simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

nginx: Make recommended settings global

Browse source
This commit is contained in:
Simon Bruder 2023-12-16 10:19:20 +01:00
parent a5622c3653
commit 80fcaab244
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
6 changed files with 10 additions and 28 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
machines/fuuko/configuration.nix
View file

@ -36,11 +36,6 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys"; systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys";

9
machines/nazuna/configuration.nix
View file

@ -15,14 +15,7 @@
system.stateVersion = "23.05"; system.stateVersion = "23.05";
services.nginx = { services.nginx.enable = true;
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys"; systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys";

5
machines/okarin/configuration.nix
View file

@ -22,11 +22,6 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."okarin.sbruder.xyz" = { virtualHosts."okarin.sbruder.xyz" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;

5
machines/renge/configuration.nix
View file

@ -41,11 +41,6 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."sbruder.de" = { virtualHosts."sbruder.de" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;

5
machines/vueko/configuration.nix
View file

@ -42,11 +42,6 @@
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"vueko.sbruder.de" = { "vueko.sbruder.de" = {
enableACME = true; enableACME = true;

9
modules/nginx.nix
View file

@ -6,6 +6,7 @@ in
options.sbruder.nginx = { options.sbruder.nginx = {
hardening.enable = lib.mkEnableOption "nginx hardening"; hardening.enable = lib.mkEnableOption "nginx hardening";
privacy.enable = (lib.mkEnableOption "nginx privacy options") // { default = true; }; privacy.enable = (lib.mkEnableOption "nginx privacy options") // { default = true; };
recommended.enable = (lib.mkEnableOption "recommended options") // { default = true; };
}; };
config = lib.mkMerge [ config = lib.mkMerge [
@ -26,5 +27,13 @@ in
access_log off; access_log off;
''; '';
}) })
(lib.mkIf cfg.recommended.enable {
services.nginx = {
recommendedGzipSettings = lib.mkDefault true;
recommendedOptimisation = lib.mkDefault true;
recommendedProxySettings = lib.mkDefault true;
recommendedTlsSettings = lib.mkDefault true;
};
})
]; ];
} }