hosts/aubergine/nginx.nix

   1 {
   2   pkgs,
   3   config,
   4   hostName,
   5   ...
   6 }:
   7 let
   8   inherit (config) networking;
   9   inherit (config.services) nginx;
  10 in
  11 {
  12   imports = [
  13     ../../nixos/profiles/services/nginx.nix
  14     nginx/aubergine.nix
  15   ];
  16   networking.nftables.ruleset = ''
  17     table inet filter {
  18       chain input-neb-sourcephile {
  19         tcp dport { http, https } counter accept comment "HTTP"
  20       }
  21       chain input-lan {
  22         tcp dport { http } counter accept comment "HTTP"
  23       }
  24       chain input-intra {
  25         tcp dport { http } counter accept comment "HTTP"
  26       }
  27     }
  28   '';
  29   /*
  30     fileSystems."/var/lib/nginx" = {
  31     device = "${hostName}/var/www";
  32     fsType = "zfs";
  33     };
  34   */
  35   services.nginx = {
  36     enable = true;
  37     /*
  38       package = pkgs.nginx.override {
  39         modules = with pkgs.nginxModules; [
  40           fancyindex
  41         ];
  42       };
  43     */
  44     resolver = {
  45       addresses = [ "127.0.0.1:53" ];
  46       valid = "";
  47     };
  48     virtualHosts."_" = {
  49       default = true;
  50       extraConfig = ''
  51         # Connection closed without response
  52         return 444;
  53       '';
  54     };
  55   };
  56 }