nixos-config/config/services/nginx.nix

60 lines
1.8 KiB
Nix
Raw Normal View History

2022-02-09 14:24:07 +00:00
{
2022-06-12 15:39:15 +00:00
lib,
pkgs,
...
}: {
2022-02-09 14:24:07 +00:00
config = {
services.nginx = {
2022-06-12 15:39:15 +00:00
additionalModules = [pkgs.nginxModules.brotli];
2022-02-09 14:24:07 +00:00
clientMaxBodySize = "10g";
enable = true;
appendHttpConfig = ''
brotli on;
brotli_types
application/atom+xml
application/javascript
application/json
application/xml
application/xml+rss
image/svg+xml
text/css
text/javascript
text/plain
text/xml;
2022-04-26 06:52:55 +00:00
proxy_ssl_protocols TLSv1.2 TLSv1.3;
set_real_ip_from fd0d:a262:1fa6:e621:b4e1:8ff:e658:6f49/128;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
2022-02-09 14:24:07 +00:00
'';
package = pkgs.nginxQuic;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
2022-06-12 15:39:15 +00:00
resolver.addresses = ["127.0.0.1" "[::1]"];
2022-05-01 11:30:31 +00:00
sslProtocols = "TLSv1.2 TLSv1.3";
2022-02-09 14:24:07 +00:00
};
2022-06-12 15:39:15 +00:00
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [443];
security.acme.certs."darkkirb.de".reloadServices = ["nginx.service"];
security.acme.certs."chir.rs".reloadServices = ["nginx.service"];
security.acme.certs."int.chir.rs".reloadServices = ["nginx.service"];
security.acme.certs."miifox.net".reloadServices = ["nginx.service"];
2022-02-09 14:24:07 +00:00
};
options.services.nginx.virtualHosts = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule {
config.listenAddresses = lib.mkDefault [
"0.0.0.0"
"[::]"
];
config.forceSSL = lib.mkDefault true;
config.http2 = lib.mkDefault true;
2022-02-09 14:35:39 +00:00
config.extraConfig = lib.mkDefault ''
listen 0.0.0.0:443 http3;
listen [::]:443 http3;
2022-02-09 14:38:35 +00:00
add_header Alt-Svc 'h3=":443"';
2022-02-09 14:35:39 +00:00
'';
2022-02-09 14:24:07 +00:00
});
2022-01-14 19:47:44 +00:00
};
}