change nginx config for freshrss to forward Authorization

hosts/hetzner-arm/containers/rss/default.nix

@@ -50,6 +50,25 @@ in {
       enableACME = true;
       forceSSL = true;
       locations."/".proxyPass = "http://${containerIP}:80/";
+      proxyWebsockets = true;
+      recommendedProxySettings = true;
+      appendConfig = ''
+        add_header X-Frame-Options SAMEORIGIN;
+        add_header X-XSS-Protection "1; mode=block";
+        proxy_redirect off;
+        proxy_buffering off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-Prefix /freshrss/;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        proxy_set_header X-Forwarded-Port $server_port;
+        proxy_read_timeout 90;
+
+        # Forward the Authorization header for the Google Reader API.
+        proxy_set_header Authorization $http_authorization;
+        proxy_pass_header Authorization;
+      '';
     };
   };
 }

profiles/base/nix.nix

@@ -9,7 +9,7 @@
   inherit (lib.lists) optional;
   inherit (lib.modules) mkIf;
 in {
-  environment.systemPackages = with pkgs; [ nix-output-monitor ];
+  environment.systemPackages = with pkgs; [nix-output-monitor];
 
   nix = {
     nixPath = ["nixpkgs=${inputs.nixpkgs}"];

profiles/sound/base.nix

@@ -1,5 +1,4 @@
 {
-  lib,
   pkgs,
   ...
 }: {