nginx: refactor to apply settings across all nodes

2024-07-09 22:00:09 +01:00 · 2024-07-09 22:00:09 +01:00 · 0d0b3e2d2d
parent 39c1bc664c
commit 0d0b3e2d2d
3 changed files with 39 additions and 39 deletions
--- a/common/nginx.nix
+++ b/common/nginx.nix
@ -2,8 +2,6 @@

 {
  services.nginx = {
-    enable = true;
-
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
@ -28,6 +26,4 @@
    acceptTerms = true;
    defaults.email = "accounts@katherina.rocks"; # TODO: replace with more appropriate email
  };
-
-  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }
--- a/hive.nix
+++ b/hive.nix
@ -24,6 +24,7 @@ in {
      (import "${sources.home-manager}/nixos")
      (import "${sources.agenix}/modules/age.nix")
      ./pinning.nix
+      ./common/nginx.nix
      ./common/ssh.nix
      ./common/sudo.nix
      ./common/utilities.nix
--- a/hosts/yevaud/forgejo.nix
+++ b/hosts/yevaud/forgejo.nix
@ -1,46 +1,49 @@
 { config, lib, pkgs, ... }:

 {
-  imports = [
-    ../../common/nginx.nix
-  ];
-
  # TODO: email out
  # TODO: interface customisation

-  services.nginx.virtualHosts = {
-    "git.qenya.tel" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".proxyPass = "http://[::1]:3000/";
+  services = {
+    nginx = {
+      enable = true;
+      virtualHosts = {
+        "git.qenya.tel" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/".proxyPass = "http://[::1]:3000/";
+        };
+        "git.katherina.rocks" = {
+          forceSSL = true;
+          enableACME = true;
+          locations."/".return = "301 https://git.qenya.tel$request_uri";
+        };
+      };
    };
-    "git.katherina.rocks" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/".return = "301 https://git.qenya.tel$request_uri";
+
+    forgejo = {
+      enable = true;
+      stateDir = "/data/forgejo";
+      settings = {
+        DEFAULT.APP_NAME = "git.qenya.tel";
+        cache = {
+          ADAPTER = "twoqueue";
+          HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
+        };
+        database = {
+          DB_TYPE = "sqlite3";
+          SQLITE_JOURNAL_MODE = "WAL";
+        };
+        security.LOGIN_REMEMBER_DAYS = 365;
+        server = {
+          DOMAIN = "git.qenya.tel";
+          HTTP_PORT = 3000;
+          ROOT_URL = "https://git.qenya.tel/";
+        };
+        service.DISABLE_REGISTRATION = true;
+      };
    };
  };

-  services.forgejo = {
-    enable = true;
-    stateDir = "/data/forgejo";
-    settings = {
-      DEFAULT.APP_NAME = "git.qenya.tel";
-      cache = {
-        ADAPTER = "twoqueue";
-        HOST = ''{"size": 100, "recent_ratio": 0.25, "ghost_ratio": 0.5}'';
-      };
-      database = {
-        DB_TYPE = "sqlite3";
-        SQLITE_JOURNAL_MODE = "WAL";
-      };
-      security.LOGIN_REMEMBER_DAYS = 365;
-      server = {
-        DOMAIN = "git.qenya.tel";
-        HTTP_PORT = 3000;
-        ROOT_URL = "https://git.qenya.tel/";
-      };
-      service.DISABLE_REGISTRATION = true;
-    };
-  };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 }