2024-04-21

1 files changed, 0 insertions, 122 deletions

diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix
deleted file mode 100644
index ed34237..0000000
--- a/modules/nixos/nginx.nix
+++ /dev/null
@@ -1,122 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  this,
-  ...
-}:
-with lib;
-let
-  cfg = config.nixfiles.modules.nginx;
-in
-{
-  options.nixfiles.modules.nginx = {
-    enable = mkEnableOption "Nginx";
-
-    upstreams = mkOption {
-      description = "Defines a group of servers to use as proxy target.";
-      type = with types; anything;
-      default = null;
-    };
-
-    virtualHosts = mkOption {
-      description = "Attrset of virtual hosts.";
-      type = with types; anything;
-      default = null;
-    };
-  };
-
-  config = mkIf cfg.enable {
-    _module.args.libNginx.config = {
-      internalOnly = ''
-        if ($internal != 1) {
-          return 403;
-        }
-        access_log off;
-      '';
-      appendHead = text: ''
-        sub_filter '</head>' '${lib.concatStrings text}</head>';
-        sub_filter_once on;
-      '';
-      noProxyBuffering = ''
-        proxy_buffering off;
-        proxy_cache off;
-      '';
-    };
-
-    services = {
-      nginx = {
-        enable = true;
-        enableReload = true;
-
-        package = pkgs.nginxMainline;
-
-        statusPage = true;
-
-        serverTokens = false;
-
-        recommendedGzipSettings = true;
-        recommendedOptimisation = true;
-        recommendedProxySettings = true;
-        recommendedTlsSettings = true;
-
-        commonHttpConfig = concatStrings [
-          ''
-            add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet";
-          ''
-          (optionalString (hasAttr "wireguard" this) (
-            with config.nixfiles.modules.wireguard;
-            ''
-              geo $internal {
-                default 0;
-                127.0.0.1/32 1;
-                ::1/128 1;
-                ${ipv4.subnet} 1;
-                ${ipv6.subnet} 1;
-              }
-            ''
-          ))
-        ];
-
-        inherit (cfg) upstreams;
-
-        virtualHosts =
-          {
-            default = {
-              default = true;
-              rejectSSL = true;
-              locations."/".return = "444";
-            };
-          }
-          // (mkIf (cfg.virtualHosts != null) (
-            mapAttrs (
-              _: attr:
-              mkMerge [
-                attr
-                (mkIf config.nixfiles.modules.acme.enable {
-                  enableACME = mkDefault true;
-                  forceSSL = mkDefault true;
-                })
-              ]
-            ) cfg.virtualHosts
-          ));
-      };
-
-      fail2ban.jails = {
-        nginx-http-auth.enabled = true;
-        nginx-botsearch.enabled = true;
-      };
-
-      prometheus.exporters.nginx = {
-        enable = true;
-        listenAddress = mkDefault this.wireguard.ipv4.address;
-        port = mkDefault 9113;
-      };
-    };
-
-    networking.firewall.allowedTCPPorts = [
-      80
-      443
-    ];
-  };
-}