nginx: centralize configuration

This commit is contained in:
Antoine Martin 2021-02-14 12:06:45 +01:00
parent 74bc853aae
commit e3440b61ab
7 changed files with 22 additions and 35 deletions

View file

@ -57,13 +57,6 @@ in {
}; };
services.nginx = { services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"pass.${domain}" = { "pass.${domain}" = {
forceSSL = true; forceSSL = true;

View file

@ -8,6 +8,7 @@
./matrix.nix ./matrix.nix
./miniflux.nix ./miniflux.nix
./monitoring.nix ./monitoring.nix
./nginx.nix
./postgresql-backup.nix ./postgresql-backup.nix
]; ];
} }

View file

@ -84,13 +84,6 @@ in {
}; };
services.nginx = { services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"git.${domain}" = { "git.${domain}" = {
forceSSL = true; forceSSL = true;

View file

@ -69,13 +69,6 @@ in {
}; };
services.nginx = { services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"matrix.${domain}" = { "matrix.${domain}" = {
forceSSL = true; forceSSL = true;

View file

@ -47,13 +47,6 @@ in {
}; };
services.nginx = { services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"reader.${domain}" = { "reader.${domain}" = {
forceSSL = true; forceSSL = true;

View file

@ -68,13 +68,6 @@ in {
}; };
services.nginx = { services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts.${config.services.grafana.domain} = { virtualHosts.${config.services.grafana.domain} = {
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}"; proxyPass = "http://127.0.0.1:${toString config.services.grafana.port}";

21
services/nginx.nix Normal file
View file

@ -0,0 +1,21 @@
# Part of config shamelessly stolen from:
#
# https://github.com/delroth/infra.delroth.net
{ config, lib, ... }:
{
# Whenever something defines an nginx vhost, ensure that nginx defaults are
# properly set.
config = lib.mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != [ ]) {
services.nginx = {
enable = true;
statusPage = true; # For monitoring scraping.
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}