diff options
28 files changed, 278 insertions, 48 deletions
@@ -1,5 +1,12 @@ stockholm ?= . +export STOCKHOLM_VERSION ?= $(shell \ + version=git.$$(git describe --always --dirty); \ + case $$version in (*-dirty) version=$$version@$$(hostname); esac; \ + date=$$(date +%y.%m); \ + printf '%s' "$$date.$$version"; \ +) + ifndef nixos-config $(if $(system),,$(error unbound variable: system)) nixos-config = ./$(LOGNAME)/1systems/$(system).nix @@ -60,7 +67,8 @@ deploy: ssh ?= ssh deploy: $(call execute,populate) $(ssh) $(target_user)@$(target_host) -p $(target_port) \ - nixos-rebuild switch --show-trace -I $(target_path) + env STOCKHOLM_VERSION="$$STOCKHOLM_VERSION" \ + nixos-rebuild switch --show-trace -I $(target_path) # usage: make LOGNAME=shared system=wolf eval.config.krebs.build.host.name eval eval.:;@$(call evaluate,$${expr-eval}) @@ -75,6 +83,7 @@ install: target_path=/mnt$(target_path) $(call execute,populate) $(ssh) $(target_user)@$(target_host) -p $(target_port) \ env NIXOS_CONFIG=$(target_path)/nixos-config \ + STOCKHOLM_VERSION="$$STOCKHOLM_VERSION" \ nixos-install # usage: make test system=foo [target=bar] [method={eval,build}] diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 186469e97..bdd9049cb 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -23,6 +23,7 @@ let ./lib.nix ./nginx.nix ./nixpkgs.nix + ./os-release.nix ./per-user.nix ./Reaktor.nix ./realwallpaper.nix diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index 6e6928f89..696c48baf 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -39,6 +39,8 @@ let # TODO modular configuration assert config.krebs.retiolum.enable; '' + keep_environment = + primary_hostname = ${cfg.primary_hostname} domainlist local_domains = ${concatStringsSep ":" cfg.local_domains} domainlist relay_to_domains = ${concatStringsSep ":" cfg.relay_to_domains} diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index c976e89de..cee10ce7d 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -12,6 +12,29 @@ let api = { enable = mkEnableOption "krebs.exim-smarthost"; + dkim = mkOption { + type = types.listOf (types.submodule ({ config, ... }: { + options = { + domain = mkOption { + type = types.str; + }; + private_key = mkOption { + type = types.secret-file; + default = { + path = "/run/krebs.secret/${config.domain}.dkim_private_key"; + owner.name = "exim"; + source-path = toString <secrets> + "/${config.domain}.dkim.priv"; + }; + }; + selector = mkOption { + type = types.str; + default = "default"; + }; + }; + })); + default = []; + }; + internet-aliases = mkOption { type = types.listOf (types.submodule ({ options = { @@ -72,9 +95,21 @@ let }; imp = { + krebs.secret.files = listToAttrs (flip map cfg.dkim (dkim: { + name = "exim.dkim_private_key/${dkim.domain}"; + value = dkim.private_key; + })); + systemd.services = mkIf (cfg.dkim != []) { + exim = { + after = [ "secret.service" ]; + requires = [ "secret.service" ]; + }; + }; services.exim = { enable = true; config = '' + keep_environment = + primary_hostname = ${cfg.primary_hostname} # HOST_REDIR contains the real destinations for "local_domains". @@ -191,6 +226,12 @@ let remote_smtp: driver = smtp + ${optionalString (cfg.dkim != []) '' + dkim_canon = relaxed + dkim_domain = $sender_address_domain + dkim_private_key = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_private_key}}} + dkim_selector = ''${lookup{$sender_address_domain}lsearch{${lsearch.dkim_selector}}} + ''} helo_data = ''${if eq{$acl_m_special_dom}{} \ {$primary_hostname} \ {$acl_m_special_dom} } @@ -219,12 +260,20 @@ let }; - lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) { + lsearch = mapAttrs (name: set: toFile name (to-lsearch set)) ({ inherit (cfg) internet-aliases; inherit (cfg) system-aliases; - }; - - to-lsearch = concatMapStringsSep "\n" ({ from, to, ... }: "${from}: ${to}"); - -in -out + } // optionalAttrs (cfg.dkim != []) { + dkim_private_key = flip map cfg.dkim (dkim: { + from = dkim.domain; + to = dkim.private_key.path; + }); + dkim_selector = flip map cfg.dkim (dkim: { + from = dkim.domain; + to = dkim.selector; + }); + }); + + to-lsearch = concatMapStrings ({ from, to, ... }: "${from}: ${to}\n"); + +in out diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 0cc2f11c9..d2d73ba3d 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -400,7 +400,7 @@ let #! /bin/sh set -euf - PATH=${makeSearchPath "bin" (with pkgs; [ + PATH=${makeBinPath (with pkgs; [ coreutils git gnugrep @@ -451,7 +451,7 @@ let #! /bin/sh set -euf - PATH=${makeSearchPath "bin" (with pkgs; [ + PATH=${makeBinPath (with pkgs; [ coreutils findutils gawk @@ -511,7 +511,7 @@ let #! /bin/sh set -euf - PATH=${makeSearchPath "bin" (with pkgs; [ + PATH=${makeBinPath (with pkgs; [ coreutils # env git systemd diff --git a/krebs/3modules/nginx.nix b/krebs/3modules/nginx.nix index ec39715d8..2aa023443 100644 --- a/krebs/3modules/nginx.nix +++ b/krebs/3modules/nginx.nix @@ -49,7 +49,6 @@ let services.nginx = { enable = true; httpConfig = '' - include ${pkgs.nginx}/conf/mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix new file mode 100644 index 000000000..4c803fff8 --- /dev/null +++ b/krebs/3modules/os-release.nix @@ -0,0 +1,28 @@ +{ config, ... }: +with config.krebs.lib; +let + nixos-version-id = "${config.system.nixosVersion}"; + nixos-version = "${nixos-version-id} (${config.system.nixosCodeName})"; + nixos-pretty-name = "NixOS ${nixos-version}"; + + stockholm-version-id = maybeEnv "STOCKHOLM_VERSION" "unknown"; + stockholm-version = "${stockholm-version-id}"; + stockholm-pretty-name = "stockholm ${stockholm-version}"; + + version = "${stockholm-version}/${nixos-version}"; + version-id = "${stockholm-version-id}/${nixos-version-id}"; + pretty-name = "${stockholm-pretty-name} / ${nixos-pretty-name}"; + + home-url = http://cgit.cd.krebsco.de/stockholm; +in +{ + # http://0pointer.de/public/systemd-man/os-release.html + environment.etc."os-release".text = mkForce '' + NAME="stockholm/NixOS" + ID=stockholm + VERSION="${version}" + VERSION_ID="${version-id}" + PRETTY_NAME="${pretty-name}" + HOME_URL="${home-url}" + ''; +} diff --git a/krebs/5pkgs/builders.nix b/krebs/5pkgs/builders.nix index fa51857ba..146e6f9e1 100644 --- a/krebs/5pkgs/builders.nix +++ b/krebs/5pkgs/builders.nix @@ -29,7 +29,7 @@ rec { execveBin = name: cfg: execve name (cfg // { destination = "/bin/${name}"; }); writeC = name: { destination ? "" }: src: pkgs.runCommand name {} '' - PATH=${makeSearchPath "bin" (with pkgs; [ + PATH=${makeBinPath (with pkgs; [ binutils coreutils gcc diff --git a/krebs/5pkgs/cac-api/default.nix b/krebs/5pkgs/cac-api/default.nix index 52ada4f1b..85a906e1d 100644 --- a/krebs/5pkgs/cac-api/default.nix +++ b/krebs/5pkgs/cac-api/default.nix @@ -18,7 +18,7 @@ stdenv.mkDerivation { mkdir -p $out/bin { cat <<\EOF #! ${dash}/bin/dash - export PATH=${stdenv.lib.makeSearchPath "bin" [ + export PATH=${stdenv.lib.makeBinPath [ bc coreutils curl diff --git a/krebs/5pkgs/cgit/default.nix b/krebs/5pkgs/cgit/default.nix new file mode 100644 index 000000000..3180a5bd3 --- /dev/null +++ b/krebs/5pkgs/cgit/default.nix @@ -0,0 +1,64 @@ +{ stdenv, fetchurl, openssl, zlib, asciidoc, libxml2, libxslt +, docbook_xml_xslt, pkgconfig, luajit +, gzip, bzip2, xz +}: + +stdenv.mkDerivation rec { + name = "cgit-${version}"; + version = "0.12"; + + src = fetchurl { + url = "http://git.zx2c4.com/cgit/snapshot/${name}.tar.xz"; + sha256 = "1dx54hgfyabmg9nm5qp6d01f54nlbqbbdwhwl0llb9imjf237qif"; + }; + + # cgit is tightly coupled with git and needs a git source tree to build. + # IMPORTANT: Remember to check which git version cgit needs on every version + # bump (look in the Makefile). + # NOTE: as of 0.10.1, the git version is compatible from 1.9.0 to + # 1.9.2 (see the repository history) + gitSrc = fetchurl { + url = "mirror://kernel/software/scm/git/git-2.7.2.tar.xz"; + sha256 = "086ga30ksijfxad085ply83ddf955d2b8qxph5sw6c9hab77j15j"; + }; + + buildInputs = [ + openssl zlib asciidoc libxml2 libxslt docbook_xml_xslt pkgconfig luajit + ]; + + postPatch = '' + sed -e 's|"gzip"|"${gzip}/bin/gzip"|' \ + -e 's|"bzip2"|"${bzip2}/bin/bzip2"|' \ + -e 's|"xz"|"${xz}/bin/xz"|' \ + -i ui-snapshot.c + ''; + + # Give cgit a git source tree and pass configuration parameters (as make + # variables). + preBuild = '' + mkdir -p git + tar --strip-components=1 -xf "$gitSrc" -C git + + makeFlagsArray+=(prefix="$out" CGIT_SCRIPT_PATH="$out/cgit/") + ''; + + # Install manpage. + postInstall = '' + # xmllint fails: + #make install-man + + # bypassing xmllint works: + a2x --no-xmllint -f manpage cgitrc.5.txt + mkdir -p "$out/share/man/man5" + cp cgitrc.5 "$out/share/man/man5" + ''; + + meta = { + homepage = http://git.zx2c4.com/cgit/about/; + repositories.git = git://git.zx2c4.com/cgit; + description = "Web frontend for git repositories"; + license = stdenv.lib.licenses.gpl2; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ bjornfor ]; + }; +} diff --git a/krebs/5pkgs/default.nix b/krebs/5pkgs/default.nix index f7997dd63..0c39324a7 100644 --- a/krebs/5pkgs/default.nix +++ b/krebs/5pkgs/default.nix @@ -1,7 +1,20 @@ { config, lib, pkgs, ... }@args: with config.krebs.lib; { - nixpkgs.config.packageOverrides = pkgs: { + nixpkgs.config.packageOverrides = pkgs: let + + # This callPackage will try to detect obsolete overrides. + callPackage = path: args: let + override = pkgs.callPackage path args; + upstream = optionalAttrs (override ? "name") + (pkgs.