nixos: nginx: add default configuration

author: quentin@aristote.fr <quentin@aristote.fr> 2026-01-24 21:53:46 +0100
committer: quentin@aristote.fr <quentin@aristote.fr> 2026-01-24 21:56:25 +0100
commit: aa8af127cef35820a05a9d2c3ab371fa3ddc4795 (patch)
tree: e1992209bc80d00affbe0d70c421cb7c5906cdd1 /modules/nixos/personal/services
parent: 46bf582925cf713312e569e389e5cadacdce78c4 (diff)
2 files changed, 25 insertions, 0 deletions
diff --git a/modules/nixos/personal/services/default.nix b/modules/nixos/personal/services/default.nix
new file mode 100644
index 0000000..405bdc1
--- /dev/null
+++ b/modules/nixos/personal/services/default.nix
@@ -0,0 +1,4 @@
+{ ... }:
+{
+  imports = [ ./nginx.nix ];
+}
diff --git a/modules/nixos/personal/services/nginx.nix b/modules/nixos/personal/services/nginx.nix
new file mode 100644
index 0000000..50d6152
--- /dev/null
+++ b/modules/nixos/personal/services/nginx.nix
@@ -0,0 +1,21 @@
+{ config, lib, ... }:
+{
+  services.nginx = {
+    # recommended settings
+    recommendedBrotliSettings = lib.mkDefault true;
+    recommendedGzipSettings = lib.mkDefault true;
+    recommendedOptimisation = lib.mkDefault true;
+    recommendedProxySettings = lib.mkDefault true;
+    recommendedTlsSettings = lib.mkDefault true;
+    recommendedUwsgiSettings = lib.mkDefault config.services.uwsgi.enable;
+
+    # return 444 when trying to connect to some unknown virtual host
+    virtualHosts."_" = {
+      default = true;
+      extraConfig = ''
+        return 444;
+      '';
+    };
+
+  };
+}
author	quentin@aristote.fr <quentin@aristote.fr>	2026-01-24 21:53:46 +0100
committer	quentin@aristote.fr <quentin@aristote.fr>	2026-01-24 21:56:25 +0100
commit	aa8af127cef35820a05a9d2c3ab371fa3ddc4795 (patch)
tree	e1992209bc80d00affbe0d70c421cb7c5906cdd1 /modules/nixos/personal/services
parent	46bf582925cf713312e569e389e5cadacdce78c4 (diff)