From 3352e48f4761b812309879cdd69fc5098fb9cb1b Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Thu, 11 Apr 2024 10:28:36 +0200
Subject: [PATCH] base.nix: hotfix for nginx on bicep

the matrix-synapse-next module seems to already add some of the nginx
options we set in base.nix, making it fail. These should only be set if
they're not already set by this module
---
 base.nix | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/base.nix b/base.nix
index 2d769625..d385cda3 100644
--- a/base.nix
+++ b/base.nix
@@ -101,18 +101,22 @@
     recommendedOptimisation = true;
     recommendedGzipSettings = true;
 
-    appendConfig = ''
+    appendConfig = lib.mkIf (!config.services.matrix-synapse-next.enable or false) ''
       pcre_jit on;
       worker_processes auto;
       worker_rlimit_nofile 100000;
     '';
-    eventsConfig = ''
+    eventsConfig = lib.mkIf (!config.services.matrix-synapse-next.enable or false) ''
       worker_connections 2048;
       use epoll;
       multi_accept on;
     '';
   };
 
+  systemd.services.nginx.serviceConfig = lib.mkIf (!config.services.matrix-synapse-next.enable or false) {
+    LimitNOFILE = 65536;
+  };
+
   services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable {
     sslCertificate = "/etc/certs/nginx.crt";
     sslCertificateKey = "/etc/certs/nginx.key";
@@ -120,10 +124,6 @@
     extraConfig = "return 444;";
   };
 
-  systemd.services.nginx.serviceConfig = {
-    LimitNOFILE = 65536;
-  };
-
   networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ];
 
   security.acme = {