From 7f8b7e24fe67cfdb407f1415d6e7b223d2600f58 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Tue, 9 May 2023 18:47:24 -0700
Subject: profiles/nginx: move common configuration to a profile

Both tahoe and carmel are using nginx, and we can simplify the
configuration by moving common parts to the profile and have these hosts
import it.
---
 profiles/nginx.nix | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 profiles/nginx.nix

(limited to 'profiles/nginx.nix')

diff --git a/profiles/nginx.nix b/profiles/nginx.nix
new file mode 100644
index 0000000..766739b
--- /dev/null
+++ b/profiles/nginx.nix
@@ -0,0 +1,23 @@
+{ pkgs, lib, config, ... }:
+{
+  services.nginx = {
+    enable = true;
+    statusPage = true; # For monitoring scraping.
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    recommendedProxySettings = true;
+  };
+
+  services.prometheus.exporters.nginx = {
+    enable = true;
+    listenAddress = "127.0.0.1";
+    port = 9113;
+  };
+
+  # Nginx needs to be able to read the certificates
+  users.users.nginx.extraGroups = [ "acme" ];
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}
-- 
cgit v1.2.3