1
0
Fork 0

base.nix: hotfix for nginx on bicep

the matrix-synapse-next module seems to already add some of the nginx
options we set in base.nix, making it fail. These should only be set if
they're not already set by this module
This commit is contained in:
Oystein Kristoffer Tveit 2024-04-11 10:28:36 +02:00
parent db211c2304
commit 3352e48f47
Signed by untrusted user: oysteikt
GPG Key ID: 9F2F7D8250F35146
1 changed files with 6 additions and 6 deletions

View File

@ -101,18 +101,22 @@
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
appendConfig = '' appendConfig = lib.mkIf (!config.services.matrix-synapse-next.enable or false) ''
pcre_jit on; pcre_jit on;
worker_processes auto; worker_processes auto;
worker_rlimit_nofile 100000; worker_rlimit_nofile 100000;
''; '';
eventsConfig = '' eventsConfig = lib.mkIf (!config.services.matrix-synapse-next.enable or false) ''
worker_connections 2048; worker_connections 2048;
use epoll; use epoll;
multi_accept on; multi_accept on;
''; '';
}; };
systemd.services.nginx.serviceConfig = lib.mkIf (!config.services.matrix-synapse-next.enable or false) {
LimitNOFILE = 65536;
};
services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable { services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable {
sslCertificate = "/etc/certs/nginx.crt"; sslCertificate = "/etc/certs/nginx.crt";
sslCertificateKey = "/etc/certs/nginx.key"; sslCertificateKey = "/etc/certs/nginx.key";
@ -120,10 +124,6 @@
extraConfig = "return 444;"; extraConfig = "return 444;";
}; };
systemd.services.nginx.serviceConfig = {
LimitNOFILE = 65536;
};
networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ]; networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ];
security.acme = { security.acme = {