about summary refs log tree commit diff
path: root/users/sterni/machines/ingeborg/http/nginx.nix
diff options
context:
space:
mode:
authorsterni <sternenseemann@systemli.org>2023-12-30T23·19+0100
committerclbot <clbot@tvl.fyi>2023-12-31T14·30+0000
commit06db871bd75a714a61434dd4b13bc87e1319ba92 (patch)
treea8e63e990dd7fd5a7d7b7d843eb53cff8e0441b2 /users/sterni/machines/ingeborg/http/nginx.nix
parent12f9b95a2c75a757a36c4147eb011d096e8f48be (diff)
chore(sterni/machines): move http services from edwin to ingeborg r/7291
* Make sterni.lv declarative
* Disable gopher server
* Disable likely-music.sterni.lv for now
* Don't give systemd too much leeway with scheduling git syncs

Change-Id: Ie8507d96f2df76ad8e393b2181ed7378c37829d0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/10480
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
Diffstat (limited to 'users/sterni/machines/ingeborg/http/nginx.nix')
-rw-r--r--users/sterni/machines/ingeborg/http/nginx.nix30
1 files changed, 30 insertions, 0 deletions
diff --git a/users/sterni/machines/ingeborg/http/nginx.nix b/users/sterni/machines/ingeborg/http/nginx.nix
new file mode 100644
index 000000000000..d551b8391d18
--- /dev/null
+++ b/users/sterni/machines/ingeborg/http/nginx.nix
@@ -0,0 +1,30 @@
+{ ... }:
+
+{
+  config = {
+    users = {
+      users.http = {
+        isSystemUser = true;
+        group = "http";
+      };
+
+      groups.http = { };
+    };
+
+    services.nginx = {
+      enable = true;
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+
+      user = "http";
+      group = "http";
+
+      appendHttpConfig = ''
+        charset utf-8;
+      '';
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+  };
+}