From 6a1bf33bffb9396c3388dc204098f948e261f168 Mon Sep 17 00:00:00 2001
From: javalsai <jvssxxi@gmail.com>
Date: Sat, 2 May 2026 23:37:28 +0200
Subject: [PATCH] nixos/services: add nginx base configuration

---
 nixos/modules/default.nix |  1 +
 nixos/modules/nginx.nix   | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100644 nixos/modules/nginx.nix

diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix
index a52fff6..309d42d 100644
--- a/nixos/modules/default.nix
+++ b/nixos/modules/default.nix
@@ -3,6 +3,7 @@
     ./fail2ban.nix
     ./sysctl.nix
     ./host.nix
+    ./nginx.nix
     ./snapper.nix
     ./substituters.nix
   ];
diff --git a/nixos/modules/nginx.nix b/nixos/modules/nginx.nix
new file mode 100644
index 0000000..8416c7f
--- /dev/null
+++ b/nixos/modules/nginx.nix
@@ -0,0 +1,37 @@
+{ config, lib, ... }:
+let
+  inherit (config.networking) fqdn;
+
+  mkVhost =
+    attrs:
+    {
+      forceSSL = false; # TODO: tweak per host
+    }
+    // attrs;
+
+  mkProxy = port: {
+    proxyPass = "http://127.0.0.1:${toString port}/";
+  };
+in
+{
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  services.nginx = {
+    enable = true;
+
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+
+    # services.nginx.virtualHosts."${fqdn}" = {
+    #   addSSL = true;
+    #   root = "/var/www/myhost.org";
+    #   default = true;
+    # };
+  };
+}