diff options
Diffstat (limited to 'ops/modules/www/base.nix')
-rw-r--r-- | ops/modules/www/base.nix | 45 |
1 files changed, 23 insertions, 22 deletions
diff --git a/ops/modules/www/base.nix b/ops/modules/www/base.nix index cfa9bf0bc6..50fceff0fa 100644 --- a/ops/modules/www/base.nix +++ b/ops/modules/www/base.nix @@ -2,6 +2,11 @@ { config = { + security.acme = { + acceptTerms = true; + defaults.email = "letsencrypt@tvl.su"; + }; + services.nginx = { enable = true; enableReload = true; @@ -10,31 +15,27 @@ recommendedGzipSettings = true; recommendedProxySettings = true; + commonHttpConfig = '' + log_format json_combined escape=json + '{' + '"remote_addr":"$remote_addr",' + '"method":"$request_method",' + '"host":"$host",' + '"uri":"$request_uri",' + '"status":$status,' + '"request_size":$request_length,' + '"response_size":$body_bytes_sent,' + '"response_time":$request_time,' + '"referrer":"$http_referer",' + '"user_agent":"$http_user_agent"' + '}'; + + access_log syslog:server=unix:/dev/log,nohostname json_combined; + ''; + appendHttpConfig = '' add_header Permissions-Policy "interest-cohort=()"; ''; }; - - # NixOS 20.03 broke nginx and I can't be bothered to debug it - # anymore, all solution attempts have failed, so here's a - # brute-force fix. - # - # TODO(tazjin): Find a link to the upstream issue and see if - # they've sorted it after ~20.09 - systemd.services.fix-nginx = { - script = "${pkgs.coreutils}/bin/chown -f -R nginx: /var/spool/nginx /var/cache/nginx"; - - serviceConfig = { - User = "root"; - Type = "oneshot"; - }; - }; - - systemd.timers.fix-nginx = { - wantedBy = [ "multi-user.target" ]; - timerConfig = { - OnCalendar = "minutely"; - }; - }; }; } |