From a90b662ef80390a88cbffbe3d89d517615bf9ad7 Mon Sep 17 00:00:00 2001
From: NullBite <me@nullbite.com>
Date: Sat, 22 Jun 2024 01:45:57 -0400
Subject: [PATCH] pi4: setup web server

---
 hosts/rpi4/services.nix | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/hosts/rpi4/services.nix b/hosts/rpi4/services.nix
index a242496..79721bb 100644
--- a/hosts/rpi4/services.nix
+++ b/hosts/rpi4/services.nix
@@ -10,6 +10,39 @@
       group = "secrets";
     };
 
+    users.users.nginx.extraGroups = [ "acme" ];
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+    services.nginx = {
+      enable = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+
+      commonHttpConfig = ''
+        port_in_redirect off;
+      '';
+
+      virtualHosts = {
+        "localhost" = {
+          default = true;
+          locations."/" = {
+            return = "302 https://protogen.io$request_uri";
+          };
+        };
+        "protogen.io" = {
+          useACMEHost = "protogen.io";
+          forceSSL = true;
+          locations."/" = {
+            root = "/srv/http";
+            extraConfig = ''
+              autoindex on;
+            '';
+          };
+        };
+      };
+    };
 
     security.acme = {
       acceptTerms = true;