-
Notifications
You must be signed in to change notification settings - Fork 0
/
nginx.nix
33 lines (33 loc) · 868 Bytes
/
nginx.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{ config, pkgs, ...}:
{
/* Fuck the NSA, we use our own DH param, and it's 2048 bits */
deployment.keys."dhparam.pem" = {
user = "nginx";
group = "nginx";
text = builtins.readFile ../../keys/dhparam.pem;
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
sslDhparam = "/run/keys/dhparam.pem";
virtualHosts = {
"arianvp.me" = {
enableACME = true;
forceSSL = true;
locations."/" = {
root = "/var/www/arianvp.me";
index = "index.html";
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
'';
};
};
};
appendHttpConfig = ''
access_log stderr;
'';
};
}