wanderer/git.oat.zone--dark-firepit--dotfiles
1
0
Fork 0
mirror of https://git.oat.zone/dark-firepit/dotfiles synced 2024-11-26 06:08:48 +01:00
Code Issues Releases Activity
16bd68fdd0
git.oat.zone--dark-firepit-.../modules/services/nitter.nix
Jill "oatmealine" Monoids c0c4b77fbd attempt nitter fix
2023-06-08 20:49:08 +02:00

97 lines
3.3 KiB
Nix
Raw Blame History

{ config, lib, pkgs, options, ... }:
# heavily references https://github.com/erdnaxe/nixos-modules/blob/master/services/nitter.nix
with lib;
let
cfg = config.modules.services.nitter;
in {
options.modules.services.nitter = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = "nitter.oat.zone";
};
port = mkOption {
type = types.int;
default = 3005;
};
lightweight = mkOption {
type = types.bool;
default = false;
description = ''
Incase shit gets wild, this will make Nitter a lot more lightweight.
Some functionality gets removed (videos are not proxied, etc) in exchange for less RAM usage and CPU usage
'';
};
};
config = mkIf cfg.enable {
services = {
nitter = {
enable = true;
package = pkgs.nitter;
config = {
proxy = ""; # https://github.com/NixOS/nixpkgs/issues/235359
};
server = {
address = "127.0.0.1";
port = cfg.port;
hostname = cfg.domain;
title = "nitter.oat.zone"; # TODO: make this costumizable? not sure
https = true; # doesn't actually do any encryption, just changes cookie configuration
};
preferences = {
hlsPlayback = true;
proxyVideos = !cfg.lightweight;
theme = "Mastodon";
replaceTwitter = cfg.domain;
};
};
# https://github.com/zedeus/nitter/wiki/Nginx
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
extraConfig = ''
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
#add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'";
#add_header X-Content-Type-Options nosniff;
#add_header X-Frame-Options DENY;
#add_header X-XSS-Protection "1; mode=block";
if ($http_user_agent = 'Mozilla/5.0 (compatible; Discordbot/2.0; +https://discordapp.com)') {
return 302 $scheme://fxtwitter.com$request_uri;
}
'';
};
locations."= /robots.txt" = {
extraConfig = ''
# re-defining
#add_header Strict-Transport-Security $hsts_header;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Referrer-Policy origin-when-cross-origin;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
'';
};
};
};
# fix for a dumb error
# (this doesn't work or do anything lmfao)
# genuinely no idea how to fix it atm
systemd.services.nitter = {
path = with pkgs; lib.mkForce [ git ];
};
};
}
View Git Blame Copy Permalink