nginx: centralize configuration
This commit is contained in:
parent
74bc853aae
commit
e3440b61ab
|
@ -57,13 +57,6 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
|
||||||
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"pass.${domain}" = {
|
"pass.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
|
@ -8,6 +8,7 @@
|
||||||
./matrix.nix
|
./matrix.nix
|
||||||
./miniflux.nix
|
./miniflux.nix
|
||||||
./monitoring.nix
|
./monitoring.nix
|
||||||
|
./nginx.nix
|
||||||
./postgresql-backup.nix
|
./postgresql-backup.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -84,13 +84,6 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
|
||||||
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"git.${domain}" = {
|
"git.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
|
@ -69,13 +69,6 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
|
||||||
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"matrix.${domain}" = {
|
"matrix.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
|
@ -47,13 +47,6 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
|
||||||
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
|
|
||||||
virtualHosts = {
|
virtualHosts = {
|
||||||
"reader.${domain}" = {
|
"reader.${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
|
|
@ -68,13 +68,6 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
|
||||||
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
|
|
||||||
virtualHosts.${config.services.grafana.domain} = {
|
virtualHosts.${config.services.grafana.domain} = {
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
|
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";
|
||||||
|
|
21
services/nginx.nix
Normal file
21
services/nginx.nix
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
# Part of config shamelessly stolen from:
|
||||||
|
#
|
||||||
|
# https://github.com/delroth/infra.delroth.net
|
||||||
|
{ config, lib, ... }:
|
||||||
|
{
|
||||||
|
# Whenever something defines an nginx vhost, ensure that nginx defaults are
|
||||||
|
# properly set.
|
||||||
|
config = lib.mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != [ ]) {
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
statusPage = true; # For monitoring scraping.
|
||||||
|
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue