diff options
Diffstat (limited to 'modules/services/nginx/default.nix')
-rw-r--r-- | modules/services/nginx/default.nix | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix new file mode 100644 index 0000000..e37e9b3 --- /dev/null +++ b/modules/services/nginx/default.nix @@ -0,0 +1,49 @@ +{ config, lib, pkgs, ... }: +let cfg = config.my.services.nginx; +in { + options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; }; + config = lib.mkIf cfg.enable { + services.nginx = { + enable = true; + statusPage = true; # For monitoring scraping. + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + # Nginx needs to be able to read the certificates + users.users.nginx.extraGroups = [ "acme" ]; + + security.acme = { + email = "franck@fcuny.net"; + acceptTerms = true; + }; + + services.prometheus = { + exporters.nginx = { + enable = true; + listenAddress = "127.0.0.1"; + }; + scrapeConfigs = [{ + job_name = "nginx"; + static_configs = [{ + targets = [ + "127.0.0.1:${ + toString config.services.prometheus.exporters.nginx.port + }" + ]; + labels = { instance = config.networking.hostName; }; + }]; + }]; + }; + + services.grafana.provision.dashboards = [{ + name = "NGINX"; + options.path = pkgs.nur.repos.alarsyo.grafanaDashboards.nginx; + disableDeletion = true; + }]; + }; +} |