Update a lot of options, simplify variables, replace options with tags

modules/system/services/server/nginx/acme/default.nix

@@ -3,7 +3,7 @@
   config = lib.mkIf config.services.nginx.enable {
     security.acme = { 
       acceptTerms = true;
-      defaults.email = "contact@nixfox.ca";
+      defaults.email = "contact@${config.vars.mainDomain}";
     };
     environment.persistence."/persist".directories = [ "/var/lib/acme" ];
   };

modules/system/services/server/nginx/default.nix

@@ -2,23 +2,21 @@
 {
   imports = [
     ./acme
-    ./hosts
-    ./rtmp
     ./user
   ];
 
-  options.services.webserver.enable = lib.mkEnableOption "Nginx webpages";
-
   config = lib.mkIf config.services.nginx.enable {
     services.nginx = {
-      recommendedTlsSettings = true;
-      recommendedOptimisation = true;
+      recommendedBrotliSettings = true;
       recommendedGzipSettings = true;
+      recommendedOptimisation = true;
       recommendedProxySettings = true;
+      recommendedTlsSettings = true;
     };
     networking.firewall.allowedTCPPorts = [
-      80
-      443
+      config.services.nginx.defaultHTTPListenPort
+      config.services.nginx.defaultSSLListenPort
     ];
+    environment.persistence."/persist".directories = [ "/var/www" ];
   };
 }

modules/system/services/server/nginx/hosts/default.nix

@@ -1,9 +0,0 @@
-{ config, lib, ... }:
-{
-  imports = [
-    ./files
-    ./nixfox
-  ];
-
-  environment.persistence."/persist".directories = lib.mkIf config.services.webserver.enable [ "/var/www" ];
-}

modules/system/services/server/nginx/hosts/files/default.nix

@@ -1,8 +0,0 @@
-{ config, lib, ... }:
-{
-  services.nginx.virtualHosts."jimbosfiles.com" = lib.mkIf config.services.webserver.enable {
-    enableACME = true;
-    addSSL = true;
-    globalRedirect = "www.nixfox.ca";
-  };
-}

modules/system/services/server/nginx/hosts/nixfox/default.nix

@@ -1,29 +0,0 @@
-{ config, lib, ... }:
-{
-  services.nginx.virtualHosts = lib.mkIf config.services.webserver.enable {
-    "www.nixfox.ca" = {
-      enableACME = true;
-      addSSL = true;
-      default = true;
-      root = "/var/www/landing-page";
-    };
-    "nixfox.ca" = {
-      enableACME = true;
-      addSSL = true;
-      globalRedirect = "www.nixfox.ca";
-      locations = {
-        "/.well-known/matrix/client".extraConfig = ''
-          default_type application/json;
-          return 200 '{
-            "m.homeserver": { "base_url": "https://matrix.nixfox.ca" },
-            "m.identity_server": { "base_url": "https://matrix.org" }
-          }';
-        '';
-        "/.well-known/matrix/server".extraConfig = ''
-          default_type application/json;
-          return 200 '{ "m.server": "matrix.nixfox.ca:443" }';
-        '';
-      };
-    };
-  };
-}

modules/system/services/server/nginx/rtmp/default.nix

@@ -1,34 +0,0 @@
-{ config, lib, pkgs, nodes, ... }:
-{
-  config = lib.mkIf config.services.webserver.enable {
-    services.nginx = {
-      additionalModules = with pkgs.nginxModules; [ rtmp ];
-      appendConfig = ''
-        rtmp {
-          server {
-            listen 1935;
-            chunk_size 4096;
-            allow publish all;
-            application stream {
-              record off;
-              live on;
-              allow play all;
-              hls on;
-              hls_path /var/www/landing-page/streams/hls/;
-              hls_fragment_naming system;
-              hls_fragment 3;
-              hls_playlist_length 40;
-            }
-          }
-        }
-      '';
-    };
-    networking.firewall.extraInputRules = let
-      targetHosts = lib.attrValues (lib.mapAttrs (_: node: node.config.deployment.targetHost) nodes);
-    in ''
-      ip6 saddr { ${lib.concatStringsSep ", " targetHosts} } tcp dport 1935 accept
-      ip saddr { ${config.secrets.ips.luna}, ${config.secrets.ips.corn} } tcp dport 1935 accept
-    '';
-    systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
-  };
-}