base.nix: hotfix for nginx on bicep
the matrix-synapse-next module seems to already add some of the nginx options we set in base.nix, making it fail. These should only be set if they're not already set by this module
This commit is contained in:
parent
db211c2304
commit
3352e48f47
12
base.nix
12
base.nix
|
@ -101,18 +101,22 @@
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
recommendedGzipSettings = true;
|
recommendedGzipSettings = true;
|
||||||
|
|
||||||
appendConfig = ''
|
appendConfig = lib.mkIf (!config.services.matrix-synapse-next.enable or false) ''
|
||||||
pcre_jit on;
|
pcre_jit on;
|
||||||
worker_processes auto;
|
worker_processes auto;
|
||||||
worker_rlimit_nofile 100000;
|
worker_rlimit_nofile 100000;
|
||||||
'';
|
'';
|
||||||
eventsConfig = ''
|
eventsConfig = lib.mkIf (!config.services.matrix-synapse-next.enable or false) ''
|
||||||
worker_connections 2048;
|
worker_connections 2048;
|
||||||
use epoll;
|
use epoll;
|
||||||
multi_accept on;
|
multi_accept on;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
systemd.services.nginx.serviceConfig = lib.mkIf (!config.services.matrix-synapse-next.enable or false) {
|
||||||
|
LimitNOFILE = 65536;
|
||||||
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable {
|
services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable {
|
||||||
sslCertificate = "/etc/certs/nginx.crt";
|
sslCertificate = "/etc/certs/nginx.crt";
|
||||||
sslCertificateKey = "/etc/certs/nginx.key";
|
sslCertificateKey = "/etc/certs/nginx.key";
|
||||||
|
@ -120,10 +124,6 @@
|
||||||
extraConfig = "return 444;";
|
extraConfig = "return 444;";
|
||||||
};
|
};
|
||||||
|
|
||||||
systemd.services.nginx.serviceConfig = {
|
|
||||||
LimitNOFILE = 65536;
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ];
|
networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ 80 443 ];
|
||||||
|
|
||||||
security.acme = {
|
security.acme = {
|
||||||
|
|
Loading…
Reference in New Issue