]> Git — Sourcephile - julm/julm-nix.git/blob - hosts/aubergine/nginx.nix
xsecurelock: use options to enable customizations
[julm/julm-nix.git] / hosts / aubergine / nginx.nix
1 { pkgs, config, hostName, ... }:
2 let
3 inherit (config) networking;
4 inherit (config.services) nginx;
5 in
6 {
7 imports = [
8 ../../nixos/profiles/services/nginx.nix
9 nginx/aubergine.nix
10 ];
11 networking.nftables.ruleset = ''
12 table inet filter {
13 chain input-lan {
14 tcp dport { http } counter accept comment "HTTP"
15 }
16 chain input-intra {
17 tcp dport { http } counter accept comment "HTTP"
18 }
19 }
20 '';
21 /*
22 fileSystems."/var/lib/nginx" = {
23 device = "${hostName}/var/www";
24 fsType = "zfs";
25 };
26 */
27 services.nginx = {
28 enable = true;
29 /*
30 package = pkgs.nginx.override {
31 modules = with pkgs.nginxModules; [
32 fancyindex
33 ];
34 };
35 */
36 resolver = {
37 addresses = [ "127.0.0.1:53" ];
38 valid = "";
39 };
40 virtualHosts."_" = {
41 default = true;
42 extraConfig = ''
43 # Connection closed without response
44 return 444;
45 '';
46 };
47 };
48 }