Enable the upstream nginx module from nixpkgs.

nix/modules/default.nix

@@ -6,63 +6,109 @@
   imports = [
     ./etc.nix
     ./systemd.nix
+    ./upstream/nixpkgs
   ];
 
-  options = {
+  options =
+    let
+      inherit (lib) types;
+    in
+    {
 
-    nixpkgs = {
+      nixpkgs = {
-      # TODO: switch to lib.systems.parsedPlatform
+        # TODO: switch to lib.systems.parsedPlatform
-      hostPlatform = lib.mkOption {
+        hostPlatform = lib.mkOption {
-        type = lib.types.str;
+          type = types.str;
-        example = "x86_64-linux";
+          example = "x86_64-linux";
+        };
       };
-    };
 
-    assertions = lib.mkOption {
+      assertions = lib.mkOption {
-      type = lib.types.listOf lib.types.unspecified;
+        type = types.listOf types.unspecified;
-      internal = true;
+        internal = true;
-      default = [ ];
+        default = [ ];
-      example = [{ assertion = false; message = "you can't enable this for that reason"; }];
+        example = [{ assertion = false; message = "you can't enable this for that reason"; }];
-      description = lib.mdDoc ''
+        description = lib.mdDoc ''
-        This option allows modules to express conditions that must
+          This option allows modules to express conditions that must
-        hold for the evaluation of the system configuration to
+          hold for the evaluation of the system configuration to
-        succeed, along with associated error messages for the user.
+          succeed, along with associated error messages for the user.
-      '';
+        '';
-    };
+      };
 
-    warnings = lib.mkOption {
+      warnings = lib.mkOption {
-      internal = true;
+        internal = true;
-      default = [ ];
+        default = [ ];
-      type = lib.types.listOf lib.types.str;
+        type = types.listOf types.str;
-      example = [ "The `foo' service is deprecated and will go away soon!" ];
+        example = [ "The `foo' service is deprecated and will go away soon!" ];
-      description = lib.mdDoc ''
+        description = lib.mdDoc ''
-        This option allows modules to show warnings to users during
+          This option allows modules to show warnings to users during
-        the evaluation of the system configuration.
+          the evaluation of the system configuration.
-      '';
+        '';
-    };
+      };
 
-    system-manager = {
+      # Statically assigned UIDs and GIDs.
-      allowAnyDistro = lib.mkEnableOption "the usage of system-manager on untested distributions";
+      # Ideally we use DynamicUser as much as possible to avoid the need for these.
+      ids = {
+        uids = lib.mkOption {
+          internal = true;
+          description = lib.mdDoc ''
+            The user IDs used by system-manager.
+          '';
+          type = types.attrsOf types.int;
+        };
 
-      preActivationAssertions = lib.mkOption {
+        gids = lib.mkOption {
-        type = with lib.types; attrsOf (submodule ({ name, ... }: {
+          internal = true;
-          options = {
+          description = lib.mdDoc ''
-            enable = lib.mkEnableOption "the assertion";
+            The group IDs used by system-manager.
+          '';
+          type = types.attrsOf types.int;
+        };
+      };
 
-            name = lib.mkOption {
+      # No-op option for now.
-              type = lib.types.str;
+      # TODO: should we include the settings in /etc/logrotate.d ?
-              default = name;
+      services.logrotate = lib.mkOption {
-            };
+        internal = true;
-
-            script = lib.mkOption {
-              type = lib.types.str;
-            };
-          };
-        }));
         default = { };
+        type = types.freeform;
+      };
+
+      # No-op option for now.
+      users = lib.mkOption {
+        internal = true;
+        default = { };
+        type = types.freeform;
+      };
+
+      networking = {
+        enableIPv6 = lib.mkEnableOption "IPv6" // {
+          default = true;
+        };
+      };
+
+      system-manager = {
+        allowAnyDistro = lib.mkEnableOption "the usage of system-manager on untested distributions";
+
+        preActivationAssertions = lib.mkOption {
+          type = with lib.types; attrsOf (submodule ({ name, ... }: {
+            options = {
+              enable = lib.mkEnableOption "the assertion";
+
+              name = lib.mkOption {
+                type = types.str;
+                default = name;
+              };
+
+              script = lib.mkOption {
+                type = types.str;
+              };
+            };
+          }));
+          default = { };
+        };
       };
     };
-  };
 
   config = {
     system-manager.preActivationAssertions = {

nix/modules/upstream/nixpkgs/default.nix

@@ -0,0 +1,15 @@
+{ nixosModulesPath
+, ...
+}:
+{
+  imports = [
+    ./nginx.nix
+  ] ++
+  # List of imported NixOS modules
+  # TODO: how will we manage this in the long term?
+  map (path: nixosModulesPath + path) [
+    "/misc/meta.nix"
+    "/security/acme/"
+    "/services/web-servers/nginx/"
+  ];
+}

nix/modules/upstream/nixpkgs/nginx.nix

@@ -0,0 +1,6 @@
+{
+  systemd.services.nginx.serviceConfig.DynamicUser = true;
+
+  # Disable this for now
+  services.logrotate.settings.nginx = { };
+}

test/nix/modules/default.nix

@@ -6,6 +6,8 @@
   config = {
     nixpkgs.hostPlatform = "x86_64-linux";
 
+    services.nginx.enable = true;
+
     environment.etc = {
       foo = {
         text = ''