nixos/services: add nginx base configuration

nixos/modules/default.nix

@@ -3,6 +3,7 @@
     ./fail2ban.nix
     ./sysctl.nix
     ./host.nix
+    ./nginx.nix
     ./snapper.nix
     ./substituters.nix
   ];

nixos/modules/nginx.nix

@@ -0,0 +1,37 @@
+{ config, ... }:
+let
+  inherit (config.networking) fqdn;
+
+  mkVhost =
+    attrs:
+    {
+      forceSSL = false; # TODO: tweak per host
+    }
+    // attrs;
+
+  mkProxy = port: {
+    proxyPass = "http://127.0.0.1:${toString port}/";
+  };
+in
+{
+  services.nginx = {
+    enable = true;
+
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+
+    # services.nginx.virtualHosts."${fqdn}" = {
+    #   addSSL = true;
+    #   root = "/var/www/myhost.org";
+    #   default = true;
+    # };
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+}