From 1bff640204ce782cdc1c8686eed59c603a6779f6 Mon Sep 17 00:00:00 2001 From: Atridad Lahiji Date: Thu, 5 Mar 2026 16:29:31 -0700 Subject: [PATCH] Deps --- flake.lock | 6 +++--- modules/nginx.nix | 8 +------- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index d00e8c8..8e854a8 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1772198003, - "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", + "lastModified": 1772624091, + "narHash": "sha256-QKyJ0QGWBn6r0invrMAK8dmJoBYWoOWy7lN+UHzW1jc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", + "rev": "80bdc1e5ce51f56b19791b52b2901187931f5353", "type": "github" }, "original": { diff --git a/modules/nginx.nix b/modules/nginx.nix index ab80e60..8986c78 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -35,9 +35,6 @@ let locations."/" = { proxyPass = "http://${upstream}:${toString port}"; proxyWebsockets = true; - # NOTE: `if` inside a location block is unsafe in general (nginx docs warn - # against it), but is safe here because the only statement is `return`. - # Do NOT add any other directives inside this if block. extraConfig = "if ($fuckai) { return 444; }"; }; }; @@ -150,8 +147,6 @@ in forceSSL = true; locations."/" = { proxyPass = "http://${upstream}:3000"; - # NOTE: `if` is safe here because the only statement is `return`. - # Do NOT add other directives inside this if block. extraConfig = "if ($fuckai) { return 444; }"; }; locations."= /.well-known/matrix/server" = { @@ -227,8 +222,7 @@ in client_max_body_size 100M; ''; }; - # Only forward the three known lk-jwt-service endpoints; reject everything - # else (including path traversal sequences) with 404. + locations."^~ /livekit/jwt/" = { priority = 400; extraConfig = ''