${(parseDrvName override.name).name} or {}); + in if upstream ? "name" && + override ? "name" && + compareVersions upstream.name override.name != -1 + then trace "Upstream `${upstream.name}' gets overridden by `${override.name}'." override + else override; + + in { haskellPackages = pkgs.haskellPackages.override { overrides = self: super: mapAttrs (name: path: self.callPackage path {}) @@ -16,18 +29,18 @@ with config.krebs.lib; (builtins.readDir ./haskell-overrides)); }; - push = pkgs.callPackage ./push { + push = callPackage ./push { inherit (subdirs) get; }; - ReaktorPlugins = pkgs.callPackage ./Reaktor/plugins.nix {}; + ReaktorPlugins = callPackage ./Reaktor/plugins.nix {}; test = { - infest-cac-centos7 = pkgs.callPackage ./test/infest-cac-centos7 {}; + infest-cac-centos7 = callPackage ./test/infest-cac-centos7 {}; }; } // import ./builders.nix args - // mapAttrs (_: flip pkgs.callPackage {}) + // mapAttrs (_: flip callPackage {}) (filterAttrs (_: dir.has-default-nix) (subdirsOf ./.)); } diff --git a/krebs/5pkgs/dic/default.nix b/krebs/5pkgs/dic/default.nix index 571773d22..3566de8cd 100644 --- a/krebs/5pkgs/dic/default.nix +++ b/krebs/5pkgs/dic/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation { installPhase = let - path = stdenv.lib.makeSearchPath "bin" [ + path = stdenv.lib.makeBinPath [ coreutils curl gnused diff --git a/krebs/5pkgs/exim/default.nix b/krebs/5pkgs/exim/default.nix new file mode 100644 index 000000000..d8d1f0dc3 --- /dev/null +++ b/krebs/5pkgs/exim/default.nix @@ -0,0 +1,63 @@ +{ coreutils, fetchurl, db, openssl, pcre, perl, pkgconfig, stdenv }: + +stdenv.mkDerivation rec { + name = "exim-4.86.2"; + + src = fetchurl { + url = "http://mirror.switch.ch/ftp/mirror/exim/exim/exim4/${name}.tar.bz2"; + sha256 = "1cvfcc1hi60lydv8h3a2rxlfc0v2nflwpvzjj7h7cdsqs2pxwmkp"; + }; + + buildInputs = [ coreutils db openssl pcre perl pkgconfig ]; + + preBuild = '' + sed ' + s:^\(BIN_DIRECTORY\)=.*:\1='"$out"'/bin: + s:^\(CONFIGURE_FILE\)=.*:\1=/etc/exim.conf: + s:^\(EXIM_USER\)=.*:\1=ref\:nobody: + s:^\(SPOOL_DIRECTORY\)=.*:\1=/exim-homeless-shelter: + s:^# \(SUPPORT_MAILDIR\)=.*:\1=yes: + s:^EXIM_MONITOR=.*$:# &: + s:^\(FIXED_NEVER_USERS\)=root$:\1=0: + s:^# \(WITH_CONTENT_SCAN\)=.*:\1=yes: + s:^# \(AUTH_PLAINTEXT\)=.*:\1=yes: + s:^# \(SUPPORT_TLS\)=.*:\1=yes: + s:^# \(USE_OPENSSL_PC=openssl\)$:\1: + s:^# \(LOG_FILE_PATH=syslog\)$:\1: + s:^# \(HAVE_IPV6=yes\)$:\1: + s:^# \(CHOWN_COMMAND\)=.*:\1=${coreutils}/bin/chown: + s:^# \(CHGRP_COMMAND\)=.*:\1=${coreutils}/bin/chgrp: + s:^# \(CHMOD_COMMAND\)=.*:\1=${coreutils}/bin/chmod: + s:^# \(MV_COMMAND\)=.*:\1=${coreutils}/bin/mv: + s:^# \(RM_COMMAND\)=.*:\1=${coreutils}/bin/rm: + s:^# \(TOUCH_COMMAND\)=.*:\1=${coreutils}/bin/touch: + s:^# \(PERL_COMMAND\)=.*:\1=${perl}/bin/perl: + #/^\s*#.