From 491a3be1571a2c86cad99f09c68efbd3d46fe8ff Mon Sep 17 00:00:00 2001
From: Zachary Myers <zackmyers808@gmail.com>
Date: Fri, 26 Jul 2024 12:29:55 -0400
Subject: [PATCH] Update default.nix

---
 modules/nixos/services/web/nginx/default.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/modules/nixos/services/web/nginx/default.nix b/modules/nixos/services/web/nginx/default.nix
index 25295d9..61d09b1 100644
--- a/modules/nixos/services/web/nginx/default.nix
+++ b/modules/nixos/services/web/nginx/default.nix
@@ -13,10 +13,19 @@ in {
   };
 
   config = mkIf cfg.enable {
+    security.dhparams = {
+      enable = true;
+      params.nginx = {};
+    };
+
     services.nginx = {
       enable = true;
       package = pkgs.nginxStable.override {openssl = pkgs.libressl;};
       recommendedProxySettings = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;
+      sslDhparam = config.security.dhparams.params.nginx.path;
       virtualHosts = {
         "node.nyc.zackmyers.io" = {
           forceSSL = true;