{ config, lib, pkgs, self, ... }: let acmeEmailAddress = config.pub-solar-os.adminEmail; webserverGroup = "hakkonaut"; in { users.users.nginx.extraGroups = [ webserverGroup ]; services.nginx = { enable = true; enableReload = true; proxyCachePath.cache = { enable = true; }; recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; resolver.addresses = [ # quad9.net "9.9.9.9" "149.112.112.112" "[2620:fe::fe]" "[2620:fe::9]" ]; appendHttpConfig = '' # https://my.f5.com/manage/s/article/K51798430 proxy_headers_hash_bucket_size 128; ''; appendConfig = '' # Number of CPU cores worker_processes 8; ''; eventsConfig = '' worker_connections 1024; ''; }; security.acme = { acceptTerms = true; defaults.email = acmeEmailAddress; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; }