46 lines
853 B
Nix
46 lines
853 B
Nix
{ config, values, ... }:
|
|
{
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "danio@pvv.ntnu.no";
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
enableReload = true;
|
|
|
|
defaultListenAddresses = [
|
|
values.hosts.bicep.ipv4
|
|
"[${values.hosts.bicep.ipv6}]"
|
|
|
|
"127.0.0.1"
|
|
"127.0.0.2"
|
|
"[::1]"
|
|
];
|
|
|
|
appendConfig = ''
|
|
pcre_jit on;
|
|
worker_processes 8;
|
|
worker_rlimit_nofile 8192;
|
|
'';
|
|
|
|
eventsConfig = ''
|
|
multi_accept on;
|
|
worker_connections 4096;
|
|
'';
|
|
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedBrotliSettings = true;
|
|
recommendedOptimisation = true;
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
systemd.services.nginx.serviceConfig = {
|
|
LimitNOFILE = 65536;
|
|
};
|
|
}
|