about summary refs log tree commit diff
path: root/ops/modules/www/base.nix
diff options
context:
space:
mode:
Diffstat (limited to 'ops/modules/www/base.nix')
-rw-r--r--ops/modules/www/base.nix36
1 files changed, 36 insertions, 0 deletions
diff --git a/ops/modules/www/base.nix b/ops/modules/www/base.nix
new file mode 100644
index 000000000000..4b956cd95ef1
--- /dev/null
+++ b/ops/modules/www/base.nix
@@ -0,0 +1,36 @@
+{ config, pkgs, ... }:
+
+{
+  config = {
+    services.nginx = {
+      enable = true;
+      enableReload = true;
+
+      recommendedTlsSettings = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+    };
+
+    # NixOS 20.03 broke nginx and I can't be bothered to debug it
+    # anymore, all solution attempts have failed, so here's a
+    # brute-force fix.
+    #
+    # TODO(tazjin): Find a link to the upstream issue and see if
+    # they've sorted it after ~20.09
+    systemd.services.fix-nginx = {
+      script = "${pkgs.coreutils}/bin/chown -f -R nginx: /var/spool/nginx /var/cache/nginx";
+
+      serviceConfig = {
+        User = "root";
+        Type = "oneshot";
+      };
+    };
+
+    systemd.timers.fix-nginx = {
+      wantedBy = [ "multi-user.target" ];
+      timerConfig = {
+        OnCalendar = "minutely";
+      };
+    };
+  };
+}