31 lines
767 B
Nix
31 lines
767 B
Nix
{ config, lib, pkgs, ... }:
|
|
let nathan = config.nathan;
|
|
in with lib; {
|
|
config = mkMerge [
|
|
(mkIf nathan.services.nginx.enable {
|
|
networking.firewall = {
|
|
allowedTCPPorts = [ 80 443 ];
|
|
allowedUDPPorts = [ 80 443 ];
|
|
};
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedProxySettings = true;
|
|
};
|
|
# Only keep 7 days of logs
|
|
services.logrotate.settings.nginx = {
|
|
rotate = 7;
|
|
frequency = "daily";
|
|
};
|
|
})
|
|
(mkIf nathan.services.nginx.acme {
|
|
security.acme = {
|
|
defaults.email = nathan.config.email;
|
|
acceptTerms = true;
|
|
};
|
|
})
|
|
];
|
|
}
|