diff --git a/services/bitwarden_rs.nix b/services/bitwarden_rs.nix index 27bd4be..8d26243 100644 --- a/services/bitwarden_rs.nix +++ b/services/bitwarden_rs.nix @@ -57,13 +57,6 @@ in { }; services.nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - virtualHosts = { "pass.${domain}" = { forceSSL = true; diff --git a/services/default.nix b/services/default.nix index 7a4290b..5f4c64a 100644 --- a/services/default.nix +++ b/services/default.nix @@ -8,6 +8,7 @@ ./matrix.nix ./miniflux.nix ./monitoring.nix + ./nginx.nix ./postgresql-backup.nix ]; } diff --git a/services/gitea.nix b/services/gitea.nix index 196a8ee..42615b4 100644 --- a/services/gitea.nix +++ b/services/gitea.nix @@ -84,13 +84,6 @@ in { }; services.nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - virtualHosts = { "git.${domain}" = { forceSSL = true; diff --git a/services/matrix.nix b/services/matrix.nix index f508325..86aeefa 100644 --- a/services/matrix.nix +++ b/services/matrix.nix @@ -69,13 +69,6 @@ in { }; services.nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - virtualHosts = { "matrix.${domain}" = { forceSSL = true; diff --git a/services/miniflux.nix b/services/miniflux.nix index 04afd77..35a5fe2 100644 --- a/services/miniflux.nix +++ b/services/miniflux.nix @@ -47,13 +47,6 @@ in { }; services.nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - virtualHosts = { "reader.${domain}" = { forceSSL = true; diff --git a/services/monitoring.nix b/services/monitoring.nix index db60d6e..68f1316 100644 --- a/services/monitoring.nix +++ b/services/monitoring.nix @@ -68,13 +68,6 @@ in { }; services.nginx = { - enable = true; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - virtualHosts.${config.services.grafana.domain} = { locations."/" = { proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}"; diff --git a/services/nginx.nix b/services/nginx.nix new file mode 100644 index 0000000..79c1dec --- /dev/null +++ b/services/nginx.nix @@ -0,0 +1,21 @@ +# Part of config shamelessly stolen from: +# +# https://github.com/delroth/infra.delroth.net +{ config, lib, ... }: +{ + # Whenever something defines an nginx vhost, ensure that nginx defaults are + # properly set. + config = lib.mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != [ ]) { + services.nginx = { + enable = true; + statusPage = true; # For monitoring scraping. + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; +}