28 lines
679 B
Nix
28 lines
679 B
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
users.users.nginx.extraGroups = [ "acme" ];
|
|
|
|
services = {
|
|
nginx = {
|
|
enable = true;
|
|
resolver.addresses = [
|
|
"[2606:4700:4700::1111]"
|
|
"[2620:fe::fe]"
|
|
"1.1.1.1"
|
|
"9.9.9.9"
|
|
];
|
|
statusPage = true; # http://127.0.0.1/nginx_status
|
|
sslProtocols = "TLSv1.3";
|
|
recommendedTlsSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedBrotliSettings = true;
|
|
};
|
|
prometheus.exporters.nginx = {
|
|
enable = true;
|
|
firewallRules = config.services.prometheus.exporters.node.firewallRules;
|
|
openFirewall = true;
|
|
};
|
|
};
|
|
}
|