add nginx module to flake

2024-11-27 03:51:00 +00:00 · 2024-11-27 03:51:00 +00:00 · 1acd3aaeda
commit 1acd3aaeda
parent 2425b4ea14
2 changed files with 47 additions and 0 deletions
--- a/flake/flake.nix
+++ b/flake/flake.nix
@ -25,6 +25,7 @@
          ./system/cerulea-1/networking.nix
          ./system/base.nix
          ./system/software.nix
+          ./system/nginx.nix
        ];
      };
    };
--- a/flake/system/nginx.nix
+++ b/flake/system/nginx.nix
@ -0,0 +1,46 @@
+{ pkgs, lib, ... }: {
+  environment.systemPackages = with pkgs; [
+    certbot
+  ];
+
+  systemd.services.certbot-renew = {
+    description = "certbot auto renew service";
+    serviceConfig = {
+      ExecStart = "${pkgs.certbot}/bin/certbot renew --quiet --post-hook 'systemctl reload nginx.service'";
+    };
+  };
+  systemd.timers.certbot-renew = {
+    description = "certbot auto renew timer";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "daily";
+      Persistent = true;
+    };
+  };
+
+  services.nginx = {
+    enable = true;
+    user = "root";
+    enableReload = true;
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+  services.nginx.appendHttpConfig = "include /srv/ngx/out/*.conf;";
+
+  services.nginx.appendConfig = "user root;"; 
+  
+  systemd.services.nginx.serviceConfig = lib.mkForce {
+    User = "root";
+    Group = "root";
+    ExecStart = "${pkgs.nginx}/bin/nginx -c /etc/nginx/nginx.conf";
+    ExecReload = [
+      "${pkgs.nginx}/bin/nginx -c /etc/nginx/nginx.conf -t"
+      "${pkgs.coreutils}/bin/kill -HUP $MAINPID"
+    ];
+    LogsDirectory = "nginx";
+    RuntimeDirectory = "nginx";
+  };
+}