From d560d7602887de51cadc25d59825c05e3c693545 Mon Sep 17 00:00:00 2001 From: Max Date: Mon, 31 Oct 2022 18:14:39 +0100 Subject: [PATCH] cluster/services/nginx: init from host-specific modules --- cluster/services/nginx/default.nix | 6 +++ .../services/nginx/nginx.nix | 0 hosts/VEGAS/system.nix | 1 - hosts/prophet/modules/nginx/default.nix | 38 ------------------- hosts/prophet/system.nix | 1 - 5 files changed, 6 insertions(+), 40 deletions(-) create mode 100644 cluster/services/nginx/default.nix rename hosts/VEGAS/modules/nginx/default.nix => cluster/services/nginx/nginx.nix (100%) delete mode 100644 hosts/prophet/modules/nginx/default.nix diff --git a/cluster/services/nginx/default.nix b/cluster/services/nginx/default.nix new file mode 100644 index 0000000..fa27013 --- /dev/null +++ b/cluster/services/nginx/default.nix @@ -0,0 +1,6 @@ +{ + services.nginx = { + nodes.host = [ "VEGAS" "prophet" ]; + nixos.host = [ ./nginx.nix ]; + }; +} diff --git a/hosts/VEGAS/modules/nginx/default.nix b/cluster/services/nginx/nginx.nix similarity index 100% rename from hosts/VEGAS/modules/nginx/default.nix rename to cluster/services/nginx/nginx.nix diff --git a/hosts/VEGAS/system.nix b/hosts/VEGAS/system.nix index c90be30..3dd714c 100644 --- a/hosts/VEGAS/system.nix +++ b/hosts/VEGAS/system.nix @@ -8,7 +8,6 @@ # Plumbing ./modules/database - ./modules/nginx ./modules/oauth2-proxy ./modules/redis ./modules/virtualisation diff --git a/hosts/prophet/modules/nginx/default.nix b/hosts/prophet/modules/nginx/default.nix deleted file mode 100644 index f3a9566..0000000 --- a/hosts/prophet/modules/nginx/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, tools, ... }: - -let - inherit (tools.meta) adminEmail; -in { - security.acme.defaults.email = adminEmail; - security.acme.acceptTerms = true; - services.nginx = { - enable = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - proxyResolveWhileRunning = false; - resolver = { - addresses = [ "127.0.0.1" ]; - valid = "30s"; - }; - appendHttpConfig = '' - server_names_hash_bucket_size 128; - proxy_headers_hash_max_size 4096; - proxy_headers_hash_bucket_size 128; - log_format fmt_loki 'host=$host remote_addr=$remote_addr remote_user=$remote_user request="$request" status=$status body_bytes_sent=$body_bytes_sent http_referer="$http_referer" http_user_agent="$http_user_agent"'; - access_log syslog:server=unix:/dev/log,tag=nginx_access,nohostname fmt_loki; - ''; - }; - services.phpfpm.pools.www = { - inherit (config.services.nginx) user group; - settings = { - pm = "ondemand"; - "pm.max_children" = 16; - "listen.owner" = config.services.nginx.user; - "listen.group" = config.services.nginx.group; - }; - }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - systemd.services.nginx.after = [ "network-online.target" ]; -} diff --git a/hosts/prophet/system.nix b/hosts/prophet/system.nix index 048a108..a7ac49f 100644 --- a/hosts/prophet/system.nix +++ b/hosts/prophet/system.nix @@ -6,7 +6,6 @@ # Hardware ./hardware-configuration.nix - ./modules/nginx inputs.agenix.nixosModules.age ./services/cdn-shield