plausible: add to other services

hosts/best/forgejo.nix

@@ -111,6 +111,10 @@ in {
   };
 
   services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
+    extraConfig = ''
+      ${config.services.plausible.extraNginxConfigFor fqdn}
+    '';
+
     locations."/".proxyPass = "http://[::1]:${toString port}";
   };
 }

hosts/best/grafana/default.nix

@@ -77,6 +77,8 @@ in {
         # Grafana sets `nosniff` while not setting the content type properly,
         # so everything breaks with it. Unset the header.
         proxy_hide_header X-Content-Type-Options;
+
+        ${config.services.plausible.extraNginxConfigFor fqdn}
       '';
 
       proxyPass       = "http://[::1]:${toString port}";

hosts/best/nextcloud/default.nix

@@ -111,6 +111,8 @@ in {
   };
 
   services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
-    extraConfig = config.services.nginx.headers;    
+    extraConfig = ''
+      ${config.services.nginx.headers}
+    '';
   };
 }

hosts/best/plausible/default.nix

@@ -1,6 +1,6 @@
 { config, self, lib, ... }: let
   inherit (config.networking) domain;
-  inherit (lib) enabled merge;
+  inherit (lib) enabled merge mkConst;
 
   fqdn = "shekels.${domain}";
   port = 8007;
@@ -10,14 +10,14 @@ in {
     (self + /modules/postgresql.nix)
   ];
 
-  secrets.plausibleKey = {
+  config.secrets.plausibleKey = {
     file  = ./key.age;
     owner = "plausible";
   };
 
-  services.postgresql.ensure = [ "plausible" ];
+  config.services.postgresql.ensure = [ "plausible" ];
 
-  services.plausible = enabled {
+  config.services.plausible = enabled {
     server = {
       disableRegistration = true; # Setting it explicitly just in case.
 
@@ -30,7 +30,16 @@ in {
     };
   };
 
-  services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
+  options.services.plausible.extraNginxConfigFor = mkConst /* nginx */ (domain: ''
+    proxy_set_header Accept-Encoding ""; # Substitution won't work if it is compressed.
+    sub_filter "</head>" '<script defer data-domain="${domain}" src="https://${fqdn}/js/script.js"></script></head>';
+    sub_filter_last_modified on;
+    sub_filter_once on;
+  '');
+
+  config.services.nginx.virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
+    extraConfig = config.services.plausible.extraNginxConfigFor fqdn;
+
     locations."/" = {
       proxyPass       = "http://[::1]:${toString port}";
       proxyWebsockets = true;

modules/nginx.nix

@@ -52,6 +52,7 @@ in {
         https "max-age=31536000; includeSubdomains; preload";
       }
 
+      # FIXME: These two aren't working.
       map $http_origin $allow_origin {
         ~^https://.+\.${domain}$ $http_origin;
       }

modules/site.nix

@@ -2,6 +2,7 @@
   inherit (config.networking) domain;
   inherit (lib) enabled merge;
 
+  fqdn = domain;
   root = "/var/www/site";
 in {
   imports = [(self + /modules/nginx.nix)];
@@ -16,7 +17,7 @@ in {
       }
     '';
 
-    virtualHosts.${domain} = merge config.services.nginx.sslTemplate {
+    virtualHosts.${fqdn} = merge config.services.nginx.sslTemplate {
       inherit root;
 
       locations."/".tryFiles = "$uri $uri.html $uri/index.html =404";
@@ -29,6 +30,8 @@ in {
 
       extraConfig = /* nginx */ ''
         error_page 404 /404.html;
+
+        ${config.services.plausible.extraNginxConfigFor fqdn}
       '';
 
       locations."/404".extraConfig = /* nginx */ ''
@@ -36,12 +39,12 @@ in {
       '';
     };
 
-    virtualHosts."www.${domain}" = merge config.services.nginx.sslTemplate {
+    virtualHosts."www.${fqdn}" = merge config.services.nginx.sslTemplate {
-      locations."/".return = "301 https://${domain}$request_uri";
+      locations."/".return = "301 https://${fqdn}$request_uri";
     };
 
     virtualHosts._ = merge config.services.nginx.sslTemplate {
-      locations."/".return = "301 https://${domain}/404";
+      locations."/".return = "301 https://${fqdn}/404";
     };
   };
 }