blob: ec71ba24faa0bbec164b122ae35a9e375416572b (
plain) (
tree)
|
|
{ config, lib, pkgs, ... }:
let cfg = config.my.services.nginx;
in
{
options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; };
config = lib.mkIf cfg.enable {
services.nginx = {
enable = true;
statusPage = true; # For monitoring scraping.
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
# Nginx needs to be able to read the certificates
users.users.nginx.extraGroups = [ "acme" ];
services.prometheus = {
exporters.nginx = {
enable = true;
listenAddress = "127.0.0.1";
};
scrapeConfigs = [{
job_name = "nginx";
static_configs = [{
targets = [
"127.0.0.1:${
toString config.services.prometheus.exporters.nginx.port
}"
];
labels = { instance = config.networking.hostName; };
}];
}];
};
};
}
|
