free ourselves from the shackles of openresty

modules/services/nginx-conf.nix

@@ -5,26 +5,10 @@ let
   cfg = config.modules.services.nginx-config;
 in {
   options.modules.services.nginx-config = {
-	enable = mkEnableOption "enable and configure nginx, a high performance web server";
-
-    package = mkOption {
-      type = types.package;
-      default = pkgs.openresty;
-    };
-
-    defaultLuaPackagePath = mkOption {
-      type = types.path;
-      default = null;
-    };
+    enable = mkEnableOption "enable and configure nginx, a high performance web server";
   };
 
   config = mkIf cfg.enable {
-    assertions = [
-      { assertion = cfg.defaultLuaPackagePath != null;
-        description = "The defaultLuaPackagePath property *must* be explicitly specified.";
-      }
-    ];
-
     security.acme = {
       acceptTerms = true;
       defaults.email = "reidlab325@gmail.com";
@@ -41,29 +25,7 @@ in {
       recommendedGzipSettings = true;
       recommendedProxySettings = true;
 
-      # TODO: clean this up oh my god like everything here :sob: im vomiting shaking and crying looking at this.
       commonHttpConfig = let
-        # lua
-        lua-resty-template = pkgs.fetchFromGitHub {
-          owner = "bungle";
-          repo = "lua-resty-template";
-          rev = "v2.0";
-          sha256 = "1gpyjq3ms5ib8xiz6k9z97cjifx9zp1dyjkr58b2s034xksy2vb1";      
-        };
-        lua-resty-redis = pkgs.fetchFromGitHub {
-          owner = "openresty";
-          repo = "lua-resty-redis";
-          rev = "v0.29";
-          sha256 = "089ishx4482ybfsv10ig8h3cpsdw6rvgy0w874h1c7m1gk2fd7r9";
-        };
-        lua-resty-websocket = pkgs.fetchFromGitHub {
-          owner = "openresty";
-          repo = "lua-resty-websocket";
-          rev = "v0.10";
-          sha256 = "0zpprfi5qc3066ab7g7nyr18jwlk3n8y0006maj4nlx38rl24vfh";
-        };
-
-        # cloudflare
         realIpsFromList = lib.strings.concatMapStringsSep "\n" (x: "set_real_ip_from  ${x};");
         fileToList = x: lib.strings.splitString "\n" (builtins.readFile x);
         cfipv4 = fileToList (pkgs.fetchurl {
@@ -75,17 +37,15 @@ in {
           sha256 = "1ad09hijignj6zlqvdjxv7rjj8567z357zfavv201b9vx3ikk7cy";
         });
       in ''
-        lua_package_path "${toString cfg.defaultLuaPackagePath}/?.lua;;${lua-resty-template}/lib/?.lua;;${lua-resty-redis}/lib/?.lua;;${lua-resty-websocket}/lib/?.lua;;";
-
         # add hsts header with preloading to https reqeusts
-        # adding this header to http requests is 
+        # adding this header to http requests is discouraged
         map $scheme $hsts_header {
             https   "max-age=31536000; includeSubdomains; preload";
         }
         add_header Strict-Transport-Security $hsts_header;
 
         # Enable CSP for your services.
-        # add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+        #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
 
         # Minimize information leaked to other domains
         add_header 'Referrer-Policy' 'origin-when-cross-origin';