nginx: refactor to apply settings across all nodes

common/nginx.nix

@@ -2,8 +2,6 @@
 
 {
   services.nginx = {
-    enable = true;
-
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     recommendedProxySettings = true;
@@ -28,6 +26,4 @@
     acceptTerms = true;
     defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email
   };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }

hive.nix

@@ -24,6 +24,7 @@ in {
       (import "${sources.home-manager}/nixos")
       (import "${sources.agenix}/modules/age.nix")
       ./pinning.nix
+      ./common/nginx.nix
       ./common/ssh.nix
       ./common/sudo.nix
       ./common/utilities.nix

hosts/yevaud/forgejo.nix

@@ -1,14 +1,13 @@
 { config, lib, pkgs, ... }:
 
 {
-  imports = [
-    ../../common/nginx.nix
-  ];
-
   # TODO: email out
   # TODO: interface customisation
 
-  services.nginx.virtualHosts = {
+  services = {
+    nginx = {
+      enable = true;
+      virtualHosts = {
         "git.qenya.tel" = {
           forceSSL = true;
           enableACME = true;
@@ -20,8 +19,9 @@
           locations."/".return = "301 https://git.qenya.tel$request_uri";
         };
       };
+    };
 
-  services.forgejo = {
+    forgejo = {
       enable = true;
       stateDir = "/data/forgejo";
       settings = {
@@ -43,4 +43,7 @@
         service.DISABLE_REGISTRATION = true;
       };
     };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }