1 files changed, 57 insertions, 0 deletions

diff --git a/modules/www/default.nix b/modules/www/default.nix
new file mode 100644
index 0000000..f6bb4e4
--- /dev/null
+++ b/modules/www/default.nix
@@ -0,0 +1,57 @@
+{ me, ... }:
+
+let
+  rnrdUrl = if me.is.renard then "rnrd.eu" else "${me.name}.rnrd.eu";
+in
+{
+  imports = [ ./tailnet.nix ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "einebeere@gmail.com";
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    statusPage = true;
+
+    commonHttpConfig = ''
+      log_format json_combined escape=json '{'
+      	'"time_local":"$time_local",'
+      	'"remote_addr":"$remote_addr",'
+      	'"remote_user":"$remote_user",'
+      	'"request":"$request",'
+      	'"status": "$status",'
+      	'"body_bytes_sent":"$body_bytes_sent",'
+      	'"request_length":"$request_length",'
+      	'"request_time":"$request_time",'
+      	'"http_referrer":"$http_referer",'
+      	'"http_user_agent":"$http_user_agent",'
+      	'"upstream_response_time":"$upstream_response_time",'
+      	'"upstream_addr":"$upstream_addr",'
+      	'"upstream_status":"$upstream_status"'
+      '}';
+      access_log /var/log/nginx/access.log json_combined;
+      error_log /var/log/nginx/error.log warn;
+    '';
+
+    virtualHosts = {
+      default = {
+        default = true;
+      };
+      ${rnrdUrl} = {
+        root = "/var/www/html";
+        forceSSL = true;
+        enableACME = true;
+        extraConfig = ''
+          access_log /var/log/nginx/base.access.log json_combined;
+        '';
+      };
+    };
+  };
+}