infra/modules/nixos/nginx.nix

{
  config,
  inputs,
  lib,
  pkgs,
  ...
}:
{
  options.services.nginx.virtualHosts = lib.mkOption {
    type = lib.types.attrsOf (
      lib.types.submodule {
        config = {
          enableACME = lib.mkDefault true;
          forceSSL = lib.mkDefault true;
          kTLS = true;

          extraConfig = ''
            add_header X-Robots-Tag "none, noarchive, nosnippet";
          '';

          locations."= /robots.txt".alias = pkgs.writeText "robots.txt" ''
            User-agent: *
            Disallow: /
          '';
        };
      }
    );
  };

  imports = [ inputs.srvos.nixosModules.mixins-nginx ];

  config = {
    services.nginx = {
      appendConfig = ''
        pcre_jit on;
        worker_processes auto;
        worker_cpu_affinity auto;
      '';

      virtualHosts."${config.networking.hostName}.nix-community.org" = {
        default = true;
        locations."/".return = "404";
        reuseport = true; # should only be set for one virtualHost
      };

      # localhost is used by the nginx status page
      virtualHosts.localhost = {
        enableACME = false;
        forceSSL = false;
      };
    };
  };
}
modules/nixos: add nginx - set worker_processes / worker_cpu_affinity to auto, enable pcre_jit - enable ktls - set a default virtualHost for a 404 and use it for reuseport - set enableACME, forceSSL by default, disable for localhost - set robots header and file 2024-07-08 09:36:56 +10:00			`{`
			`config,`
			`inputs,`
			`lib,`
			`pkgs,`
			`...`
			`}:`
			`{`
			`options.services.nginx.virtualHosts = lib.mkOption {`
			`type = lib.types.attrsOf (`
			`lib.types.submodule {`
			`config = {`
			`enableACME = lib.mkDefault true;`
			`forceSSL = lib.mkDefault true;`
			`kTLS = true;`

			`extraConfig = ''`
			`add_header X-Robots-Tag "none, noarchive, nosnippet";`
			`'';`

			`locations."= /robots.txt".alias = pkgs.writeText "robots.txt" ''`
			`User-agent: *`
			`Disallow: /`
			`'';`
			`};`
			`}`
			`);`
			`};`

			`imports = [ inputs.srvos.nixosModules.mixins-nginx ];`

			`config = {`
			`services.nginx = {`
			`appendConfig = ''`
			`pcre_jit on;`
			`worker_processes auto;`
			`worker_cpu_affinity auto;`
			`'';`

			`virtualHosts."${config.networking.hostName}.nix-community.org" = {`
			`default = true;`
			`locations."/".return = "404";`
			`reuseport = true; # should only be set for one virtualHost`
			`};`

			`# localhost is used by the nginx status page`
			`virtualHosts.localhost = {`
			`enableACME = false;`
			`forceSSL = false;`
			`};`
			`};`
			`};`
			`}`
No results found.