diff --git a/configuration/common/default.nix b/configuration/common/default.nix index da366bd..efebb33 100644 --- a/configuration/common/default.nix +++ b/configuration/common/default.nix @@ -3,6 +3,8 @@ { imports = [ ../../modules + + ./web.nix ]; networking.domain = "net.clerie.de"; @@ -64,51 +66,6 @@ options = "--delete-older-than 30d"; }; - services.nginx = { - enableReload = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - commonHttpConfig = '' - server_names_hash_bucket_size 64; - map $remote_addr $remote_addr_anon { - ~(?P\d+\.\d+\.\d+)\. $ip.0; - ~(?P[^:]*:[^:]*(:[^:]*)?): $ip::; - default ::; - } - log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] ' - '"$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent"'; - log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] ' - '"$request" $status $body_bytes_sent ' - '"$http_referer" "$http_user_agent"'; - access_log /var/log/nginx/access.log vcombined_anon; - ''; - - virtualHosts = { - "default" = { - default = true; - rejectSSL = true; - locations."/" = { - return = ''200 "Some piece of infrastructure\n"''; - extraConfig = '' - types { } default_type "text/plain; charset=utf-8"; - ''; - }; - }; - }; - }; - services.logrotate.settings.nginx = { - frequency = "daily"; - maxage = 14; - }; - - security.acme = { - defaults.email = "letsencrypt@clerie.de"; - acceptTerms = true; - }; nix.settings = { experimental-features = [ diff --git a/configuration/common/web.nix b/configuration/common/web.nix new file mode 100644 index 0000000..360d950 --- /dev/null +++ b/configuration/common/web.nix @@ -0,0 +1,50 @@ +{ ... }: + +{ + services.nginx = { + enableReload = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + commonHttpConfig = '' + server_names_hash_bucket_size 64; + map $remote_addr $remote_addr_anon { + ~(?P\d+\.\d+\.\d+)\. $ip.0; + ~(?P[^:]*:[^:]*(:[^:]*)?): $ip::; + default ::; + } + log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] ' + '"$request" $status $body_bytes_sent ' + '"$http_referer" "$http_user_agent"'; + access_log /var/log/nginx/access.log vcombined_anon; + ''; + + virtualHosts = { + "default" = { + default = true; + rejectSSL = true; + locations."/" = { + return = ''200 "Some piece of infrastructure\n"''; + extraConfig = '' + types { } default_type "text/plain; charset=utf-8"; + ''; + }; + }; + }; + }; + + services.logrotate.settings.nginx = { + frequency = "daily"; + maxage = 14; + }; + + security.acme = { + defaults.email = "letsencrypt@clerie.de"; + acceptTerms = true; + }; +}