initial commit

2026-04-01 08:50:01 +03:00 · 2026-04-01 08:50:01 +03:00 · 30ce0dafc2
commit 30ce0dafc2
195 changed files with 8902 additions and 0 deletions
--- a/services/nginx/acme.nix
+++ b/services/nginx/acme.nix
@ -0,0 +1,10 @@
+{ lib, config, ... }:
+with lib; mkIf (config.nginx.enable) {
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "admin@ruject.fun";
+      webroot = "/var/lib/acme/acme-challenge/";
+    };
+  };
+}
--- a/services/nginx/default.nix
+++ b/services/nginx/default.nix
@ -0,0 +1,7 @@
+{
+  imports = [
+    ./acme.nix
+    ./firewall.nix
+    ./service.nix
+  ];
+}
--- a/services/nginx/firewall.nix
+++ b/services/nginx/firewall.nix
@ -0,0 +1,14 @@
+{
+  config,
+  lib,
+  ...
+}:
+let
+  inherit (config.services.nginx) enable;
+in
+with lib; mkIf enable {
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+}
--- a/services/nginx/service.nix
+++ b/services/nginx/service.nix
@ -0,0 +1,12 @@
+{
+  users.groups.acme.members = [
+    "nginx"
+  ];
+
+  services.nginx = {
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+  };
+}