nixos-conf/modules/services/utils/nginx-https-server.nix

{ config, lib, ... }:
let
  cfg = config.custom.services.nginxHttpsServer;
in
{
  options = {
    custom.services.nginxHttpsServer.enable = lib.mkEnableOption "default nginx HTTPS server configuration";

    services.nginx.virtualHosts = lib.mkOption {
      type = lib.types.attrsOf (
        lib.types.submodule {
          config = lib.mkIf cfg.enable (
            lib.mkDefault {
              forceSSL = true;
              kTLS = true;
            }
          );
        }
      );
    };
  };

  config = lib.mkIf cfg.enable {
    networking.firewall.allowedTCPPorts = [ 443 ];

    services.nginx = {
      enable = true;
      recommendedOptimisation = true;
      recommendedTlsSettings = true;
      recommendedProxySettings = true;
    };
  };
}
Massive refactoring into module-based approach 2025-07-06 01:16:28 +03:00			`{ config, lib, ... }:`
			`let`
Add hierarchy to custom options 2025-07-06 03:22:09 +03:00			`cfg = config.custom.services.nginxHttpsServer;`
Massive refactoring into module-based approach 2025-07-06 01:16:28 +03:00			`in`
			`{`
			`options = {`
Use lib.mkEnableOption where possible 2025-07-25 13:12:41 +03:00			`custom.services.nginxHttpsServer.enable = lib.mkEnableOption "default nginx HTTPS server configuration";`
Massive refactoring into module-based approach 2025-07-06 01:16:28 +03:00
			`services.nginx.virtualHosts = lib.mkOption {`
			`type = lib.types.attrsOf (`
			`lib.types.submodule {`
			`config = lib.mkIf cfg.enable (`
			`lib.mkDefault {`
			`forceSSL = true;`
			`kTLS = true;`
			`}`
			`);`
			`}`
			`);`
			`};`
			`};`

			`config = lib.mkIf cfg.enable {`
			`networking.firewall.allowedTCPPorts = [ 443 ];`

			`services.nginx = {`
			`enable = true;`
			`recommendedOptimisation = true;`
			`recommendedTlsSettings = true;`
			`recommendedProxySettings = true;`
			`};`
			`};`
			`}`