huge restructure of modules

author: aethrvmn <me@aethrvmn.gr> 2025-11-30 21:59:43 +0000
committer: aethrvmn <me@aethrvmn.gr> 2025-11-30 21:59:43 +0000
commit: 893ea11e1dc05fe1a2a34e66d4ebcfdffda34720 (patch)
tree: ef454e299f49cbb58e1b9fbafd0b759b4379ac2a /modules/nginx
parent: added .lock to ignorelist (diff)
1 files changed, 40 insertions, 0 deletions
diff --git a/modules/nginx/default.nix b/modules/nginx/default.nix
new file mode 100644
index 0000000..151a934
--- /dev/null
+++ b/modules/nginx/default.nix
@@ -0,0 +1,40 @@
+{
+	services = {
+		nginx = {
+			enable = true;
+	    recommendedGzipSettings = true;
+	    recommendedOptimisation = true;
+	    recommendedProxySettings = true;
+		};
+
+		sshguard.enable = true;
+
+		openssh = {
+		  enable  = false;
+		  settings = {
+		    PermitRootLogin = false;
+		    PasswordAuthentication = false;
+		    AllowTcpForwarding = false;
+		    X11Forwarding = false;
+		  };
+		};
+	};
+
+	networking = {
+		firewall.allowedTCPPorts = [ 80 ];
+
+		hosts = {
+		  "127.0.0.1" = [
+		  	"library.internal"
+		  	"media.internal"
+		  	"photos.internal"
+		  	"chat.internal"
+		  	"ollama.internal"
+		  	"code.internal"
+		  	"forge.internal"
+		  	"search.internal"
+		  	"monitor.internal"
+		  ];
+		};
+	};
+}
author	aethrvmn <me@aethrvmn.gr>	2025-11-30 21:59:43 +0000
committer	aethrvmn <me@aethrvmn.gr>	2025-11-30 21:59:43 +0000
commit	893ea11e1dc05fe1a2a34e66d4ebcfdffda34720 (patch)
tree	ef454e299f49cbb58e1b9fbafd0b759b4379ac2a /modules/nginx
parent	added .lock to ignorelist (diff)