nix-config/config/default.nix

{ config, lib, ... }:

# this file contains default configuration that may be turned on depending on other config settings.
# options should go to modules.

lib.mkMerge [
  {
    assertions = [{
      assertion = config.users.users.root.password == null;
      message = "Root passwords not allowed in HQ";
    }];
  }

  (lib.mkIf config.services.nginx.enable {
    services.nginx = {
      openFirewall = true;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
    };
  })
]
Handle nginx open firewall by nixos-modules 2022-12-20 04:31:37 +01:00			`{ config, lib, ... }:`

			`# this file contains default configuration that may be turned on depending on other config settings.`
			`# options should go to modules.`

Drop c3d2.isInHq 2022-12-21 19:43:47 +01:00			`lib.mkMerge [`
			`{`
			`assertions = [{`
			`assertion = config.users.users.root.password == null;`
			`message = "Root passwords not allowed in HQ";`
			`}];`
			`}`

			`(lib.mkIf config.services.nginx.enable {`
			`services.nginx = {`
			`openFirewall = true;`
			`recommendedGzipSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedProxySettings = true;`
			`recommendedTlsSettings = true;`
			`};`
			`})`
			`]`