{ config, lib, pkgs, ... }: let cfg = config.my.services.nginx; in { options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; }; config = lib.mkIf cfg.enable { services.nginx = { enable = true; statusPage = true; # For monitoring scraping. recommendedGzipSettings = true; recommendedOptimisation = true; recommendedTlsSettings = true; recommendedProxySettings = true; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; # Nginx needs to be able to read the certificates users.users.nginx.extraGroups = [ "acme" ]; security.acme = { defaults.email = "franck@fcuny.net"; acceptTerms = true; }; services.prometheus = { exporters.nginx = { enable = true; listenAddress = "127.0.0.1"; }; scrapeConfigs = [{ job_name = "nginx"; static_configs = [{ targets = [ "127.0.0.1:${ toString config.services.prometheus.exporters.nginx.port }" ]; labels = { instance = config.networking.hostName; }; }]; }]; }; services.grafana.provision.dashboards = [{ name = "NGINX"; options.path = pkgs.nur.repos.alarsyo.grafanaDashboards.nginx; disableDeletion = true; }]; }; }