profiles/nginx: move common configuration to a profile

Both tahoe and carmel are using nginx, and we can simplify the configuration by moving common parts to the profile and have these hosts import it.
author: Franck Cuny <franck@fcuny.net> 2023-05-09 18:47:24 -0700
committer: Franck Cuny <franck@fcuny.net> 2023-05-09 18:47:24 -0700
commit: 7f8b7e24fe67cfdb407f1415d6e7b223d2600f58 (patch)
tree: 5d72336b99adee6c7216ec7fa681977c185cdaba
parent: tahoe: move the initrd code (diff)
download: infra-7f8b7e24fe67cfdb407f1415d6e7b223d2600f58.tar.gz
8 files changed, 36 insertions, 47 deletions
diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix
index c9915d2..1006f1e 100644
--- a/hosts/carmel/default.nix
+++ b/hosts/carmel/default.nix
@@ -8,6 +8,7 @@
     ./services.nix
     "${self}/profiles/server.nix"
     "${self}/profiles/hardware/amd.nix"
+    "${self}/profiles/nginx.nix"
   ];
 
   # This value determines the NixOS release from which the default
diff --git a/hosts/carmel/services.nix b/hosts/carmel/services.nix
index 89f888d..4c17fd8 100644
--- a/hosts/carmel/services.nix
+++ b/hosts/carmel/services.nix
@@ -74,12 +74,6 @@
   };
 
   services.nginx = {
-    enable = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-
     virtualHosts."dnsmasq" = {
       listen = [
         {
diff --git a/hosts/tahoe/default.nix b/hosts/tahoe/default.nix
index 7cb25fd..aacc41a 100644
--- a/hosts/tahoe/default.nix
+++ b/hosts/tahoe/default.nix
@@ -11,6 +11,7 @@ in
     "${self}/profiles/btrfs.nix"
     "${self}/profiles/nas.nix"
     "${self}/profiles/acme.nix"
+    "${self}/profiles/nginx.nix"
     "${self}/profiles/hardware/amd.nix"
   ];
 
diff --git a/hosts/tahoe/services.nix b/hosts/tahoe/services.nix
index 0227f4c..894f345 100644
--- a/hosts/tahoe/services.nix
+++ b/hosts/tahoe/services.nix
@@ -45,7 +45,6 @@ in
       enable = true;
       stateDir = "/var/lib/gitolite";
     };
-    nginx = { enable = true; };
     transmission = {
       enable = true;
       vhostName = "bt.fcuny.xyz";
diff --git a/modules/services/default.nix b/modules/services/default.nix
index b6b34d5..ac20bf6 100644
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -8,7 +8,6 @@
     ./gitolite
     ./monitoring
     ./navidrome
-    ./nginx
     ./samba
     ./sendsms
     ./syncthing
diff --git a/modules/services/monitoring/prometheus.nix b/modules/services/monitoring/prometheus.nix
index 916302b..45fa22c 100644
--- a/modules/services/monitoring/prometheus.nix
+++ b/modules/services/monitoring/prometheus.nix
@@ -84,6 +84,17 @@ in
 
       scrapeConfigs = [
         {
+          job_name = "nginx";
+          static_configs = [{
+            targets = [
+              "127.0.0.1:${
+              toString config.services.prometheus.exporters.nginx.port
+            }"
+            ];
+            labels = { instance = config.networking.hostName; };
+          }];
+        }
+        {
           job_name = "blackbox-ping";
           metrics_path = "/probe";
           params = { module = [ "icmp" ]; };
diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix
deleted file mode 100644
index ec71ba2..0000000
--- a/modules/services/nginx/default.nix
+++ /dev/null
@@ -1,39 +0,0 @@
-{ config, lib, pkgs, ... }:
-let cfg = config.my.services.nginx;
-in
-{
-  options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; };
-  config = lib.mkIf cfg.enable {
-    services.nginx = {
-      enable = true;
-      statusPage = true; # For monitoring scraping.
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedTlsSettings = true;
-      recommendedProxySettings = true;
-    };
-
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-    # Nginx needs to be able to read the certificates
-    users.users.nginx.extraGroups = [ "acme" ];
-
-    services.prometheus = {
-      exporters.nginx = {
-        enable = true;
-        listenAddress = "127.0.0.1";
-      };
-      scrapeConfigs = [{
-        job_name = "nginx";
-        static_configs = [{
-          targets = [
-            "127.0.0.1:${
-              toString config.services.prometheus.exporters.nginx.port
-            }"
-          ];
-          labels = { instance = config.networking.hostName; };
-        }];
-      }];
-    };
-  };
-}
diff --git a/profiles/nginx.nix b/profiles/nginx.nix
new file mode 100644
index 0000000..766739b
--- /dev/null
+++ b/profiles/nginx.nix
@@ -0,0 +1,23 @@
+{ pkgs, lib, config, ... }:
+{
+  services.nginx = {
+    enable = true;
+    statusPage = true; # For monitoring scraping.
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    recommendedProxySettings = true;
+  };
+
+  services.prometheus.exporters.nginx = {
+    enable = true;
+    listenAddress = "127.0.0.1";
+    port = 9113;
+  };
+
+  # Nginx needs to be able to read the certificates
+  users.users.nginx.extraGroups = [ "acme" ];
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
author	Franck Cuny <franck@fcuny.net>	2023-05-09 18:47:24 -0700
committer	Franck Cuny <franck@fcuny.net>	2023-05-09 18:47:24 -0700
commit	7f8b7e24fe67cfdb407f1415d6e7b223d2600f58 (patch)
tree	5d72336b99adee6c7216ec7fa681977c185cdaba
parent	tahoe: move the initrd code (diff)
download	infra-7f8b7e24fe67cfdb407f1415d6e7b223d2600f58.tar.gz