diff options
| author | Azat Bahawi <azat@bahawi.net> | 2024-03-31 21:29:27 +0300 |
|---|---|---|
| committer | Azat Bahawi <azat@bahawi.net> | 2024-03-31 21:29:27 +0300 |
| commit | 9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 (patch) | |
| tree | f28beec29deeea36038615a8fb98a810891940b5 /modules/nixos/nginx.nix | |
| parent | 2024-03-19 (diff) | |
2024-03-31
Diffstat (limited to '')
| -rw-r--r-- | modules/nixos/nginx.nix | 40 |
1 files changed, 25 insertions, 15 deletions
diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix index 05c6a06..ed34237 100644 --- a/modules/nixos/nginx.nix +++ b/modules/nixos/nginx.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.nginx; -in { +in +{ options.nixfiles.modules.nginx = { enable = mkEnableOption "Nginx"; @@ -62,8 +64,9 @@ in { '' add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; '' - (optionalString (hasAttr "wireguard" this) - (with config.nixfiles.modules.wireguard; '' + (optionalString (hasAttr "wireguard" this) ( + with config.nixfiles.modules.wireguard; + '' geo $internal { default 0; 127.0.0.1/32 1; @@ -71,7 +74,8 @@ in { ${ipv4.subnet} 1; ${ipv6.subnet} 1; } - '')) + '' + )) ]; inherit (cfg) upstreams; @@ -84,15 +88,18 @@ in { locations."/".return = "444"; }; } - // (mkIf (cfg.virtualHosts != null) (mapAttrs (_: attr: - mkMerge [ - attr - (mkIf config.nixfiles.modules.acme.enable { - enableACME = mkDefault true; - forceSSL = mkDefault true; - }) - ]) - cfg.virtualHosts)); + // (mkIf (cfg.virtualHosts != null) ( + mapAttrs ( + _: attr: + mkMerge [ + attr + (mkIf config.nixfiles.modules.acme.enable { + enableACME = mkDefault true; + forceSSL = mkDefault true; + }) + ] + ) cfg.virtualHosts + )); }; fail2ban.jails = { @@ -107,6 +114,9 @@ in { }; }; - networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; }; } |