clerie/nixfiles
1
0
Fork 0
Code Activity
Files
1a9475ad7fee50fd7a787c413e40661352c6a28f
nixfiles/profiles/common-webserver/default.nix

71 lines
1.9 KiB
Nix
Raw Blame History

{ config, lib, ... }:
with lib;
let
cfg = config.profiles.clerie.common-webserver;
in {
options.profiles.clerie.common-webserver = {
enable = mkEnableOption "Webserver profile";
httpDefaultVirtualHost = (mkEnableOption "Default Virtual Host") // {
default = true;
};
};
config = mkIf cfg.enable {
services.nginx = {
enableReload = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
commonHttpConfig = ''
server_names_hash_bucket_size 64;
charset utf-8;
types {
text/plain nix;
}
map $remote_addr $remote_addr_anon {
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
~(?P<ip>[^:]*:[^:]*(:[^:]*)?): $ip::;
default ::;
}
log_format combined_anon '$remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
log_format vcombined_anon '$host: $remote_addr_anon - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log vcombined_anon;
'';
virtualHosts = mkIf cfg.httpDefaultVirtualHost {
"default" = {
default = true;
rejectSSL = true;
locations."/" = {
return = ''200 "Some piece of infrastructure\n"'';
extraConfig = ''
types { } default_type "text/plain; charset=utf-8";
'';
};
};
};
};
services.logrotate.settings.nginx = {
frequency = "daily";
maxage = 14;
};
security.acme = {
defaults.email = "letsencrypt@clerie.de";
acceptTerms = true;
};
};
}
View Git Blame Copy Permalink