From 164a57da25a61332391c448bc45d394c56411f96 Mon Sep 17 00:00:00 2001
From: 514fpv <koishi@514fpv.one>
Date: Mon, 15 Jan 2024 16:56:47 +0800
Subject: [PATCH] feat(web): add nginx configuration

---
 spec/web/nginx.nix | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 spec/web/nginx.nix

diff --git a/spec/web/nginx.nix b/spec/web/nginx.nix
new file mode 100644
index 00000000..7cf9cb86
--- /dev/null
+++ b/spec/web/nginx.nix
@@ -0,0 +1,27 @@
+{ pkgs
+, ...}: {
+  services.nginx = {
+    enable = true;
+
+    # enable all recommended settings
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+
+    virtualHosts = {
+      "_" = {
+        rejectSSL = true;
+        extraConfig = "return 444;";
+      };
+
+      "514fpv.one" = {
+        root = pkgs.callPackage ./site { };
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}