From aa8af127cef35820a05a9d2c3ab371fa3ddc4795 Mon Sep 17 00:00:00 2001 From: "quentin@aristote.fr" Date: Sat, 24 Jan 2026 21:53:46 +0100 Subject: nixos: nginx: add default configuration --- modules/nixos/personal/default.nix | 1 + modules/nixos/personal/services/default.nix | 4 ++++ modules/nixos/personal/services/nginx.nix | 21 +++++++++++++++++++++ 3 files changed, 26 insertions(+) create mode 100644 modules/nixos/personal/services/default.nix create mode 100644 modules/nixos/personal/services/nginx.nix (limited to 'modules') diff --git a/modules/nixos/personal/default.nix b/modules/nixos/personal/default.nix index 735f9af..ebaaf80 100644 --- a/modules/nixos/personal/default.nix +++ b/modules/nixos/personal/default.nix @@ -8,6 +8,7 @@ ./monitoring.nix ./networking ./nix.nix + ./services ./system.nix ./user.nix ]; diff --git a/modules/nixos/personal/services/default.nix b/modules/nixos/personal/services/default.nix new file mode 100644 index 0000000..405bdc1 --- /dev/null +++ b/modules/nixos/personal/services/default.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + imports = [ ./nginx.nix ]; +} diff --git a/modules/nixos/personal/services/nginx.nix b/modules/nixos/personal/services/nginx.nix new file mode 100644 index 0000000..50d6152 --- /dev/null +++ b/modules/nixos/personal/services/nginx.nix @@ -0,0 +1,21 @@ +{ config, lib, ... }: +{ + services.nginx = { + # recommended settings + recommendedBrotliSettings = lib.mkDefault true; + recommendedGzipSettings = lib.mkDefault true; + recommendedOptimisation = lib.mkDefault true; + recommendedProxySettings = lib.mkDefault true; + recommendedTlsSettings = lib.mkDefault true; + recommendedUwsgiSettings = lib.mkDefault config.services.uwsgi.enable; + + # return 444 when trying to connect to some unknown virtual host + virtualHosts."_" = { + default = true; + extraConfig = '' + return 444; + ''; + }; + + }; +} -- cgit v1.2.3