diff options
Diffstat (limited to 'modules/nginx.nix')
-rw-r--r-- | modules/nginx.nix | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/modules/nginx.nix b/modules/nginx.nix index ed34237..b912e22 100644 --- a/modules/nginx.nix +++ b/modules/nginx.nix @@ -55,13 +55,16 @@ in serverTokens = false; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; + recommendedBrotliSettings = lib.mkDefault true; + recommendedGzipSettings = lib.mkDefault true; + recommendedOptimisation = lib.mkDefault true; + recommendedProxySettings = lib.mkDefault true; + recommendedTlsSettings = lib.mkDefault true; + recommendedZstdSettings = lib.mkDefault true; commonHttpConfig = concatStrings [ '' + access_log syslog:server=unix:/dev/log; add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; '' (optionalString (hasAttr "wireguard" this) ( @@ -100,6 +103,8 @@ in ] ) cfg.virtualHosts )); + + sslDhparam = config.security.dhparams.params.nginx.path; }; fail2ban.jails = { @@ -114,6 +119,11 @@ in }; }; + security.dhparams = { + enable = true; + params.nginx = { }; + }; + networking.firewall.allowedTCPPorts = [ 80 443 |