06db871bd7
* Make sterni.lv declarative * Disable gopher server * Disable likely-music.sterni.lv for now * Don't give systemd too much leeway with scheduling git syncs Change-Id: Ie8507d96f2df76ad8e393b2181ed7378c37829d0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/10480 Autosubmit: sterni <sternenseemann@systemli.org> Reviewed-by: sterni <sternenseemann@systemli.org> Tested-by: BuildkiteCI
30 lines
489 B
Nix
30 lines
489 B
Nix
{ ... }:
|
|
|
|
{
|
|
config = {
|
|
users = {
|
|
users.http = {
|
|
isSystemUser = true;
|
|
group = "http";
|
|
};
|
|
|
|
groups.http = { };
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedProxySettings = true;
|
|
|
|
user = "http";
|
|
group = "http";
|
|
|
|
appendHttpConfig = ''
|
|
charset utf-8;
|
|
'';
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
};
|
|
}
|