63 lines
1.4 KiB
Nix
63 lines
1.4 KiB
Nix
{
|
|
config,
|
|
inputs,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
{
|
|
options.services.nginx.virtualHosts = lib.mkOption {
|
|
type = lib.types.attrsOf (
|
|
lib.types.submodule {
|
|
config = {
|
|
enableACME = lib.mkDefault true;
|
|
forceSSL = lib.mkDefault true;
|
|
kTLS = true;
|
|
quic = true;
|
|
|
|
extraConfig = ''
|
|
quic_gso on;
|
|
quic_retry on;
|
|
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
|
|
add_header X-Robots-Tag "none, noarchive, nosnippet";
|
|
'';
|
|
|
|
locations."= /robots.txt".alias = pkgs.writeText "robots.txt" ''
|
|
User-agent: *
|
|
Disallow: /
|
|
'';
|
|
};
|
|
}
|
|
);
|
|
};
|
|
|
|
imports = [ inputs.srvos.nixosModules.mixins-nginx ];
|
|
|
|
config = {
|
|
networking.firewall.allowedUDPPorts = [ 443 ];
|
|
|
|
services.nginx = {
|
|
package = pkgs.nginxQuic;
|
|
enableQuicBPF = true;
|
|
|
|
appendConfig = ''
|
|
pcre_jit on;
|
|
worker_processes auto;
|
|
worker_cpu_affinity auto;
|
|
'';
|
|
|
|
virtualHosts."${config.networking.hostName}.nix-community.org" = {
|
|
default = true;
|
|
locations."/".return = "404";
|
|
# required for (quic && `worker_processes auto`), should only be set for one virtualHost
|
|
reuseport = true;
|
|
};
|
|
|
|
# localhost is used by the nginx status page
|
|
virtualHosts.localhost = {
|
|
enableACME = false;
|
|
forceSSL = false;
|
|
};
|
|
};
|
|
};
|
|
}
|