2024-12-06 16:46:10 +00:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
|
|
|
|
namespace,
|
|
|
|
|
...
|
|
|
|
|
}:
|
2024-05-21 00:52:57 +00:00
|
|
|
|
|
|
|
|
let
|
2024-12-06 16:46:10 +00:00
|
|
|
cfg = config.${namespace}.services.nginx;
|
2024-05-21 00:52:57 +00:00
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options = {
|
2024-12-06 16:46:10 +00:00
|
|
|
${namespace}.services.nginx = {
|
2024-09-08 15:58:56 +00:00
|
|
|
enable = lib.mkEnableOption "Enable the Nginx web server.";
|
2024-05-21 00:52:57 +00:00
|
|
|
|
|
|
|
|
virtualHosts = lib.mkOption {
|
|
|
|
|
default = { };
|
|
|
|
|
type = lib.types.attrs;
|
|
|
|
|
description = "Virtualhost configurations for Nginx.";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
2024-07-02 20:19:15 +00:00
|
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
2024-05-21 00:52:57 +00:00
|
|
|
|
2024-07-13 17:34:59 +00:00
|
|
|
# Use recommended settings per https://wiki.nixos.org/wiki/Nginx#Hardened_setup_with_TLS_and_HSTS_preloading
|
2024-07-02 20:19:15 +00:00
|
|
|
recommendedGzipSettings = true;
|
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
|
recommendedTlsSettings = true;
|
2024-05-21 00:52:57 +00:00
|
|
|
|
2024-07-02 20:19:15 +00:00
|
|
|
virtualHosts = cfg.virtualHosts;
|
|
|
|
|
};
|
2024-05-21 00:52:57 +00:00
|
|
|
|
2024-07-02 20:19:15 +00:00
|
|
|
# Open ports
|
|
|
|
|
networking.firewall = {
|
|
|
|
|
enable = true;
|
|
|
|
|
allowedTCPPorts = [
|
|
|
|
|
80
|
|
|
|
|
443
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
2024-05-21 00:52:57 +00:00
|
|
|
}
|
