clerie/nixfiles
1
0
Fork 0
Code Activity

profiles/common-webserver: Migrate webserver config to profile

Browse Source
This commit is contained in:
clerie
2025-05-31 13:00:43 +02:00
parent fae30a0fc5
commit 1a9475ad7f
5 changed files with 73 additions and 55 deletions
configuration/common
default.nixweb.nix
profiles
common-webserver
default.nix
common
default.nix
default.nix

1
configuration/common/default.nix

@@ -12,7 +12,6 @@
./ssh.nix
./systemd.nix
./user.nix
./web.nix
];
services.fstrim.enable = true;

54
configuration/common/web.nix

@@ -1,54 +0,0 @@
{ ... }:
{
services.nginx = {
enableReload = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
server_names_hash_bucket_size 64;
charset utf-8;
types {
text/plain nix;
}
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]*:[^:]*(:[^:]*)?): $ip::;
default ::;
}
log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log vcombined_anon;
'';
virtualHosts = {
"default" = {
default = true;
rejectSSL = true;
locations."/" = {
return = ''200 "Some piece of infrastructure\n"'';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
};
};
};
services.logrotate.settings.nginx = {
frequency = "daily";
maxage = 14;
};
security.acme = {
defaults.email = "letsencrypt@clerie.de";
acceptTerms = true;
};
}

70
profiles/common-webserver/default.nix Normal file

@@ -0,0 +1,70 @@
{ config, lib, ... }:
with lib;
let
cfg = config.profiles.clerie.common-webserver;
in {
options.profiles.clerie.common-webserver = {
enable = mkEnableOption "Webserver profile";
httpDefaultVirtualHost = (mkEnableOption "Default Virtual Host") // {
default = true;
};
};
config = mkIf cfg.enable {
services.nginx = {
enableReload = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
server_names_hash_bucket_size 64;
charset utf-8;
types {
text/plain nix;
}
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]*:[^:]*(:[^:]*)?): $ip::;
default ::;
}
log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log vcombined_anon;
'';
virtualHosts = mkIf cfg.httpDefaultVirtualHost {
"default" = {
default = true;
rejectSSL = true;
locations."/" = {
return = ''200 "Some piece of infrastructure\n"'';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
};
};
};
services.logrotate.settings.nginx = {
frequency = "daily";
maxage = 14;
};
security.acme = {
defaults.email = "letsencrypt@clerie.de";
acceptTerms = true;
};
};
}

2
profiles/common/default.nix

@@ -14,5 +14,7 @@ with lib;
profiles.clerie.common-networking.enable = mkDefault true;
profiles.clerie.common-webserver.enable = mkDefault true;
};
}

1
profiles/default.nix

@@ -6,6 +6,7 @@
./common
./common-dns
./common-networking
./common-webserver
./cybercluster-vm
./dn42-router
./fem-net