34 lines
692 B
Nix
34 lines
692 B
Nix
{ config, pkgs, ... }:
|
|
|
|
{
|
|
environment.systemPackages = with pkgs; [
|
|
imagemagick
|
|
ghostscript
|
|
wkhtmltopdf
|
|
];
|
|
|
|
systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
|
|
|
|
systemd.services.nginx_setup = {
|
|
wantedBy = [ "multi-user.target" ];
|
|
before = [ "nginx.service" ];
|
|
script = ''
|
|
mkdir -p /var/www
|
|
chown nginx:nginx /var/www
|
|
chmod 755 /var/www
|
|
'';
|
|
serviceConfig.Type = "oneshot";
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
recommendedOptimisation = true;
|
|
recommendedProxySettings = true;
|
|
recommendedTlsSettings = true;
|
|
|
|
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
|
|
};
|
|
}
|