diff --git a/modules/default.nix b/modules/default.nix index 5941f7e..17be621 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -43,6 +43,7 @@ "dgn-network" "dgn-secrets" "dgn-ssh" + "dgn-web" ]) ++ [ "${sources.agenix}/modules/age.nix" "${sources.attic}/nixos/atticd.nix" diff --git a/modules/dgn-web.nix b/modules/dgn-web.nix new file mode 100644 index 0000000..bb68203 --- /dev/null +++ b/modules/dgn-web.nix @@ -0,0 +1,26 @@ +{ config, lib, ... }: + +let + inherit (lib) mkEnableOption mkIf; + + cfg = config.dgn-web; +in { + options.dgn-web = { + enable = mkEnableOption "sane defaults for web services."; + }; + + config = mkIf cfg.enable { + services.nginx = { + enable = true; + + recommendedBrotliSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + recommendedZstdSettings = true; + }; + + networking.firewall.allowedTCPPorts = [ 80 443 ]; + }; +}