1 files changed, 23 insertions, 0 deletions

diff --git a/profiles/nginx.nix b/profiles/nginx.nix
new file mode 100644
index 0000000..766739b
--- /dev/null
+++ b/profiles/nginx.nix
@@ -0,0 +1,23 @@
+{ pkgs, lib, config, ... }:
+{
+  services.nginx = {
+    enable = true;
+    statusPage = true; # For monitoring scraping.
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    recommendedProxySettings = true;
+  };
+
+  services.prometheus.exporters.nginx = {
+    enable = true;
+    listenAddress = "127.0.0.1";
+    port = 9113;
+  };
+
+  # Nginx needs to be able to read the certificates
+  users.users.nginx.extraGroups = [ "acme" ];
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}