2 files changed, 48 insertions, 6 deletions

diff --git a/config/emacs.org b/config/emacs.org
index 57aae97..2d87907 100644
--- a/config/emacs.org
+++ b/config/emacs.org
@@ -167,8 +167,17 @@ This is my org mode configuration, which also configures latex.
       (org-html-with-latex 'html)
       (org-html-mathjax-options nil)
       (org-html-mathjax-template "")
-      (org-html-container-element "main")
-      (org-html-head-extra "<link rel=\"stylesheet\" type=\"text/css\" href=\"/syntax.css\" /><link rel=\"stylesheet\" type=\"text/css\" href=\"/style.css\" />\n<link rel=\"manifest\" href=\"/site.webmanifest\">\n<link rel=\"icon\" type=\"image/png\" sizes=\"16x16\" href=\"/favicon-16x16.png\">\n<link rel=\"mask-icon\" href=\"/safari-pinned-tab.svg\" color=\"#5bbad5\">\n<link rel=\"icon\" type=\"image/png\" sizes=\"32x32\" href=\"/favicon-32x32.png\">\n<link rel=\"apple-touch-icon\" sizes=\"180x180\" href=\"/apple-touch-icon.png\"><meta name=\"msapplication-TileColor\" content=\"#da532c\">\n<meta name=\"theme-color\" content=\"#ffffff\">")
+      (org-html-head-include-default-style nil) ; Clear Org's default CSS
+      (org-html-head-include-scripts nil)       ; Clear Org's default JS
+      (org-html-divs '((preamble "header" "preamble")
+                        (content "main" "content")
+                        (postamble "footer" "postamble")))
+      (org-html-head-extra (concat "<meta name=\"theme-color\" content=\"#ffffff\">\n<link rel=\"preload\" href=\"/fonts/Inconsolata-Medium.woff2\" as=\"font\" type=\"font/woff2\" crossorigin>\n<meta name=\"theme-color\" content=\"#ffffff\">\n<link rel=\"preload\" href=\"/fonts/Lora-Medium.woff2\" as=\"font\" type=\"font/woff2\" crossorigin>\n<link rel=\"preload\" href=\"/fonts/CormorantGaramond-Bold.woff2\" as=\"font\" type=\"font/woff2\" crossorigin>\n<link rel=\"preload\" href=\"/fonts/CormorantGaramond-Medium.woff2\" as=\"font\" type=\"font/woff2\" crossorigin>\n<link rel=\"manifest\" href=\"/site.webmanifest\">\n<link rel=\"icon\" type=\"image/png\" sizes=\"16x16\" href=\"/favicon-16x16.png\">\n<link rel=\"mask-icon\" href=\"/safari-pinned-tab.svg\" color=\"#5bbad5\">\n<link rel=\"icon\" type=\"image/png\" sizes=\"32x32\" href=\"/favicon-32x32.png\">\n<link rel=\"apple-touch-icon\" sizes=\"180x180\" href=\"/apple-touch-icon.png\"><meta name=\"msapplication-TileColor\" content=\"#da532c\">\n"
+                                   "<style>\n"
+                                   (with-temp-buffer (insert-file-contents "~/monorepo/style.css") (buffer-string))
+                                   "\n"
+                                   (with-temp-buffer (insert-file-contents "~/monorepo/syntax.css") (buffer-string))
+                                   "\n</style>"))
       (org-latex-to-html-convert-command 
         "printf '%%s' %i | pandoc -f latex -t html --mathml | tr -d '\\n' | sed -e 's/^<p>//' -e 's/<\\/p>$//'")
       (org-html-viewport '((width "device-width") 
@@ -189,7 +198,7 @@ This is my org mode configuration, which also configures latex.
           :html-preamble-format (("en" "<p class=\"preamble\"><a href=\"/index.html\">home</a> | <a href=\"./index.html\">section main page</a></p><hr>")))
          ("website-static"
           :base-directory "~/monorepo"
-          :base-extension "css\\|js\\|png\\|jpg\\|gif\\|pdf\\|mp3\\|ogg\\|swf\\|ico\\|asc\\|pub\\|webmanifest\\|xml\\|svg\\|txt"
+          :base-extension "css\\|js\\|png\\|jpg\\|gif\\|pdf\\|mp3\\|ogg\\|swf\\|ico\\|asc\\|pub\\|webmanifest\\|xml\\|svg\\|txt\\|webp"
           :publishing-directory "~/website_html/"
           :recursive t
           :publishing-function org-publish-attachment)
diff --git a/config/nix.org b/config/nix.org
index e131016..a32c14d 100644
--- a/config/nix.org
+++ b/config/nix.org
@@ -584,6 +584,13 @@ largely self-documenting.
         description = "Linux timezone";
       };
 
