Hi all,
I have a nginx module where I want to write a sample index.html
to the www
user public dir (i.e. "${config.users.users.www.home}/public
, aka /var/lib/www/public
)
How can I do that? Right now I use writeTextDir "index.html"
which writes index.html
to the nix store. Is thre a reason why I would want to keep using writeTextDir
and pointing root
to the nix store instead of /var/lib/www/public
How can I test modules? I do nixos-rebuild build-vm --flake .#machine
, but is it possible to get just the result of the module?
The nginx module
{ config, pkgs, ... }:
let
domain = "xx.xx.xx.xx";
# https://nixos.org/manual/nixpkgs/stable/#trivial-builder-writeText
nginxWebRoot = pkgs.writeTextDir "index.html" ''
<html><body><h1>Hello from NGINX</h1></body></html>
'';
in
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
virtualHosts = {
${domain} = {
root = "${nginxWebRoot}";
# root = "${config.users.users.www.home}/public";
locations."= /" = {
};
};
};
};
users.users.www = {
description = "Owns the web root for www";
isSystemUser = true;
home = "/var/lib/www";
createHome = true;
homeMode = "755";
group = "www";
useDefaultShell = true;
openssh.authorizedKeys.keys = [ ];
};
users.groups.www = { };
}
}
FWIW, here’s the full module
{ config, lib, pkgs, ... }:
with lib;
let
domain = "xx.xx.xx.xx";
# https://nixos.org/manual/nixpkgs/stable/#trivial-builder-writeText
nginxWebRoot = pkgs.writeTextDir "index.html" ''
<html><body><h1>Hello from NGINX</h1></body></html>
'';
cfg = config.modules.services.nginx;
in {
options.modules.services.nginx = {
enableCloudflareSupport = mkOption {
type = types.bool;
default = false;
};
};
config = mkMerge [
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedOptimisation = true;
recommendedBrotliSettings = true;
recommendedGzipSettings = true;
recommendedZstdSettings = true;
recommendedProxySettings = true;
# Reduce the permitted size of client requests, to reduce the likelihood
# of buffer overflow attacks. This can be tweaked on a per-vhost basis,
# as needed.
clientMaxBodySize = "256k"; # default 10m
# Significantly speed up regex matchers
appendConfig = "pcre_jit on;";
commonHttpConfig = ''
client_body_buffer_size 4k; # default: 8k
large_client_header_buffers 2 4k; # default: 4 8k
map $sent_http_content_type $expires {
default off;
text/html 10m;
text/css max;
application/javascript max;
application/pdf max;
~image/ max;
}
log_format main '$remote_addr - $remote_user [$time_iso8601] '
'"$host" "$request" $status $body_bytes_sent $request_time '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log main;
'';
virtualHosts = {
${domain} = {
root = "${nginxWebRoot}";
# root = "${config.users.users.www.home}/public";
locations."= /" = {
};
locations."/transmission" = {
proxyPass = "http://127.0.0.1:9091/transmission";
proxyWebsockets = true;
extraConfig = ''
deny all;
'';
};
};
};
};
users.users.www = {
description = "Owns the web root for www";
isSystemUser = true;
home = "/var/lib/www";
createHome = true;
homeMode = "755";
group = "www";
useDefaultShell = true;
openssh.authorizedKeys.keys = [ ];
};
users.groups.www = { };
}
(lib.mkIf cfg.enableCloudflareSupport {
services.nginx.commonHttpConfig = ''
${concatMapStrings (ip: ''
set_real_ip_from ${ip};
'') (filter (line: line != "") (splitString "\n" ''
${readFile (fetchurl "https://www.cloudflare.com/ips-v4/")}
${readFile (fetchurl "https://www.cloudflare.com/ips-v6/")}
''))}
real_ip_header CF-Connecting-IP;
'';
})
];
}