mirror of
https://github.com/gburd/nix-config.git
synced 2024-11-13 00:16:24 +00:00
f3fd89af54
Many thangs to the hard work and generous availability of: git@github.com:Misterio77/nix-config.git
46 lines
1.2 KiB
Nix
46 lines
1.2 KiB
Nix
{ lib, config, ... }: let
|
|
inherit (config.networking) hostName;
|
|
in
|
|
{
|
|
services = {
|
|
nginx = {
|
|
enable = true;
|
|
recommendedTlsSettings = true;
|
|
recommendedProxySettings = true;
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
clientMaxBodySize = "300m";
|
|
|
|
virtualHosts."${hostName}.m7.rs" = {
|
|
default = true;
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/metrics" = {
|
|
proxyPass = "http://localhost:${toString config.services.prometheus.exporters.nginxlog.port}";
|
|
};
|
|
};
|
|
};
|
|
|
|
prometheus.exporters.nginxlog = {
|
|
enable = true;
|
|
group = "nginx";
|
|
settings.namespaces = [{
|
|
name = "filelogger";
|
|
source.files = [ "/var/log/nginx/access.log" ];
|
|
format = "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\"";
|
|
}];
|
|
};
|
|
|
|
uwsgi = {
|
|
enable = true;
|
|
user = "nginx";
|
|
group = "nginx";
|
|
plugins = [ "cgi" ];
|
|
instance = {
|
|
type = "emperor";
|
|
vassals = lib.mkBefore { };
|
|
};
|
|
};
|
|
};
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
}
|