = "return 444;";
    };
    /** /
    services.nginx.virtualHosts."" = {
      default = true;
      forceSSL = false;
      enableACME = false;
      root = pkgs.writeTextDir "index.html" ''
        <!DOCTYPE html>
        no
      '';
    };
    /**/
    # Website tunnel
    # TODO: remove
    /** /
    services.nginx.virtualHosts.${config.networking.fqdn} = {
      forceSSL = true; # addSSL = true;
      enableACME = true;
      #acmeRoot = null; # use DNS
      default = true;
      serverAliases = map mkDomain [
        "www"
        #"*" # requires DNS ACME
      ];
      # The alternative to ^ is: config.security.acme.certs."${acmeDomain}".extraDomainNames = [ (mkDomain "foo") ];
      # TODO: 'nox' alias for everything
      locations."/" = {
        proxyPass = "http://pbuntu.pbsds.net";
        proxyWebsockets = true;
      };
    };
    #services.nginx.virtualHosts.${mkDomain "www"} = {
    #  addSSL = true;
    #  useACMEHost = acmeDomain; #enableACME = true;
    #  locations."/" = {
    #    proxyPass = "http://pbuntu.pbsds.net";
    #    proxyWebsockets = true;
    #  };
    #};
    /**/
  };
 }
--- a/profiles/http/docs/default.nix
+++ b/profiles/http/docs/default.nix
@ -1,6 +1,8 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
  cfg = config.services.docs-to-host;
  # https://pagefind.app/docs/ui-usage/
--- a/profiles/http/index/default.nix
+++ b/profiles/http/index/default.nix
@ -1,5 +1,7 @@
-{ config, pkgs, lib, mkDomain, allSubdomains, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain allSubdomains;
  # TODO: support fully qualified urls as well
  # `null` means filter
  customDescriptions = rec {
--- a/profiles/http/services/attic.nix
+++ b/profiles/http/services/attic.nix
@ -1,4 +1,8 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 # attic - multi-tenant nix binary cache
 # https://docs.attic.rs/tutorial.html
--- a/profiles/http/services/censordodge.nix
+++ b/profiles/http/services/censordodge.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # CensorDodge
  # A lightweight and customisable web proxy
--- a/profiles/http/services/cinny.nix
+++ b/profiles/http/services/cinny.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 lib.mkIf pkgs.unstable.cinny.meta.available # no CVE's thank you
--- a/profiles/http/services/convos.nix
+++ b/profiles/http/services/convos.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Convos
  # The simplest way to use IRC in your browser
--- a/profiles/http/services/cryptpad.nix
+++ b/profiles/http/services/cryptpad.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Cryptpad
--- a/profiles/http/services/element.nix
+++ b/profiles/http/services/element.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Element-web
  # A glossy Matrix collaboration client for the web
--- a/profiles/http/services/flexget.nix
+++ b/profiles/http/services/flexget.nix
@ -3,7 +3,7 @@ let
  cfg = config.services.flexget;
 in
-# TODO: run in VM mode if we run transmission in the same VM
+# TODO: run in build-vm mode if we run transmission in the same machine
 lib.mkIf (!config.virtualisation.isVmVariant)
 {
--- a/profiles/http/services/galene.nix
+++ b/profiles/http/services/galene.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Galene
  # Videoconferencing server that is easy to deploy, written in Go
--- a/profiles/http/services/gitea.nix
+++ b/profiles/http/services/gitea.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Gitea
  # Git with a cup of tea
--- a/profiles/http/services/graphana.nix
+++ b/profiles/http/services/graphana.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Graphana
  # Gorgeous metric viz, dashboards & editors for Graphite, InfluxDB & OpenTSDB
--- a/profiles/http/services/hedgedoc.nix
+++ b/profiles/http/services/hedgedoc.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
    # hedgedoc
    # Realtime collaborative markdown notes on all platforms
--- a/profiles/http/services/home-assistant.nix
+++ b/profiles/http/services/home-assistant.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # home-assistant
--- a/profiles/http/services/hydra.nix
+++ b/profiles/http/services/hydra.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Hydra
  # Nix-based continuous build system
--- a/profiles/http/services/invidious.nix
+++ b/profiles/http/services/invidious.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, inputs, mkDomain, ... }:
+{ config, pkgs, lib, inputs, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Invidious
  # An open source alternative front-end to YouTube
--- a/profiles/http/services/jellyfin.nix
+++ b/profiles/http/services/jellyfin.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, inputs, mkDomain, ... }:
+{ config, pkgs, lib, inputs, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 # don't mount if local VM
 lib.mkIf (!config.virtualisation.isVmVariant)
--- a/profiles/http/services/jitsi-meet.nix
+++ b/profiles/http/services/jitsi-meet.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Jitsi meet
--- a/profiles/http/services/kukkee.nix
+++ b/profiles/http/services/kukkee.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Kukkee
  # Self-hosted Doodle alternative: a meeting poll tool
--- a/profiles/http/services/matrix-synapse.nix
+++ b/profiles/http/services/matrix-synapse.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # matrix-synapse
  /**/
--- a/profiles/http/services/mattermost.nix
+++ b/profiles/http/services/mattermost.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Mattermost
  # Open-source, self-hosted Slack-alternative
--- a/profiles/http/services/navidrome.nix