*/d + #/^\s*$/d + ' < src/EDITME > Local/Makefile + ''; + + installPhase = '' + mkdir -p $out/bin $out/share/man/man8 + cp doc/exim.8 $out/share/man/man8 + + ( cd build-Linux-* + cp exicyclog exim_checkaccess exim_dumpdb exim_lock exim_tidydb \ + exipick exiqsumm exigrep exim_dbmbuild exim exim_fixdb eximstats \ + exinext exiqgrep exiwhat \ + $out/bin ) + + ( cd $out/bin + for i in mailq newaliases rmail rsmtp runq sendmail; do + ln -s exim $i + done ) + ''; + + meta = { + homepage = http://exim.org/; + description = "A mail transfer agent (MTA)"; + license = stdenv.lib.licenses.gpl3; + platforms = stdenv.lib.platforms.linux; + maintainers = [ stdenv.lib.maintainers.tv ]; + }; +} diff --git a/krebs/5pkgs/fortclientsslvpn/default.nix b/krebs/5pkgs/fortclientsslvpn/default.nix index e1c813479..602766f46 100644 --- a/krebs/5pkgs/fortclientsslvpn/default.nix +++ b/krebs/5pkgs/fortclientsslvpn/default.nix @@ -15,7 +15,7 @@ stdenv.mkDerivation rec { buildInputs = [ makeWrapper ]; - binPath = lib.makeSearchPath "bin" [ + binPath = lib.makeBinPath [ coreutils gawk ]; diff --git a/krebs/5pkgs/get/default.nix b/krebs/5pkgs/get/default.nix index 13cdeca96..f82c7e8b7 100644 --- a/krebs/5pkgs/get/default.nix +++ b/krebs/5pkgs/get/default.nix @@ -16,7 +16,7 @@ stdenv.mkDerivation { installPhase = let - path = stdenv.lib.makeSearchPath "bin" [ + path = stdenv.lib.makeBinPath [ coreutils gnugrep gnused diff --git a/krebs/5pkgs/git-hooks/default.nix b/krebs/5pkgs/git-hooks/default.nix index 5697c31be..3aba90535 100644 --- a/krebs/5pkgs/git-hooks/default.nix +++ b/krebs/5pkgs/git-hooks/default.nix @@ -12,7 +12,7 @@ let #! /bin/sh set -euf - export PATH=${makeSearchPath "bin" (with pkgs; [ + export PATH=${makeBinPath (with pkgs; [ coreutils git gnused diff --git a/krebs/5pkgs/github-hosts-sync/default.nix b/krebs/5pkgs/github-hosts-sync/default.nix index b9dcfa9b8..0dcbe7fd8 100644 --- a/krebs/5pkgs/github-hosts-sync/default.nix +++ b/krebs/5pkgs/github-hosts-sync/default.nix @@ -17,7 +17,7 @@ stdenv.mkDerivation { installPhase = let ca-bundle = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"; - path = stdenv.lib.makeSearchPath "bin" (with pkgs; [ + path = stdenv.lib.makeBinPath (with pkgs; [ coreutils findutils git diff --git a/krebs/5pkgs/hashPassword/default.nix b/krebs/5pkgs/hashPassword/default.nix index a10340cc4..6a7c51c57 100644 --- a/krebs/5pkgs/hashPassword/default.nix +++ b/krebs/5pkgs/hashPassword/default.nix @@ -5,7 +5,7 @@ pkgs.writeScriptBin "hashPassword" '' # usage: hashPassword set -euf - export PATH=${lib.makeSearchPath "bin" (with pkgs; [ + export PATH=${lib.makeBinPath (with pkgs; [ coreutils mkpasswd openssl diff --git a/krebs/5pkgs/nq/default.nix b/krebs/5pkgs/nq/default.nix deleted file mode 100644 index 0f397a43c..000000000 --- a/krebs/5pkgs/nq/default.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ fetchgit, stdenv }: - -stdenv.mkDerivation rec { - name = "nq-${rev}"; - rev = "0eae839cb1"; - - src = fetchgit { - url = https://github.com/chneukirchen/nq; - inherit rev; - sha256 = "1150274750cde934932d65bd6053d7a0ba2404a59eadfb87fc6bd8a4fb70febb"; - }; - - configurePhase = '' - sed -i "s:^PREFIX=.