forgejo: remove unnecessary config, this is set in nxinx/module.nix

nginx/module.nix: init
2025-04-06 23:00:37 +02:00 · 2025-04-06 23:00:37 +02:00
2 changed files with 34 additions and 2 deletions
--- a/modules/services/forgejo/module.nix
+++ b/modules/services/forgejo/module.nix
@ -19,6 +19,7 @@ in {
  config = mkIf cfg.enable {
    modules.system.services = {
      database.postgresql.enable = true;
+      nginx.enable = true;
    };

    networking.firewall.allowedTCPPorts = [
@ -51,8 +52,6 @@ in {
    security.acme = let
      email = "charlie@charlieroot.dev";
    in {
-      acceptTerms = true;
-      defaults.email = email;
      # testing server, do not use in production, but DO use it for setting things up.
      # it has much higher rate limits.
      # defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
--- a/modules/services/nginx/module.nix
+++ b/modules/services/nginx/module.nix
@ -0,0 +1,33 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault;
+  inherit (lib.options) mkEnableOption;
+  cfg = config.modules.system.services.nginx;
+in {
+  options.modules.system.services.nginx.enable = mkEnableOption "nginx";
+  config = mkIf cfg.enable {
+    security = {
+      acme = {
+        acceptTerms = true;
+        defaults.email = "charlie@charlieroot.dev";
+      };
+    };
+    services.nginx = {
+      package = pkgs.nginxQuic;
+      statusPage = true;
+
+      recommendedTlsSettings = true;
+      recommendedBrotliSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+      recommendedZstdSettings = true;
+
+      clientMaxBodySize = mkDefault "512m";
+    };
+  };
+}
Author	SHA1	Message	Date
Charlie Root	5e51fdb596	forgejo: remove unnecessary config, this is set in nxinx/module.nix	2025-04-06 23:00:37 +02:00
Charlie Root	982125fd1d	nginx/module.nix: init	2025-04-06 23:00:37 +02:00