padreug
ef87fc5906
Introduced separate configuration files for Nginx and pict-rs, enabling a streamlined setup for web services. The Nginx configuration includes reverse proxy settings, automatic SSL certificate generation with Let's Encrypt, and fail2ban for security. The pict-rs configuration facilitates image service management with CORS support. Updated the shared configuration to import these new files, improving modularity and maintainability of the NixOS setup.
34 lines
905 B
Nix
34 lines
905 B
Nix
{
|
|
# Enable nginx
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
# Recommended settings for reverse proxy (DISABLED recommendedProxySettings for WebSocket compatibility)
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = false; # DISABLED - was interfering with WebSocket
|
|
recommendedTlsSettings = true;
|
|
};
|
|
|
|
# Enable automatic SSL certificate generation with Let's Encrypt
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
defaults.email = "admin@aiolabs.dev";
|
|
};
|
|
|
|
# Open firewall ports
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
|
|
|
# Optional: Enable fail2ban for additional security
|
|
services.fail2ban = {
|
|
enable = true;
|
|
jails = {
|
|
nginx-http-auth.settings = {
|
|
enabled = true;
|
|
filter = "nginx-http-auth";
|
|
logpath = "/var/log/nginx/error.log";
|
|
backend = "systemd";
|
|
};
|
|
};
|
|
};
|
|
}
|