From d3fcc67c2684f3d40c38d6485b2921dcf7f8b730 Mon Sep 17 00:00:00 2001
From: jopejoe1 <johannes@joens.email>
Date: Wed, 10 Jul 2024 19:08:04 +0200
Subject: [PATCH] infra: add nginx

---
 nix/infra/default.nix |  1 +
 nix/infra/nginx.nix   | 35 +++++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 nix/infra/nginx.nix

diff --git a/nix/infra/default.nix b/nix/infra/default.nix
index e4c37f3..910f83a 100644
--- a/nix/infra/default.nix
+++ b/nix/infra/default.nix
@@ -15,6 +15,7 @@
     ./system.nix
     ./disk.nix
     ./backend.nix
+    ./nginx.nix
     ./users
   ];
 
diff --git a/nix/infra/nginx.nix b/nix/infra/nginx.nix
new file mode 100644
index 0000000..a576ea2
--- /dev/null
+++ b/nix/infra/nginx.nix
@@ -0,0 +1,35 @@
+ {
+  ...
+ }:
+
+{
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+    virtualHosts = {
+      "clan-war.net" = {
+        enableACME = true;
+        forceSSL = true;
+      };
+      "api.clan-war.net" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."/".proxyPass = "http://localhost:8080";
+      };
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "security@clan-war.net";
+  };
+
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 80 ];
+    allowedUDPPorts = [ 80 ];
+  };
+}