From 9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sun, 31 Mar 2024 21:29:27 +0300 Subject: 2024-03-31 --- modules/nixos/nginx.nix | 40 +++++++++++++++++++++++++--------------- 1 file changed, 25 insertions(+), 15 deletions(-) (limited to 'modules/nixos/nginx.nix') diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix index 05c6a06..ed34237 100644 --- a/modules/nixos/nginx.nix +++ b/modules/nixos/nginx.nix @@ -5,9 +5,11 @@ this, ... }: -with lib; let +with lib; +let cfg = config.nixfiles.modules.nginx; -in { +in +{ options.nixfiles.modules.nginx = { enable = mkEnableOption "Nginx"; @@ -62,8 +64,9 @@ in { '' add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; '' - (optionalString (hasAttr "wireguard" this) - (with config.nixfiles.modules.wireguard; '' + (optionalString (hasAttr "wireguard" this) ( + with config.nixfiles.modules.wireguard; + '' geo $internal { default 0; 127.0.0.1/32 1; @@ -71,7 +74,8 @@ in { ${ipv4.subnet} 1; ${ipv6.subnet} 1; } - '')) + '' + )) ]; inherit (cfg) upstreams; @@ -84,15 +88,18 @@ in { locations."/".return = "444"; }; } - // (mkIf (cfg.virtualHosts != null) (mapAttrs (_: attr: - mkMerge [ - attr - (mkIf config.nixfiles.modules.acme.enable { - enableACME = mkDefault true; - forceSSL = mkDefault true; - }) - ]) - cfg.virtualHosts)); + // (mkIf (cfg.virtualHosts != null) ( + mapAttrs ( + _: attr: + mkMerge [ + attr + (mkIf config.nixfiles.modules.acme.enable { + enableACME = mkDefault true; + forceSSL = mkDefault true; + }) + ] + ) cfg.virtualHosts + )); }; fail2ban.jails = { @@ -107,6 +114,9 @@ in { }; }; - networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; }; } -- cgit v1.2.3