modules/nixos: add nginx

- set worker_processes / worker_cpu_affinity to auto, enable pcre_jit

- enable ktls

- set a default virtualHost for a 404 and use it for reuseport

- set enableACME, forceSSL by default, disable for localhost

- set robots header and file
This commit is contained in:
zowoq 2024-07-08 09:36:56 +10:00
parent cf8fc93213
commit 01c2beb7b4
10 changed files with 60 additions and 21 deletions
modules/nixos

53
modules/nixos/nginx.nix Normal file
View file

@ -0,0 +1,53 @@
{
config,
inputs,
lib,
pkgs,
...
}:
{
options.services.nginx.virtualHosts = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule {
config = {
enableACME = lib.mkDefault true;
forceSSL = lib.mkDefault true;
kTLS = true;
extraConfig = ''
add_header X-Robots-Tag "none, noarchive, nosnippet";
'';
locations."= /robots.txt".alias = pkgs.writeText "robots.txt" ''
User-agent: *
Disallow: /
'';
};
}
);
};
imports = [ inputs.srvos.nixosModules.mixins-nginx ];
config = {
services.nginx = {
appendConfig = ''
pcre_jit on;
worker_processes auto;
worker_cpu_affinity auto;
'';
virtualHosts."${config.networking.hostName}.nix-community.org" = {
default = true;
locations."/".return = "404";
reuseport = true; # should only be set for one virtualHost
};
# localhost is used by the nginx status page
virtualHosts.localhost = {
enableACME = false;
forceSSL = false;
};
};
};
}