about summary refs log tree commit diff
path: root/modules/nginx.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nginx.nix')
-rw-r--r--modules/nginx.nix18
1 files changed, 14 insertions, 4 deletions
diff --git a/modules/nginx.nix b/modules/nginx.nix
index ed34237..b912e22 100644
--- a/modules/nginx.nix
+++ b/modules/nginx.nix
@@ -55,13 +55,16 @@ in
 
         serverTokens = false;
 
-        recommendedGzipSettings = true;
-        recommendedOptimisation = true;
-        recommendedProxySettings = true;
-        recommendedTlsSettings = true;
+        recommendedBrotliSettings = lib.mkDefault true;
+        recommendedGzipSettings = lib.mkDefault true;
+        recommendedOptimisation = lib.mkDefault true;
+        recommendedProxySettings = lib.mkDefault true;
+        recommendedTlsSettings = lib.mkDefault true;
+        recommendedZstdSettings = lib.mkDefault true;
 
         commonHttpConfig = concatStrings [
           ''
+            access_log syslog:server=unix:/dev/log;
             add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet";
           ''
           (optionalString (hasAttr "wireguard" this) (
@@ -100,6 +103,8 @@ in
               ]
             ) cfg.virtualHosts
           ));
+
+        sslDhparam = config.security.dhparams.params.nginx.path;
       };
 
       fail2ban.jails = {
@@ -114,6 +119,11 @@ in
       };
     };
 
+    security.dhparams = {
+      enable = true;
+      params.nginx = { };
+    };
+
     networking.firewall.allowedTCPPorts = [
       80
       443

Consider giving Nix/NixOS a try! <3