forked from DGNum/infrastructure
feat(modules): Init dgn-web
Add a module to enable recommended web settings
This commit is contained in:
parent
6608ae7726
commit
958afe957f
2 changed files with 27 additions and 0 deletions
|
@ -43,6 +43,7 @@
|
||||||
"dgn-network"
|
"dgn-network"
|
||||||
"dgn-secrets"
|
"dgn-secrets"
|
||||||
"dgn-ssh"
|
"dgn-ssh"
|
||||||
|
"dgn-web"
|
||||||
]) ++ [
|
]) ++ [
|
||||||
"${sources.agenix}/modules/age.nix"
|
"${sources.agenix}/modules/age.nix"
|
||||||
"${sources.attic}/nixos/atticd.nix"
|
"${sources.attic}/nixos/atticd.nix"
|
||||||
|
|
26
modules/dgn-web.nix
Normal file
26
modules/dgn-web.nix
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (lib) mkEnableOption mkIf;
|
||||||
|
|
||||||
|
cfg = config.dgn-web;
|
||||||
|
in {
|
||||||
|
options.dgn-web = {
|
||||||
|
enable = mkEnableOption "sane defaults for web services.";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
recommendedBrotliSettings = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedZstdSettings = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue