nathan/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
40d3d89aa2960813eafa2c5ed74f0f58b53f2a2a
Olympus/modules/features/nginx.nix
Nathan 5f7c219838 improve security
2026-05-13 09:58:58 -05:00

83 lines
2.5 KiB
Nix
Raw Blame History

{ ... }: {
flake.nixosModules.nginx = { config, lib, ... }: {
config = {
environment.etc."nginx/nginx.conf".text = ''
events {
}
http {
server {
root /var/www/data;
}
}
'';
virtualisation.oci-containers.containers.nginx = {
image = "nginx:latest";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "esotericbytes.com";
networks = [
"docker-main"
];
volumes = [
"/ssd1/esotericbytes-com/data:/var/www/data"
"/etc/nginx/nginx.conf:/etc/nginx/nginx.conf"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.homepage.entrypoints" = "websecure,localsecure";
"traefik.http.routers.homepage.rule" = "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)";
"traefik.http.routers.homepage.service" = "homepage";
"traefik.http.routers.homepage.tls.certResolver" = "cloudflare";
#"traefik.http.routers.homepage.middlewares" = "authentik@docker";
"traefik.http.services.homepage.loadbalancer.server.port" = "80";
};
extraOptions = lib.mkMerge [
[ "--ip=192.168.101.28" ]
];
environment = {
};
};
systemd.services."docker-nginx" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
];
requires = [
"docker-network-setup.service"
];
partOf = [
"docker-compose-nginx-root.target"
];
wantedBy = [
"docker-compose-nginx-root.target"
];
};
systemd.targets."docker-compose-nginx-root" = {
wantedBy = [ "multi-user.target" ];
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink