sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/modules/nixos/nginx.nix
zowoq 01c2beb7b4 modules/nixos: add nginx 
- set worker_processes / worker_cpu_affinity to auto, enable pcre_jit

- enable ktls

- set a default virtualHost for a 404 and use it for reuseport

- set enableACME, forceSSL by default, disable for localhost

- set robots header and file
2024-10-08 23:48:11 +00:00

53 lines
1.1 KiB
Nix
Raw Blame History

{
config,
inputs,
lib,
pkgs,
...
}:
{
options.services.nginx.virtualHosts = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule {
config = {
enableACME = lib.mkDefault true;
forceSSL = lib.mkDefault true;
kTLS = true;
extraConfig = ''
add_header X-Robots-Tag "none, noarchive, nosnippet";
'';
locations."= /robots.txt".alias = pkgs.writeText "robots.txt" ''
User-agent: *
Disallow: /
'';
};
}
);
};
imports = [ inputs.srvos.nixosModules.mixins-nginx ];
config = {
services.nginx = {
appendConfig = ''
pcre_jit on;
worker_processes auto;
worker_cpu_affinity auto;
'';
virtualHosts."${config.networking.hostName}.nix-community.org" = {
default = true;
locations."/".return = "404";
reuseport = true; # should only be set for one virtualHost
};
# localhost is used by the nginx status page
virtualHosts.localhost = {
enableACME = false;
forceSSL = false;
};
};
};
}
Reference in a new issue View git blame Copy permalink