diff options
Diffstat (limited to 'modules/nixfiles/nginx.nix')
-rw-r--r-- | modules/nixfiles/nginx.nix | 99 |
1 files changed, 0 insertions, 99 deletions
diff --git a/modules/nixfiles/nginx.nix b/modules/nixfiles/nginx.nix deleted file mode 100644 index b8ab24d..0000000 --- a/modules/nixfiles/nginx.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ - config, - lib, - pkgs, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.nginx; -in { - options.nixfiles.modules.nginx = { - enable = mkEnableOption "Nginx"; - - upstreams = mkOption { - description = "Defines a group of servers to use as proxy target."; - type = with types; anything; - default = null; - }; - - virtualHosts = mkOption { - description = "Attrset of virtual hosts."; - type = with types; anything; - default = null; - }; - }; - - config = mkIf cfg.enable { - services = { - nginx = { - enable = true; - enableReload = true; - - package = pkgs.nginxMainline; - - statusPage = true; - - serverTokens = false; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - commonHttpConfig = concatStrings [ - '' - add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; - '' - (optionalString (hasAttr "wireguard" this) - (with config.nixfiles.modules.wireguard; '' - geo $internal { - default 0; - 127.0.0.1/32 1; - ::1/128 1; - ${ipv4.subnet} 1; - ${ipv6.subnet} 1; - } - '')) - ]; - - inherit (cfg) upstreams; - - virtualHosts = - { - default = { - default = true; - rejectSSL = true; - locations."/".return = "444"; - }; - } - // (mkIf (cfg.virtualHosts != null) (mapAttrs (_: attr: - mkMerge [ - attr - (mkIf config.nixfiles.modules.acme.enable { - enableACME = true; - forceSSL = true; - }) - ]) - cfg.virtualHosts)); - }; - - fail2ban.jails = { - nginx-http-auth = '' - enabled = true - ''; - nginx-botsearch = '' - enabled = true - ''; - }; - - prometheus.exporters.nginx = { - enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - port = mkDefault 9113; - }; - }; - - networking.firewall.allowedTCPPorts = [80 443]; - }; -} |