From 61c05b35ebea09eb9aef59f4aac4a706001f7ec6 Mon Sep 17 00:00:00 2001 From: Seth Flynn Date: Sat, 8 Feb 2025 20:44:49 -0500 Subject: nixos/nginx: actually act as a mixin This doesn't require disabling anything. It only changes the defaults --- modules/nixos/mixins/nginx.nix | 45 +++++++++++++++++++++++++-------------- modules/nixos/profiles/server.nix | 1 - systems/atlas/default.nix | 4 ++++ systems/atlas/forgejo.nix | 3 +++ systems/atlas/miniflux.nix | 13 +++++------ 5 files changed, 43 insertions(+), 23 deletions(-) diff --git a/modules/nixos/mixins/nginx.nix b/modules/nixos/mixins/nginx.nix index 67d0c25..13dd5b5 100644 --- a/modules/nixos/mixins/nginx.nix +++ b/modules/nixos/mixins/nginx.nix @@ -1,22 +1,35 @@ { config, lib, ... }: -let - cfg = config.mixins.nginx; -in + { - options.mixins.nginx = { - enable = lib.mkEnableOption "NGINX mixin"; + options = { + services.nginx.virtualHosts = lib.mkOption { + type = lib.types.attrsOf ( + lib.types.submodule { + config = { + enableACME = lib.mkDefault true; + forceSSL = lib.mkDefault true; + }; + } + ); + }; }; - config = lib.mkIf cfg.enable { - services.nginx = { - enable = true; + config = lib.mkMerge [ + { + services.nginx = { + enableReload = true; - recommendedBrotliSettings = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedZstdSettings = true; - }; - }; + recommendedBrotliSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedZstdSettings = true; + }; + } + + (lib.mkIf config.services.nginx.enable { + security.acme.defaults.reloadServices = [ "nginx.service" ]; + }) + ]; } diff --git a/modules/nixos/profiles/server.nix b/modules/nixos/profiles/server.nix index fe369ef..a6a19ca 100644 --- a/modules/nixos/profiles/server.nix +++ b/modules/nixos/profiles/server.nix @@ -36,7 +36,6 @@ in mixins = { cloudflared.enable = true; - nginx.enable = true; }; nix.gc = { diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix index a2abce8..f1d0f55 100644 --- a/systems/atlas/default.nix +++ b/systems/atlas/default.nix @@ -25,5 +25,9 @@ nixpkgs.hostPlatform = "aarch64-linux"; + services = { + nginx.enable = true; + }; + system.stateVersion = "23.05"; } diff --git a/systems/atlas/forgejo.nix b/systems/atlas/forgejo.nix index 719ea7c..e60fafc 100644 --- a/systems/atlas/forgejo.nix +++ b/systems/atlas/forgejo.nix @@ -9,6 +9,9 @@ in services.nginx.virtualHosts = { "git.getchoo.com" = { + enableACME = false; + forceSSL = false; + locations."/" = { proxyPass = "http://unix:${forgejoCfg.settings.server.HTTP_ADDR}"; }; diff --git a/systems/atlas/miniflux.nix b/systems/atlas/miniflux.nix index 6d3f8ca..179e512 100644 --- a/systems/atlas/miniflux.nix +++ b/systems/atlas/miniflux.nix @@ -17,12 +17,13 @@ }; }; - nginx = { - virtualHosts = { - "miniflux.getchoo.com" = { - locations."/" = { - proxyPass = "http://unix:${lib.head config.systemd.sockets.miniflux.listenStreams}"; - }; + nginx.virtualHosts = { + "miniflux.getchoo.com" = { + enableACME = false; + forceSSL = false; + + locations."/" = { + proxyPass = "http://unix:${lib.head config.systemd.sockets.miniflux.listenStreams}"; }; }; }; -- cgit v1.2.3