Massive refactoring into module-based approach

2025-07-06 01:16:28 +03:00 · 2025-07-06 01:16:28 +03:00 · 9652d7c330
commit 9652d7c330
parent 8d5c9be5b6
118 changed files with 2586 additions and 2159 deletions
--- a/modules/services/utils/nginx-https-server.nix
+++ b/modules/services/utils/nginx-https-server.nix
@ -0,0 +1,36 @@
+{ config, lib, ... }:
+let
+  cfg = config.custom.nginxHttpsServer;
+in
+{
+  options = {
+    custom.nginxHttpsServer.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+    };
+
+    services.nginx.virtualHosts = lib.mkOption {
+      type = lib.types.attrsOf (
+        lib.types.submodule {
+          config = lib.mkIf cfg.enable (
+            lib.mkDefault {
+              forceSSL = true;
+              kTLS = true;
+            }
+          );
+        }
+      );
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ 443 ];
+
+    services.nginx = {
+      enable = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;
+      recommendedProxySettings = true;
+    };
+  };
+}