1 files changed, 49 insertions, 0 deletions

diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix
new file mode 100644
index 0000000..e37e9b3
--- /dev/null
+++ b/modules/services/nginx/default.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }:
+let cfg = config.my.services.nginx;
+in {
+  options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; };
+  config = lib.mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      statusPage = true; # For monitoring scraping.
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;
+      recommendedProxySettings = true;
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+    # Nginx needs to be able to read the certificates
+    users.users.nginx.extraGroups = [ "acme" ];
+
+    security.acme = {
+      email = "franck@fcuny.net";
+      acceptTerms = true;
+    };
+
+    services.prometheus = {
+      exporters.nginx = {
+        enable = true;
+        listenAddress = "127.0.0.1";
+      };
+      scrapeConfigs = [{
+        job_name = "nginx";
+        static_configs = [{
+          targets = [
+            "127.0.0.1:${
+              toString config.services.prometheus.exporters.nginx.port
+            }"
+          ];
+          labels = { instance = config.networking.hostName; };
+        }];
+      }];
+    };
+
+    services.grafana.provision.dashboards = [{
+      name = "NGINX";
+      options.path = pkgs.nur.repos.alarsyo.grafanaDashboards.nginx;
+      disableDeletion = true;
+    }];
+  };
+}