nginx: centralize configuration

2021-02-14 12:06:45 +01:00 · 2021-02-14 12:06:45 +01:00 · e3440b61ab
parent 74bc853aae
commit e3440b61ab
7 changed files with 22 additions and 35 deletions
--- a/services/bitwarden_rs.nix
+++ b/services/bitwarden_rs.nix
@ -57,13 +57,6 @@ in {
    };
    services.nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      recommendedProxySettings = true;
      virtualHosts = {
        "pass.${domain}" = {
          forceSSL = true;
--- a/services/default.nix
+++ b/services/default.nix
@ -8,6 +8,7 @@
    ./matrix.nix
    ./miniflux.nix
    ./monitoring.nix
    ./nginx.nix
    ./postgresql-backup.nix
  ];
 }
--- a/services/gitea.nix
+++ b/services/gitea.nix
@ -84,13 +84,6 @@ in {
    };
    services.nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      recommendedProxySettings = true;
      virtualHosts = {
        "git.${domain}" = {
          forceSSL = true;
--- a/services/matrix.nix
+++ b/services/matrix.nix
@ -69,13 +69,6 @@ in {
    };
    services.nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      recommendedProxySettings = true;
      virtualHosts = {
        "matrix.${domain}" = {
          forceSSL = true;
--- a/services/miniflux.nix
+++ b/services/miniflux.nix
@ -47,13 +47,6 @@ in {
    };
    services.nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      recommendedProxySettings = true;
      virtualHosts = {
        "reader.${domain}" = {
          forceSSL = true;
--- a/services/monitoring.nix
+++ b/services/monitoring.nix
@ -68,13 +68,6 @@ in {
    };
    services.nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      virtualHosts.${config.services.grafana.domain} = {
        locations."/" = {
          proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -0,0 +1,21 @@
 # Part of config shamelessly stolen from:
 #
 # https://github.com/delroth/infra.delroth.net
 { config, lib, ... }:
 {
  # Whenever something defines an nginx vhost, ensure that nginx defaults are
  # properly set.
  config = lib.mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != [ ]) {
    services.nginx = {
      enable = true;
      statusPage = true; # For monitoring scraping.
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      recommendedProxySettings = true;
    };
    networking.firewall.allowedTCPPorts = [ 80 443 ];
  };
 }