codingcoffee/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nix/modules/nixos/services/nginx/default.nix
Ameya Shenoy 4998e822a7 feat: init 
Signed-off-by: Ameya Shenoy <shenoy.ameya@gmail.com>
2024-11-11 01:48:40 +05:30

43 lines
1.2 KiB
Nix
Raw Blame History

{ config, lib, ... }: {
options.snowflake.services.nginx = {
enable = lib.mkEnableOption "enable nginx";
acmeEmail = lib.mkOption {
type = lib.types.str;
description = "email address ACME for nginx";
};
clientMaxBodySize = lib.mkOption {
type = lib.types.str;
default = "10m";
};
};
config = lib.mkIf config.snowflake.services.nginx.enable {
security.acme.defaults.email = config.snowflake.services.nginx.acmeEmail;
security.acme.acceptTerms = true;
security.dhparams = {
enable = true;
params.nginx = { };
};
services.nginx = {
enable = true;
clientMaxBodySize = config.snowflake.services.nginx.clientMaxBodySize;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedTlsSettings = true;
sslDhparam = config.security.dhparams.params.nginx.path;
# Disable default_server access and return HTTP 444.
appendHttpConfig = ''
server {
listen 80 default_server;
listen 443 ssl default_server;
ssl_reject_handshake on;
return 444;
}
'';
};
};
}
Reference in a new issue View git blame Copy permalink