+      ntfySecret = lib.mkOption {
+        type = lib.types.str;
+        default = "ntfy";
+        example = "ntfy-env";
+        description = "Name of Ntfy secret for notification handling";
+      };
+
       monitors = lib.mkOption {
         type = lib.types.listOf lib.types.str;
         default = [
@@ -708,6 +715,7 @@ to relevant places.
           content = (builtins.concatStringsSep "\n" (builtins.map (x: "machine mail.${config.monorepo.vars.orgHost} login ${x}@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}") config.monorepo.vars.projects)) + ''
   machine mail.${config.monorepo.vars.orgHost} login discussion@${config.monorepo.vars.orgHost} password ${config.sops.placeholder."mail_monorepo_password_pi"}'';
         };
+
         "matterbridge" = {
           owner = "matterbridge";
           content = ''
@@ -772,15 +780,19 @@ to relevant places.
         znc = {
           format = "yaml";
         };
+
         znc_password_salt = {
           format = "yaml";
         };
+
         znc_password_hash = {
           format = "yaml";
         };
+
         matrix_bridge = {
           format = "yaml";
         };
+
         mail_password = {
           format = "yaml";
           owner = "maddy";
@@ -794,12 +806,15 @@ to relevant places.
         mautrix_env = {
           format = "yaml";
         };
+
         telegram_token = {
           format = "yaml";
         };
+
         discord_token = {
           format = "yaml";
         };
+
         mpd_password = {
           format = "yaml";
           owner = "nginx";
@@ -1585,12 +1600,13 @@ I want to have notifications on my phone, and run my own server to do this.
   let
     serverName = "ntfy.${config.monorepo.vars.remoteHost}";
     port = 2586;
-    ntfySecret = "ntfy";
+    ntfySecret = config.monorepo.vars.ntfySecret;
   in
   {
     sops.secrets."${ntfySecret}" = lib.mkIf config.services.ntfy-sh.enable {
       format = "yaml";
       owner = "ntfy-sh";
+      sopsFile = ../secrets/common_secrets.yaml;
     };
 
     services.ntfy-sh = {
@@ -1673,6 +1689,7 @@ to the outside world under a domain.
       user = "nginx";
       recommendedGzipSettings = true;
       recommendedOptimisation = true;
+      recommendedBrotliSettings = true;
       recommendedTlsSettings = true;
       recommendedProxySettings = false;
       virtualHosts = {
@@ -1682,6 +1699,18 @@ to the outside world under a domain.
           root = "${monorepoSelf.packages.${pkgs.system}.website}";
           addSSL = true;
           enableACME = true;
+          locations."/" = {
+            extraConfig = ''
+        add_header Cache-Control "no-cache, must-revalidate";
+        expires off;
+      '';
+          };
+          locations."~* \\.(?:woff2|ttf|otf|eot|woff|ico|css|js|gif|jpe?g|png|svg|mp3|mp4|iso|webmanifest)$" = {
+            extraConfig = ''
+        add_header Cache-Control "public, max-age=31536000, immutable";
+        access_log off;
+      '';
+          };
         };
 
         # the port comes from ssh tunnelling
@@ -3243,6 +3272,12 @@ These are some secrets that I use regularly for my programs in home.
           format = "yaml";
           path = "${config.sops.defaultSymlinkPath}/dn42";
         };
+
+        ntfy = {
+          format = "yaml";
+          path = "${config.sops.defaultSymlinkPath}/${super.monorepo.vars.ntfySecret}";
+          sopsFile = ../../secrets/common_secrets.yaml;
+        };
       } else {
       };
       defaultSymlinkPath = "/run/user/1000/secrets";
@@ -4892,8 +4927,6 @@ This contains the installation script I use to install my systems.
       };
     };
 
-    users.extraUsers.root.password = "nixos";
-    users.extraUsers.nixos.password = "nixos";
     users.users = {
       root.openssh.authorizedKeys.keys = [
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell"