cloud/modules/nginx/default.nix

{
  config,
  lib,
  pkgs,
  self,
  ...
}:
{
  options.momo-cloud.nginx =
    let
      inherit (lib) mkOption mkEnableOption types;
    in
    {
      enable = mkEnableOption ''
        Enable the momo cloud http server, currently nginx, with default config
      '';
      workerProcesses = mkOption {
        description = "Amount of worker processes";
        type = types.number;
        default = 4;
      };
      workerConnections = mkOption {
        description = "Amount of worker connections";
        type = types.number;
        default = 1024;
      };
    };

  config = lib.mkIf config.momo-cloud.nginx.enable {
    networking.firewall.allowedTCPPorts = [
      80
      443
    ];

    services.nginx = {
      enable = true;
      enableReload = true;
      proxyCachePath.cache = {
        enable = true;
      };
      resolver.addresses = [
        "193.110.81.0" # dns0.eu
        "185.253.5.0" # dns0.eu
        "[2a0f:fc80::]" # dns0.eu
        "[2a0f:fc81::]" # dns0.eu
        "9.9.9.9" # dns.quad9.net
        "149.112.112.112" # dns.quad9.net
        "[2620:fe::fe]" # dns.quad9.net
        "[2620:fe::9]" # dns.quad9.net
      ];
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      appendHttpConfig = ''
        # https://my.f5.com/manage/s/article/K51798430
        proxy_headers_hash_bucket_size 128;
      '';
      appendConfig = ''
        # Number of CPU cores
        worker_processes ${toString config.momo-cloud.nginx.workerProcesses};
      '';
      eventsConfig = ''
        worker_connections ${toString config.momo-cloud.nginx.workerConnections};
      '';
    };
  };
}