2024-12-31 18:45:03 +04:00
|
|
|
{ config, lib, ... }:
|
|
|
|
|
with lib;
|
|
|
|
|
let cfg = config.void.server.nginx;
|
|
|
|
|
in {
|
|
|
|
|
options.void.server.nginx = { enable = mkEnableOption false; };
|
|
|
|
|
|
|
|
|
|
config = mkIf cfg.enable {
|
2024-12-31 19:11:57 +04:00
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
2024-12-31 18:45:03 +04:00
|
|
|
security.acme = {
|
|
|
|
|
acceptTerms = true;
|
|
|
|
|
defaults.email = "Sayeko@proton.me";
|
2025-01-01 02:12:42 +04:00
|
|
|
defaults.server =
|
|
|
|
|
"https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
|
|
|
defaults.group = config.services.nginx.group;
|
2025-01-01 02:43:55 +04:00
|
|
|
defaults.credentialsFile = "/srv/secrets/porkbun";
|
2025-01-01 02:50:17 +04:00
|
|
|
credentialsFile = "/srv/secrets/porkbun";
|
2025-01-01 02:34:23 +04:00
|
|
|
defaults.dnsProvider = "porkbun";
|
2024-12-31 18:45:03 +04:00
|
|
|
};
|
|
|
|
|
services.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
|
recommendedBrotliSettings = true;
|
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
|
recommendedZstdSettings = true;
|
|
|
|
|
|
|
|
|
|
commonHttpConfig = ''
|
2024-12-31 19:08:32 +04:00
|
|
|
|
|
|
|
|
access_log /var/log/nginx/access.log combined buffer=32k flush=5m;
|
2025-01-01 02:34:23 +04:00
|
|
|
error_log /var/log/nginx/error.log warn;
|
|
|
|
|
|
2024-12-31 18:45:03 +04:00
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
2024-12-31 19:15:07 +04:00
|
|
|
services.logrotate.settings.nginx = {
|
|
|
|
|
enable = true;
|
|
|
|
|
minsize = "50M";
|
|
|
|
|
rotate = "2";
|
|
|
|
|
compress = true;
|
|
|
|
|
};
|
|
|
|
|
|
2024-12-31 18:45:03 +04:00
|
|
|
};
|
|
|
|
|
}
|