*:PREFIX=$out:" Makefile - ''; -} diff --git a/krebs/5pkgs/push/default.nix b/krebs/5pkgs/push/default.nix index aa17a21a9..9a627fe36 100644 --- a/krebs/5pkgs/push/default.nix +++ b/krebs/5pkgs/push/default.nix @@ -25,7 +25,7 @@ stdenv.mkDerivation { installPhase = let - path = lib.makeSearchPath "bin" [ + path = lib.makeBinPath [ coreutils git gnumake diff --git a/mv/1systems/stro.nix b/mv/1systems/stro.nix index f251cb092..520bf14eb 100644 --- a/mv/1systems/stro.nix +++ b/mv/1systems/stro.nix @@ -56,7 +56,6 @@ with config.krebs.lib; netcat nix-repl nmap - nq p7zip pass posix_man_pages diff --git a/tv/1systems/nomic.nix b/tv/1systems/nomic.nix index fa9c90816..fed67a105 100644 --- a/tv/1systems/nomic.nix +++ b/tv/1systems/nomic.nix @@ -12,7 +12,7 @@ with config.krebs.lib; ../2configs/git.nix ../2configs/im.nix ../2configs/mail-client.nix - ../2configs/nginx-public_html.nix + ../2configs/nginx/public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix ../2configs/wu-binary-cache/client.nix diff --git a/tv/1systems/wu.nix b/tv/1systems/wu.nix index 0bf242109..27dd12520 100644 --- a/tv/1systems/wu.nix +++ b/tv/1systems/wu.nix @@ -13,7 +13,7 @@ with config.krebs.lib; ../2configs/im.nix ../2configs/mail-client.nix ../2configs/man.nix - ../2configs/nginx-public_html.nix + ../2configs/nginx/public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix ../2configs/wu-binary-cache @@ -46,7 +46,6 @@ with config.krebs.lib; netcat nix-repl nmap - nq p7zip push qrencode diff --git a/tv/1systems/xu.nix b/tv/1systems/xu.nix index 46fb59ff3..96a0545a7 100644 --- a/tv/1systems/xu.nix +++ b/tv/1systems/xu.nix @@ -12,7 +12,7 @@ with config.krebs.lib; ../2configs/git.nix ../2configs/mail-client.nix ../2configs/man.nix - ../2configs/nginx-public_html.nix + ../2configs/nginx/public_html.nix ../2configs/pulse.nix ../2configs/retiolum.nix ../2configs/wu-binary-cache/client.nix @@ -58,7 +58,6 @@ with config.krebs.lib; netcat nix-repl nmap - nq p7zip pass qrencode diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 0a3e40a5c..df5d5da29 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -26,6 +26,7 @@ with config.krebs.lib; imports = [ <secrets> ./backup.nix + ./nginx ./vim.nix { # stockholm dependencies diff --git a/tv/2configs/exim-smarthost.nix b/tv/2configs/exim-smarthost.nix index 3ea010524..280d8572b 100644 --- a/tv/2configs/exim-smarthost.nix +++ b/tv/2configs/exim-smarthost.nix @@ -5,6 +5,9 @@ with config.krebs.lib; { krebs.exim-smarthost = { enable = true; + dkim = [ + { domain = "viljetic.de"; } + ]; sender_domains = [ "krebsco.de" "shackspace.de" diff --git a/tv/2configs/nginx/default.nix b/tv/2configs/nginx/default.nix new file mode 100644 index 000000000..1fac65a31 --- /dev/null +++ b/tv/2configs/nginx/default.nix @@ -0,0 +1,17 @@ +{ config, lib, ... }: + +with config.krebs.lib; + +{ + krebs.nginx = { + servers.default.locations = [ + (nameValuePair "= /etc/os-release" '' + default_type text/plain; + alias /etc/os-release; + '') + ]; + }; + tv.iptables = optionalAttrs config.krebs.nginx.enable { + input-retiolum-accept-new-tcp = singleton "http"; + }; +} diff --git a/tv/2configs/nginx-public_html.nix b/tv/2configs/nginx/public_html.nix index 15a3b5482..15a3b5482 100644 --- a/tv/2configs/nginx-public_html.nix +++ b/tv/2configs/nginx/public_html.nix |