Add basic renard server config

Signed-off-by: Mel <einebeere@gmail.com>

2 files changed, 50 insertions, 2 deletions

diff --git a/modules/common.nix b/modules/common.nix
index f035db5..2f2b141 100644
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -1,4 +1,4 @@
-{ me, config, lib, pkgs, ... }:
+{ me, util, config, lib, pkgs, ... }:
 
 {
   imports = [
@@ -9,8 +9,25 @@
   ];
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
+ 
+  
+  users.motd = ''
+
+/^  /^
+\ ' ' 7   < Hi, I'm ${util.titleCase me}
+/    \
+
+  '';
 
-  networking.hostName = me;
+  networking = {
+    hostName = me;
+  
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 443 ];
+      trustedInterfaces = [ "tailscale0" ];
+    };
+  };
 
   services.envfs.enable = true;
   virtualisation.libvirtd.enable = true;
diff --git a/modules/www.nix b/modules/www.nix
new file mode 100644
index 0000000..1df69cf
--- /dev/null
+++ b/modules/www.nix
@@ -0,0 +1,31 @@
+{ me, ... }:
+
+let 
+  rnrdUrl =
+    if me == "renard"
+      then "rnrd.eu"
+      else "${me}.rnrd.eu";
+in
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "einebeere@gmail.com";
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  
+    virtualHosts = {
+      default = { default = true; };
+      ${rnrdUrl} = {
+        root = "/var/www/html";
+        forceSSL = true;
+        enableACME = true;
+      };
+    };
+  };
+}