nginx restructure

2026-02-13 17:48:11 +01:00 · 2026-02-13 17:48:11 +01:00 · b177613b1e
commit b177613b1e
parent 854dace74e
10 changed files with 168 additions and 114 deletions
--- a/hosts/www/default.nix
+++ b/hosts/www/default.nix
@ -0,0 +1,34 @@
+{ ... }:
+
+{
+  imports = [
+    ../common.nix
+    ../../services/openssh.nix
+    ../../services/nginx.nix
+  ];
+
+  networking = {
+    hostName = "www";
+    firewall = {
+      allowedTCPPorts = [
+        80 # HTTP/1
+        443 # HTTP/2
+      ];
+      allowedUDPPorts = [
+        443 # HTTP/3
+      ];
+    };
+  };
+
+  services = {
+    openssh.banner = ''
+       __  __  __  __  __  __  __  __  __
+      /\ \/\ \/\ \/\ \/\ \/\ \/\ \/\ \/\ \
+      \ \ \_/ \_/ \ \ \_/ \_/ \ \ \_/ \_/ \
+       \ \___x___/'\ \___x___/'\ \___x___/'
+        \/__//__/   \/__//__/   \/__//__/
+    '';
+  };
+
+  system.stateVersion = "25.11";
+}
--- a/hosts/www/nginx.nix
+++ b/hosts/www/nginx.nix
@ -0,0 +1,21 @@
+{ config, ... }:
+
+let
+  # TODO: mkVHost
+in
+{
+  services.nginx.virtualHosts."${config.networking.hostName}.${config.networking.domain}" = {
+    default = true;
+    serverAliases = [${config.networking.domain}];
+    quic = true;
+    kTLS = true;
+    forceSSL = true;
+    enableACME = true;
+    root = "/srv/http/www";
+    index = "index.html";
+    locations."/" = {
+      try_files = "$uri $uri/ $uri.html =404";
+    };
+  };
+}
+