blob: f745b9bb90ca8ee395d89914b789e60151787c67 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
|
{ config, lib, pkgs, ... }:
let cfg = config.my.services.nginx;
in
{
options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; };
config = lib.mkIf cfg.enable {
services.nginx = {
enable = true;
statusPage = true; # For monitoring scraping.
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
# Nginx needs to be able to read the certificates
users.users.nginx.extraGroups = [ "acme" ];
security.acme = {
defaults.email = "franck@fcuny.net";
acceptTerms = true;
};
services.prometheus = {
exporters.nginx = {
enable = true;
listenAddress = "127.0.0.1";
};
scrapeConfigs = [{
job_name = "nginx";
static_configs = [{
targets = [
"127.0.0.1:${
toString config.services.prometheus.exporters.nginx.port
}"
];
labels = { instance = config.networking.hostName; };
}];
}];
};
};
}
|
