dark-firepit
/
dotfiles
5
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
dotfiles/modules/services/nitter.nix

90 lines
3.0 KiB
Nix
Raw Blame History

{ config, lib, pkgs, options, ... }:
# heavily references https://github.com/erdnaxe/nixos-modules/blob/master/services/nitter.nix
with lib;
let
cfg = config.modules.services.nitter;
in {
options.modules.services.nitter = {
enable = mkOption {
type = types.bool;
default = false;
};
domain = mkOption {
type = types.str;
default = "nitter.oat.zone";
};
port = mkOption {
type = types.int;
default = 3005;
};
lightweight = mkOption {
type = types.bool;
default = false;
description = ''
Incase shit gets wild, this will make Nitter a lot more lightweight.
Some functionality gets removed (videos are not proxied, etc) in exchange for less RAM usage and CPU usage
'';
};
};
config = mkIf cfg.enable {
services = {
nitter = {
enable = true;
package = pkgs.unstable.nitter;
server = {
address = "127.0.0.1";
port = cfg.port;
hostname = cfg.domain;
title = "nitter.oat.zone"; # TODO: make this costumizable? not sure
https = true; # doesn't actually do any encryption, just changes cookie configuration
};
preferences = {
hlsPlayback = true;
proxyVideos = !cfg.lightweight;
theme = "Mastodon";
replaceTwitter = cfg.domain;
};
};
# https://github.com/zedeus/nitter/wiki/Nginx
nginx.virtualHosts."${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.port}";
extraConfig = ''
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
#add_header Content-Security-Policy "default-src 'none'; script-src 'self' 'unsafe-inline'; img-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self'; object-src 'none'; media-src 'self' blob:; worker-src 'self' blob:; base-uri 'self'; form-action 'self'; frame-ancestors 'self'; connect-src 'self' https://*.twimg.com; manifest-src 'self'";
#add_header X-Content-Type-Options nosniff;
#add_header X-Frame-Options DENY;
#add_header X-XSS-Protection "1; mode=block";
'';
};
locations."= /robots.txt" = {
extraConfig = ''
# re-defining
#add_header Strict-Transport-Security $hsts_header;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
add_header Referrer-Policy origin-when-cross-origin;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
'';
};
};
};
# fix for a dumb error
# (this doesn't work or do anything lmfao)
# genuinely no idea how to fix it atm
systemd.services.nitter = {
path = with pkgs; lib.mkForce [ git ];
};
};
}
Reference in New Issue View Git Blame Copy Permalink