nixcfg/modules/nixos/services/nginx-base/default.nix

{
  config,
  lib,
  ...
}:
with lib;
with lib.metacfg;
let
  cfg = config.metacfg.services.nginxBase;
in
{
  options.metacfg.services.nginxBase = with types; {
    enable = mkBoolOpt false "Whether or not to enable nginx with common settings.";
    clientMaxBodySize = mkOption {
      type = types.str;
      default = "1000M";
      description = "Maximum allowed size of the client request body.";
    };
    enableAcmeGroup = mkBoolOpt true "Add nginx user to acme group.";
    enableVcombinedLog = mkBoolOpt true "Enable vcombined log format.";
  };

  config = mkIf cfg.enable {
    users.users.nginx.extraGroups = mkIf cfg.enableAcmeGroup [ "acme" ];

    services.nginx = {
      enable = true;
      inherit (cfg) clientMaxBodySize;
      recommendedGzipSettings = true;
      recommendedOptimisation = true;
      recommendedProxySettings = true;
      recommendedTlsSettings = true;
      appendHttpConfig = mkIf cfg.enableVcombinedLog ''
        log_format vcombined '$host:$server_port '
                '$remote_addr - $remote_user [$time_local] '
                '"$request" $status $body_bytes_sent '
                '"$http_referer" "$http_user_agent"';
        access_log /var/log/nginx/access.log vcombined;
      '';
    };
  };
}