From 5dd5ad74eb722a9aef5c39fd6f3ede7e64d1be1a Mon Sep 17 00:00:00 2001
From: Charlie Root <charlie@charlieroot.dev>
Date: Sun, 6 Apr 2025 22:59:18 +0200
Subject: [PATCH] nginx/module.nix: init

---
 modules/services/nginx/module.nix | 33 +++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 modules/services/nginx/module.nix

diff --git a/modules/services/nginx/module.nix b/modules/services/nginx/module.nix
new file mode 100644
index 0000000..71fdd49
--- /dev/null
+++ b/modules/services/nginx/module.nix
@@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault;
+  inherit (lib.options) mkEnableOption;
+  cfg = config.modules.system.services.nginx;
+in {
+  options.modules.system.services.nginx.enable = mkEnableOption "nginx";
+  config = mkIf cfg.enable {
+    security = {
+      acme = {
+        acceptTerms = true;
+        defaults.email = "charlie@charlieroot.dev";
+      };
+    };
+    services.ngingx = {
+      package = pkgs.nginxQuic;
+      statusPage = true;
+
+      recommendedTlsSettings = true;
+      recommendedBrotliSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+      recommendedZstdSettings = true;
+
+      clientMaxBodySize = mkDefault "512m";
+    };
+  };
+}