nixos/nginx: fix MemoryDenyWriteExecute not being disabled when needed

The expression should check if the actually used nginx package
needes write+execute rights, not the default pkgs.nginx (which
has no modules unless overridden in an overlay).

Having MemoryDenyWriteExecute always true causes e.g. the Lua
module to fail (because JIT compilation).

nixos/modules/services/web-servers/nginx/default.nix

@@ -801,7 +801,7 @@ in
         ProtectControlGroups = true;
         RestrictAddressFamilies = [ "AF_UNIX" "AF_INET" "AF_INET6" ];
         LockPersonality = true;
-        MemoryDenyWriteExecute = !(builtins.any (mod: (mod.allowMemoryWriteExecute or false)) pkgs.nginx.modules);
+        MemoryDenyWriteExecute = !(builtins.any (mod: (mod.allowMemoryWriteExecute or false)) cfg.package.modules);
         RestrictRealtime = true;
         RestrictSUIDSGID = true;
         PrivateMounts = true;