AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

feat: add nginx module

Browse Source
This commit is contained in:
Dmitriy Kholkin 2025-07-10 18:33:24 +03:00
parent d95ec28daa
commit 0172df4d55
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
3 changed files with 70 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/orion/default.nix
View File

@ -102,6 +102,13 @@
smartmontools smartmontools
]; ];
ataraxia.services.nginx.enable = true;
ataraxia.services.nginx.defaultSettings = {
useACMEHost = "ataraxiadev.com";
enableACME = false;
forceSSL = true;
};
ataraxia.containers.filestash.enable = true; ataraxia.containers.filestash.enable = true;
ataraxia.containers.media-stack.enable = true; ataraxia.containers.media-stack.enable = true;
ataraxia.containers.tinyproxy.enable = true; ataraxia.containers.tinyproxy.enable = true;

3
modules/nixos/security/acme.nix
View File

@ -8,6 +8,8 @@ let
inherit (lib) mkEnableOption mkIf; inherit (lib) mkEnableOption mkIf;
cfg = config.ataraxia.security.acme; cfg = config.ataraxia.security.acme;
nginxEnabled = config.ataraxia.services.nginx.enable;
nginxGroup = config.services.nginx.group;
in in
{ {
options.ataraxia.security.acme = { options.ataraxia.security.acme = {
@ -25,6 +27,7 @@ in
defaults.server = "https://acme-v02.api.letsencrypt.org/directory"; # production defaults.server = "https://acme-v02.api.letsencrypt.org/directory"; # production
defaults.email = "admin@ataraxiadev.com"; defaults.email = "admin@ataraxiadev.com";
defaults.renewInterval = "weekly"; defaults.renewInterval = "weekly";
defaults.group = mkIf nginxEnabled nginxGroup;
certs = { certs = {
"ataraxiadev.com" = { "ataraxiadev.com" = {
extraDomainNames = [ "*.ataraxiadev.com" ]; extraDomainNames = [ "*.ataraxiadev.com" ];

60
modules/nixos/services/nginx.nix Normal file
View File

@ -0,0 +1,60 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib) mkEnableOption mkIf mkOption;
inherit (lib.types) attrs;
cfg = config.ataraxia.services.nginx;
in
{
options.ataraxia.services.nginx = {
enable = mkEnableOption "Enable nginx service";
defaultSettings = mkOption {
type = attrs;
default = { };
description = ''
Default settings to append to virtualHosts. Does not apllied automatically.
Usage example: `your-host = recursiveUpdate defaultSettings { };`
'';
};
# extraConfig = mkOption {
# type = str;
# default = "";
# description = ''
# Default settings to append to extraConfig of virtual host's location. Does not apllied automatically.
# Usage example: `extraConfig = recursiveUpdate extraConfig "";`
# '';
# };
};
config = mkIf cfg.enable {
services.nginx = {
enable = true;
package = pkgs.nginxQuic;
recommendedBrotliSettings = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedUwsgiSettings = true;
recommendedZstdSettings = true;
clientMaxBodySize = "250m";
commonHttpConfig = ''
proxy_hide_header X-Frame-Options;
'';
};
networking.firewall.allowedTCPPorts = [
80
443
];
networking.firewall.allowedUDPPorts = [
80
443
];
};
}