ptr.pet / ark
nix machine / user configurations
fork atom
ark / hosts / dzwonek / modules / nginx.nix
at terra 1.3 kB view raw
1{ 2 inputs, 3 ... 4}: 5{ 6 services.nginx = { 7 enable = true; 8 recommendedTlsSettings = true; 9 recommendedOptimisation = true; 10 recommendedGzipSettings = true; 11 recommendedProxySettings = true; 12 # /nginx_status 13 statusPage = true; 14 }; 15 16 networking.firewall.allowedTCPPorts = [ 17 80 18 443 19 ]; 20 21 # output json logs so we can consume them more easily 22 services.nginx.appendHttpConfig = '' 23 log_format json_logs escape=json '{' 24 '"_msg":"request completed",' 25 '"time":"$time_local",' 26 '"req.remoteAddr":"$remote_addr",' 27 '"req.method":"$request_method",' 28 '"req.url":"$uri",' 29 '"req.httpVersion":"$server_protocol",' 30 '"res.statusCode":$status,' 31 '"res.bodySize":$body_bytes_sent,' 32 '"req.headers.id":"$request_id",' 33 '"req.headers.referer":"$http_referer",' 34 '"req.headers.user-agent":"$http_user_agent",' 35 '"requestTime":$request_time' 36 '}'; 37 access_log /var/log/nginx/access.log json_logs; 38 ''; 39 40 users.users.nginx.extraGroups = [ "acme" ]; 41 42 security.acme = { 43 acceptTerms = true; 44 defaults.email = (import "${inputs.self}/personal.nix").emails.primary; 45 defaults.webroot = "/var/lib/acme/acme-challenge"; 46 certs."vpn.gaze.systems" = { }; 47 }; 48}