From 4acb861aa9f615ef69dda1e8f768868a0a720c41 Mon Sep 17 00:00:00 2001
From: Alexander Heldt <me@alexanderheldt.se>
Date: Sun, 21 Jul 2024 10:52:42 +0200
Subject: [PATCH] tadpole: Add `nginx` module

---
 hosts/tadpole/modules/default.nix       |  1 +
 hosts/tadpole/modules/nginx/default.nix | 38 +++++++++++++++++++++++++
 2 files changed, 39 insertions(+)
 create mode 100644 hosts/tadpole/modules/nginx/default.nix

diff --git a/hosts/tadpole/modules/default.nix b/hosts/tadpole/modules/default.nix
index 56689cc..1ef72bd 100644
--- a/hosts/tadpole/modules/default.nix
+++ b/hosts/tadpole/modules/default.nix
@@ -9,6 +9,7 @@ in
   config = {
     mod = {
       ssh.enable = true;
+      nginx.enable = true;
     };
   };
 }
diff --git a/hosts/tadpole/modules/nginx/default.nix b/hosts/tadpole/modules/nginx/default.nix
new file mode 100644
index 0000000..ed90b6f
--- /dev/null
+++ b/hosts/tadpole/modules/nginx/default.nix
@@ -0,0 +1,38 @@
+{ lib, config, ... }:
+let
+  enabled = config.mod.nginx.enable;
+in
+{
+  options = {
+    mod.nginx = {
+      enable = lib.mkEnableOption "add nginx module";
+    };
+  };
+
+  config = lib.mkIf enabled {
+    security = {
+      acme = {
+        acceptTerms = true;
+
+        defaults = {
+          email = "p@ppp.pm";
+        };
+      };
+    };
+
+    services = {
+      nginx = {
+        enable = true;
+
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+      };
+    };
+
+    networking = {
+      firewall = {
+        allowedTCPPorts = [ 80 443 ];
+      };
+    };
+  };
+}