From 8f2c34bc57f965ac60017b53eaae463de08b2e93 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Fri, 5 May 2023 23:43:40 +0200 Subject: [PATCH] enhance wireguard and nginx settings --- hosts/falkenstein-1/modules/nginx/default.nix | 11 +++++++++-- hosts/nuc/modules/nginx/default.nix | 11 +++++++++-- hosts/thinkpad/modules/networks/default.nix | 3 +++ 3 files changed, 21 insertions(+), 4 deletions(-) diff --git a/hosts/falkenstein-1/modules/nginx/default.nix b/hosts/falkenstein-1/modules/nginx/default.nix index 8c74006..ed95187 100644 --- a/hosts/falkenstein-1/modules/nginx/default.nix +++ b/hosts/falkenstein-1/modules/nginx/default.nix @@ -1,7 +1,14 @@ -{ config, ... }: +{ ... }: { networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.nginx.enable = true; + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + recommendedGzipSettings = true; + recommendedZstdSettings = true; + recommendedOptimisation = true; + }; security.acme = { acceptTerms = true; defaults = { diff --git a/hosts/nuc/modules/nginx/default.nix b/hosts/nuc/modules/nginx/default.nix index 8c74006..ed95187 100644 --- a/hosts/nuc/modules/nginx/default.nix +++ b/hosts/nuc/modules/nginx/default.nix @@ -1,7 +1,14 @@ -{ config, ... }: +{ ... }: { networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.nginx.enable = true; + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + recommendedGzipSettings = true; + recommendedZstdSettings = true; + recommendedOptimisation = true; + }; security.acme = { acceptTerms = true; defaults = { diff --git a/hosts/thinkpad/modules/networks/default.nix b/hosts/thinkpad/modules/networks/default.nix index 6018281..c14ef68 100644 --- a/hosts/thinkpad/modules/networks/default.nix +++ b/hosts/thinkpad/modules/networks/default.nix @@ -107,6 +107,9 @@ }; networks."30-dorm" = { matchConfig.Name = "dorm"; + networkConfig = { + DNS = "192.168.10.1"; + }; addresses = [ { addressConfig = {