{inputs, ...}: { flake.nixngConfigurations.ingressBlowhole = inputs.nixng.nglib.makeSystem { system = "x86_64-linux"; name = "ingress-blowhole"; nixpkgs = inputs.nixpkgs-stable; config = { pkgs, lib, ... }: let inherit (lib) singleton ; in { dumb-init = { enable = true; sigell.entries = [ { signal = "HUP"; action = { type = "exec"; environment = { PATH = "${pkgs.bash}/bin:${pkgs.busybox}/bin"; }; command = [ "bash" "-c" "kill -s HUP \"$(cat /nginx.pid)\"" ]; }; } { signal = "TERM"; action = { type = "signal"; rewrite = "TERM"; selector = { type = "child"; }; }; } ]; type.services = {}; }; init.services.nginx.shutdownOnExit = true; services.nginx = { enable = true; envsubst = true; configuration = singleton { daemon = "off"; worker_processes = 2; user = "nginx"; events."" = { use = "epoll"; worker_connections = 128; }; error_log = ["/dev/stderr" "warn"]; pid = "/nginx.pid"; stream."" = { include = singleton ["/local/streams.conf"]; }; http."" = { server_tokens = "off"; include = [ ["${pkgs.nginx}/conf/mime.types"] ["/local/upstreams.conf"] ]; charset = "utf-8"; access_log = ["/dev/stdout" "combined"]; server."" = { listen = ["80" "default_server"]; server_name = singleton "blowhole.in.redalder.org"; location."/" = { return = ["301" "https://$$host$$request_uri"]; }; }; }; }; }; }; }; }