spec(web): add nginx configuration

2024-01-15 16:56:47 +08:00 · 2024-01-15 16:56:47 +08:00 · d80069df71
commit d80069df71
parent 2f07609f4b
1 changed files with 27 additions and 0 deletions
--- a/spec/web/nginx.nix
+++ b/spec/web/nginx.nix
@ -0,0 +1,27 @@
+{ pkgs
+, ...}: {
+  services.nginx = {
+    enable = true;
+
+    # enable all recommended settings
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+
+    virtualHosts = {
+      "_" = {
+        rejectSSL = true;
+        extraConfig = "return 444;";
+      };
+
+      "514fpv.one" = {
+        root = pkgs.callPackage ./site { };
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}