{ pkgs, lib, ... }:
let
access_log_sink = "<server>:<port>";
error_log_sink = "<server>:<port>";
in
{
security.acme.defaults.email = "contact@ingolf-wagner.de";
security.acme.acceptTerms = true;
services.nginx = {
# Use recommended settings
recommendedGzipSettings = lib.mkDefault true;
recommendedOptimisation = lib.mkDefault true;
recommendedProxySettings = lib.mkDefault true;
recommendedTlsSettings = lib.mkDefault true;
# for loki logging
#commonHttpConfig = ''
# log_format logfmt 'timestamp=$time_iso8601 '
# 'facility=nginx '
# 'src_addr=$remote_addr '
# 'body_bytes_sent=$body_bytes_sent '
# 'request_time=$request_time '
# 'response_status=$status '
# 'request="$request" '
# 'request_method="$request_method" '
# 'host="$host" '
# 'upstream_cache_status="$upstream_cache_status" '
# 'upstream_addr="$upstream_addr" '
# 'http_x_forwarded_for="$http_x_forwarded_for" '
# 'http_referrer="$http_referer" '
# 'http_user_agent="$http_user_agent"';
#
# # log to local journald
# access_log syslog:server=unix:/dev/log logfmt;
# '';
# for graylog logging
#commonHttpConfig = ''
# log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
# '"facility": "nginx", '
# '"src_addr": "$remote_addr", '
# '"body_bytes_sent": $body_bytes_sent, '
# '"request_time": $request_time, '
# '"response_status": $status, '
# '"request": "$request", '
# '"request_method": "$request_method", '
# '"host": "$host",'
# '"upstream_cache_status": "$upstream_cache_status",'
# '"upstream_addr": "$upstream_addr",'
# '"http_x_forwarded_for": "$http_x_forwarded_for",'
# '"http_referrer": "$http_referer", '
# '"http_user_agent": "$http_user_agent" }';
# access_log syslog:server=${access_log_sink} graylog2_json;
# error_log syslog:server=${error_log_sink};
#'';
};
services.nginx.package = pkgs.nginxMainline;
}