From 5e5a84b193f66427d215fd1af2b2fd2400a5c84c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Tue, 31 Jan 2023 22:25:27 +0100 Subject: [PATCH 1/2] nixos/nginx: add recommendedZstdSettings --- .../services/web-servers/nginx/default.nix | 23 +++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index bc5b4be51098..89fecc938cad 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -186,8 +186,8 @@ let brotli_types ${lib.concatStringsSep " " compressMimeTypes}; ''} - # https://docs.nginx.com/nginx/admin-guide/web-server/compression/ ${optionalString cfg.recommendedGzipSettings '' + # https://docs.nginx.com/nginx/admin-guide/web-server/compression/ gzip on; gzip_static on; gzip_vary on; @@ -197,6 +197,14 @@ let gzip_types ${lib.concatStringsSep " " compressMimeTypes}; ''} + ${optionalString cfg.recommendedZstdSettings '' + zstd on; + zstd_comp_level 9; + zstd_min_length 256; + zstd_static on; + zstd_types ${lib.concatStringsSep " " compressMimeTypes}; + ''} + ${optionalString cfg.recommendedProxySettings '' proxy_redirect off; proxy_connect_timeout ${cfg.proxyTimeout}; @@ -492,6 +500,16 @@ in ''; }; + recommendedZstdSettings = mkOption { + default = false; + type = types.bool; + description = lib.mdDoc '' + Enable recommended zstd settings. Learn more about compression in Zstd format [here](https://github.com/tokers/zstd-nginx-module). + + This adds `pkgs.nginxModules.zstd` to `services.nginx.additionalModules`. + ''; + }; + proxyTimeout = mkOption { type = types.str; default = "60s"; @@ -1005,7 +1023,8 @@ in groups = config.users.groups; }) dependentCertNames; - services.nginx.additionalModules = optional cfg.recommendedBrotliSettings pkgs.nginxModules.brotli; + services.nginx.additionalModules = optional cfg.recommendedBrotliSettings pkgs.nginxModules.brotli + ++ lib.optional cfg.recommendedZstdSettings pkgs.nginxModules.zstd; systemd.services.nginx = { description = "Nginx Web Server"; From e31461fff1d71e13ed5749b810dd5bac28fbf9d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Tue, 31 Jan 2023 22:25:36 +0100 Subject: [PATCH 2/2] nginx.modules.zstd: init --- pkgs/servers/http/nginx/modules.nix | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/pkgs/servers/http/nginx/modules.nix b/pkgs/servers/http/nginx/modules.nix index d09c98ef2a20..0bbc654309a0 100644 --- a/pkgs/servers/http/nginx/modules.nix +++ b/pkgs/servers/http/nginx/modules.nix @@ -29,6 +29,7 @@ , which , yajl , zlib +, zstd }: let @@ -666,6 +667,19 @@ let self = { sha256 = "sha256-x4ry5ljPeJQY+7Mp04/xYIGf22d6Nee7CSqHezdK4gQ="; }; }; + + zstd = { + name = "zstd"; + src = fetchFromGitHub { + name = "zstd"; + owner = "tokers"; + repo = "zstd-nginx-module"; + rev = "25d88c262be47462cf90015ee7ebf6317b6848f9"; + sha256 = "sha256-YRluKekhx1tb6e5IL1FPK05jPtzfQPaHI47cdada928="; + }; + + inputs = [ zstd ]; + }; }; in self // lib.optionalAttrs config.allowAliases { # deprecated or renamed packages modsecurity-nginx = self.modsecurity;