2022-09-06 14:00:29 +02:00
|
|
|
{ config, pkgs, ... }:
|
|
|
|
{
|
2023-03-01 16:39:41 +01:00
|
|
|
services.nginx = {
|
2023-08-22 15:37:42 +02:00
|
|
|
|
|
|
|
additionalModules = [ pkgs.nginxModules.pam ];
|
2023-03-01 16:39:41 +01:00
|
|
|
enable = true;
|
2023-06-22 00:05:52 +02:00
|
|
|
recommendedProxySettings = true;
|
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
recommendedTlsSettings = true;
|
|
|
|
|
2023-03-01 16:39:41 +01:00
|
|
|
appendHttpConfig = ''
|
|
|
|
map $remote_addr $remote_addr_anon {
|
|
|
|
~(?P<ip>\d+\.\d+\.\d+)\. $ip.0;
|
|
|
|
~(?P<ip>[^:]+:[^:]+): $ip::;
|
|
|
|
# IP addresses to not anonymize
|
|
|
|
127.0.0.1 $remote_addr;
|
|
|
|
::1 $remote_addr;
|
|
|
|
default 0.0.0.0;
|
|
|
|
}
|
|
|
|
log_format anon_ip '$remote_addr_anon - $remote_user [$time_local] "$request" '
|
|
|
|
'$status $body_bytes_sent "$http_referer" '
|
|
|
|
'"$http_user_agent" "$http_x_forwarded_for"';
|
|
|
|
|
|
|
|
access_log /var/log/nginx/access.log anon_ip;
|
|
|
|
'';
|
|
|
|
};
|
2022-09-06 14:00:29 +02:00
|
|
|
security.acme = {
|
|
|
|
acceptTerms = true;
|
|
|
|
defaults = {
|
|
|
|
#server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
|
|
email = "root@ifsr.de";
|
|
|
|
};
|
|
|
|
};
|
2023-08-22 15:37:42 +02:00
|
|
|
security.pam.services.nginx.text = ''
|
|
|
|
auth required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
|
|
|
|
account required ${pkgs.nss_pam_ldapd}/lib/security/pam_ldap.so
|
|
|
|
'';
|
2022-09-06 14:00:29 +02:00
|
|
|
}
|