diff options
author | Franck Cuny <franck@fcuny.net> | 2023-05-09 18:47:24 -0700 |
---|---|---|
committer | Franck Cuny <franck@fcuny.net> | 2023-05-09 18:47:24 -0700 |
commit | 7f8b7e24fe67cfdb407f1415d6e7b223d2600f58 (patch) | |
tree | 5d72336b99adee6c7216ec7fa681977c185cdaba /profiles | |
parent | tahoe: move the initrd code (diff) | |
download | world-7f8b7e24fe67cfdb407f1415d6e7b223d2600f58.tar.gz |
profiles/nginx: move common configuration to a profile
Both tahoe and carmel are using nginx, and we can simplify the configuration by moving common parts to the profile and have these hosts import it.
Diffstat (limited to 'profiles')
-rw-r--r-- | profiles/nginx.nix | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/profiles/nginx.nix b/profiles/nginx.nix new file mode 100644 index 0000000..766739b --- /dev/null +++ b/profiles/nginx.nix @@ -0,0 +1,23 @@ +{ pkgs, lib, config, ... }: +{ + services.nginx = { + enable = true; + statusPage = true; # For monitoring scraping. + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + }; + + services.prometheus.exporters.nginx = { + enable = true; + listenAddress = "127.0.0.1"; + port = 9113; + }; + + # Nginx needs to be able to read the certificates + users.users.nginx.extraGroups = [ "acme" ]; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; +} |