+++ b/profiles/http/services/navidrome.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 # don't mount if local VM
 lib.mkIf (!config.virtualisation.isVmVariant)
--- a/profiles/http/services/netdata.nix
+++ b/profiles/http/services/netdata.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Netdata
  # Real-time performance monitoring tool
--- a/profiles/http/services/nitter.nix
+++ b/profiles/http/services/nitter.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Nitter
  # Alternative Twitter front-end
--- a/profiles/http/services/ntopng.nix
+++ b/profiles/http/services/ntopng.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # ntopng
  # High-speed web-based traffic analysis and flow collection tool
--- a/profiles/http/services/openspeedtest.nix
+++ b/profiles/http/services/openspeedtest.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # OpenSpeedtTest
  # Pure HTML5 Network Performance Estimation Tool
--- a/profiles/http/services/owncast.nix
+++ b/profiles/http/services/owncast.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # OwnCast
--- a/profiles/http/services/paperless.nix
+++ b/profiles/http/services/paperless.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # paperless-ngx
  # A supercharged version of paperless: scan, index, and archive all of your physical documents
--- a/profiles/http/services/plex.nix
+++ b/profiles/http/services/plex.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, inputs, mkDomain, ... }:
+{ config, pkgs, lib, inputs, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 # don't mount if local VM
 lib.mkIf (!config.virtualisation.isVmVariant)
--- a/profiles/http/services/polaris.nix
+++ b/profiles/http/services/polaris.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Polaris
  # Self-host your music collection, and access it from any computer and mobile device
--- a/profiles/http/services/redlib.nix
+++ b/profiles/http/services/redlib.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # redlib, previously libreddit
  # Private front-end for Reddit
--- a/profiles/http/services/resilio.nix
+++ b/profiles/http/services/resilio.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 # don't mount if local VM
 lib.mkIf (!config.virtualisation.isVmVariant)
--- a/profiles/http/services/roundcube.nix
+++ b/profiles/http/services/roundcube.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Roundcube
  # Open Source Webmail Software
--- a/profiles/http/services/shlink.nix
+++ b/profiles/http/services/shlink.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Shlink
  # URL shortener with REST API and command line interface
--- a/profiles/http/services/snappymail.nix
+++ b/profiles/http/services/snappymail.nix
@ -1,7 +1,8 @@
 # adapted from https://github.com/samrose/dotfiles-1/blob/8887ca3b01edecd83c2e95f01e42885ce26f76c5/nixos/eve/modules/snappymail.nix#L55
-{ pkgs, config, lib, mkDomain, ... }:
+{ pkgs, config, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
  maxUploadSize = "256M";
  toKeyValue = lib.generators.toKeyValue {
    mkKeyValue = lib.generators.mkKeyValueDefault {} " = ";
--- a/profiles/http/services/sourcegraph.nix
+++ b/profiles/http/services/sourcegraph.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # Sourcegraph
  # Understand, fix, and automate across your codebase with this code intelligence platform
--- a/profiles/http/services/stickers.nix
+++ b/profiles/http/services/stickers.nix
@ -1,6 +1,9 @@
-{ config, lib, mkDomain, inputs, ... }:
+{ config, lib, inputs, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
  myStickerPicker = inputs.maunium-stickerpicker-nix.createStickerPicker {
    #homeserver = "https://matrix.pvv.ntnu.no";
    #userId = "@stickerbot:my.matrix.server";
--- a/profiles/http/services/tautulli.nix
+++ b/profiles/http/services/tautulli.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, inputs, mkDomain, ... }:
+{ config, pkgs, lib, inputs, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # plex admin web ui
--- a/profiles/http/services/thelounge.nix
+++ b/profiles/http/services/thelounge.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # thelunge
  # The self-hosted Web IRC client
--- a/profiles/http/services/trivial-gradios/default.nix
+++ b/profiles/http/services/trivial-gradios/default.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # trivial gradios
--- a/profiles/http/services/vaultwarden.nix
+++ b/profiles/http/services/vaultwarden.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # vaultwarden
  # Unofficial Bitwarden compatible server written in Rust
--- a/profiles/http/services/webdav-zotero.nix
+++ b/profiles/http/services/webdav-zotero.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # webdav
--- a/profiles/http/sites/kuklefse.nix
+++ b/profiles/http/sites/kuklefse.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  services.nginx.virtualHosts."kuklef.se" = {
    forceSSL = true; # addSSL = true;
--- a/profiles/http/sites/linktree-pbsds.nix
+++ b/profiles/http/sites/linktree-pbsds.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, mkDomain, ... }:
+{ config, pkgs, lib, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # links.pbsds.net
--- a/profiles/http/sites/refleksjon-no.nix
+++ b/profiles/http/sites/refleksjon-no.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, inputs, mkDomain, ... }:
+{ config, pkgs, lib, inputs, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # refleksjon.no
--- a/profiles/http/sites/roroslyd-no.nix
+++ b/profiles/http/sites/roroslyd-no.nix
@ -1,4 +1,7 @@
-{ config, pkgs, lib, inputs, mkDomain, ... }:
+{ config, pkgs, lib, inputs, ... }:
 let
  inherit (config.pbsds.nginx) mkDomain;
 in
 {
  # roroslyd.no