7d2829c0a0
The expression should check if the actually used nginx package needes write+execute rights, not the default pkgs.nginx (which has no modules unless overridden in an overlay). Having MemoryDenyWriteExecute always true causes e.g. the Lua module to fail (because JIT compilation).