diff --git a/nixos/modules/services/web-servers/nginx/default.nix b/nixos/modules/services/web-servers/nginx/default.nix index bc5b4be51098..89fecc938cad 100644 --- a/nixos/modules/services/web-servers/nginx/default.nix +++ b/nixos/modules/services/web-servers/nginx/default.nix @@ -186,8 +186,8 @@ let brotli_types ${lib.concatStringsSep " " compressMimeTypes}; ''} - # https://docs.nginx.com/nginx/admin-guide/web-server/compression/ ${optionalString cfg.recommendedGzipSettings '' + # https://docs.nginx.com/nginx/admin-guide/web-server/compression/ gzip on; gzip_static on; gzip_vary on; @@ -197,6 +197,14 @@ let gzip_types ${lib.concatStringsSep " " compressMimeTypes}; ''} + ${optionalString cfg.recommendedZstdSettings '' + zstd on; + zstd_comp_level 9; + zstd_min_length 256; + zstd_static on; + zstd_types ${lib.concatStringsSep " " compressMimeTypes}; + ''} + ${optionalString cfg.recommendedProxySettings '' proxy_redirect off; proxy_connect_timeout ${cfg.proxyTimeout}; @@ -492,6 +500,16 @@ in ''; }; + recommendedZstdSettings = mkOption { + default = false; + type = types.bool; + description = lib.mdDoc '' + Enable recommended zstd settings. Learn more about compression in Zstd format [here](https://github.com/tokers/zstd-nginx-module). + + This adds `pkgs.nginxModules.zstd` to `services.nginx.additionalModules`. + ''; + }; + proxyTimeout = mkOption { type = types.str; default = "60s"; @@ -1005,7 +1023,8 @@ in groups = config.users.groups; }) dependentCertNames; - services.nginx.additionalModules = optional cfg.recommendedBrotliSettings pkgs.nginxModules.brotli; + services.nginx.additionalModules = optional cfg.recommendedBrotliSettings pkgs.nginxModules.brotli + ++ lib.optional cfg.recommendedZstdSettings pkgs.nginxModules.zstd; systemd.services.nginx = { description = "Nginx Web Server";