2 files changed, 38 insertions, 0 deletions

diff --git a/configs/nginx/default.nix b/configs/nginx/default.nix
new file mode 100644
index 0000000..e288c52
--- /dev/null
+++ b/configs/nginx/default.nix
@@ -0,0 +1,21 @@
+{ config, ... }: {
+  services.nginx = {
+    enableReload = true;
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts.${builtins.toJSON ""} = {
+      default = true;
+      extraConfig = ''
+        error_page 400 =444 /;
+        return 444;
+      '';
+      rejectSSL = true;
+    };
+  };
+  tv.iptables = {
+    input-retiolum-accept-tcp = [ "http" ];
+  };
+}
diff --git a/configs/nginx/public_html.nix b/configs/nginx/public_html.nix
new file mode 100644
index 0000000..cd8e3c4
--- /dev/null
+++ b/configs/nginx/public_html.nix
@@ -0,0 +1,17 @@
+{ config, ... }: {
+  services.nginx = {
+    enable = true;
+    virtualHosts.default = {
+      serverAliases = [
+        "localhost"
+        "${config.krebs.build.host.name}"
+        "${config.krebs.build.host.name}.hkw"
+        "${config.krebs.build.host.name}.r"
+      ];
+      locations."~ ^/~([a-z]+)(?:/(.*))?\$" = {
+        alias = "/srv/$1/public_html/$2";
+      };
+    };
+  };
+  tv.iptables.input-internet-accept-tcp = [ "http" ];
+}