summaryrefslogtreecommitdiff
path: root/modules/nixos/nginx.nix
diff options
context:
space:
mode:
Diffstat (limited to 'modules/nixos/nginx.nix')
-rw-r--r--modules/nixos/nginx.nix40
1 files changed, 25 insertions, 15 deletions
diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix
index 05c6a06..ed34237 100644
--- a/modules/nixos/nginx.nix
+++ b/modules/nixos/nginx.nix
@@ -5,9 +5,11 @@
this,
...
}:
-with lib; let
+with lib;
+let
cfg = config.nixfiles.modules.nginx;
-in {
+in
+{
options.nixfiles.modules.nginx = {
enable = mkEnableOption "Nginx";
@@ -62,8 +64,9 @@ in {
''
add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet";
''
- (optionalString (hasAttr "wireguard" this)
- (with config.nixfiles.modules.wireguard; ''
+ (optionalString (hasAttr "wireguard" this) (
+ with config.nixfiles.modules.wireguard;
+ ''
geo $internal {
default 0;
127.0.0.1/32 1;
@@ -71,7 +74,8 @@ in {
${ipv4.subnet} 1;
${ipv6.subnet} 1;
}
- ''))
+ ''
+ ))
];
inherit (cfg) upstreams;
@@ -84,15 +88,18 @@ in {
locations."/".return = "444";
};
}
- // (mkIf (cfg.virtualHosts != null) (mapAttrs (_: attr:
- mkMerge [
- attr
- (mkIf config.nixfiles.modules.acme.enable {
- enableACME = mkDefault true;
- forceSSL = mkDefault true;
- })
- ])
- cfg.virtualHosts));
+ // (mkIf (cfg.virtualHosts != null) (
+ mapAttrs (
+ _: attr:
+ mkMerge [
+ attr
+ (mkIf config.nixfiles.modules.acme.enable {
+ enableACME = mkDefault true;
+ forceSSL = mkDefault true;
+ })
+ ]
+ ) cfg.virtualHosts
+ ));
};
fail2ban.jails = {
@@ -107,6 +114,9 @@ in {
};
};
- networking.firewall.allowedTCPPorts = [80 443];
+ networking.firewall.allowedTCPPorts = [
+ 80
+ 443
+ ];
};
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-20 00:53:15 +0000