my over complex system configurations
dotfiles.isabelroses.com/
nixos
nix
flake
dotfiles
linux
nixos/services/nginx: always set domain
+33
-30
+33
-30
modules/nixos/services/nginx.nix
+33
-30
modules/nixos/services/nginx.nix
···
10
10
mkIf
11
11
mkOption
12
12
mkDefault
13
+
mkMerge
13
14
;
14
15
inherit (self.lib) mkServiceOption;
15
16
···
38
39
};
39
40
};
40
41
41
-
config = mkIf cfg.enable {
42
-
networking = { inherit (cfg) domain; };
42
+
config = mkMerge [
43
+
{ networking = { inherit (cfg) domain; }; }
43
44
44
-
users.users.nginx.extraGroups = [ "acme" ];
45
+
(mkIf cfg.enable {
46
+
users.users.nginx.extraGroups = [ "acme" ];
45
47
46
-
networking.firewall.allowedTCPPorts = [
47
-
80
48
-
443
49
-
];
48
+
networking.firewall.allowedTCPPorts = [
49
+
80
50
+
443
51
+
];
50
52
51
-
services.nginx = {
52
-
enable = true;
53
-
statusPage = true; # For monitoring scraping.
53
+
services.nginx = {
54
+
enable = true;
55
+
statusPage = true; # For monitoring scraping.
54
56
55
-
commonHttpConfig = ''
56
-
# real_ip_header CF-Connecting-IP;
57
-
add_header 'Referrer-Policy' 'origin-when-cross-origin';
58
-
add_header X-Frame-Options "SAMEORIGIN" always;
59
-
add_header X-Content-Type-Options nosniff;
60
-
'';
57
+
commonHttpConfig = ''
58
+
# real_ip_header CF-Connecting-IP;
59
+
add_header 'Referrer-Policy' 'origin-when-cross-origin';
60
+
add_header X-Frame-Options "SAMEORIGIN" always;
61
+
add_header X-Content-Type-Options nosniff;
62
+
'';
61
63
62
-
recommendedTlsSettings = true;
63
-
recommendedBrotliSettings = true;
64
-
recommendedOptimisation = true;
65
-
recommendedGzipSettings = true;
66
-
recommendedProxySettings = true;
64
+
recommendedTlsSettings = true;
65
+
recommendedBrotliSettings = true;
66
+
recommendedOptimisation = true;
67
+
recommendedGzipSettings = true;
68
+
recommendedProxySettings = true;
67
69
68
-
experimentalZstdSettings = true;
70
+
experimentalZstdSettings = true;
69
71
70
-
sslCiphers = "EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL";
71
-
sslProtocols = "TLSv1.3 TLSv1.2";
72
+
sslCiphers = "EECDH+aRSA+AESGCM:EDH+aRSA:EECDH+aRSA:+AES256:+AES128:+SHA1:!CAMELLIA:!SEED:!3DES:!DES:!RC4:!eNULL";
73
+
sslProtocols = "TLSv1.3 TLSv1.2";
72
74
73
-
# undo the the changes we made to `services.nginx.virtualHosts`
74
-
virtualHosts.localhost = {
75
-
forceSSL = false;
76
-
enableACME = false;
75
+
# undo the the changes we made to `services.nginx.virtualHosts`
76
+
virtualHosts.localhost = {
77
+
forceSSL = false;
78
+
enableACME = false;
79
+
};
77
80
};
78
-
};
79
-
};
81
+
})
82
+
];
80
83
}