config/nixos/modules/presets/katja: add nginx with ssl on $fqdn

commit 820805adcce2ec6014f3c32ef34ac2b6a0ec83f8
parent c5055918af1fad11409d98c6af16002489b7a73e
Author: Katja (zaphyra) <git@ctu.cx>
Date: Thu, 22 May 2025 08:09:17 +0200

config/nixos/modules/presets/katja: add nginx with ssl on $fqdn

1 file changed, 13 insertions(+), 0 deletions(-)

config/nixos/modules/presets/katja/enable.nix

+++++++++++++

diff --git a/config/nixos/modules/presets/katja/enable.nix b/config/nixos/modules/presets/katja/enable.nix
@@ -79,6 +79,19 @@ in
       };
     };
 
+    services.nginx = {
+      enable = true;
+      virtualHosts."${config.networking.fqdn}" = {
+        useACMEHost = "${config.networking.fqdn}";
+        forceSSL = true;
+        kTLS = true;
+      };
+    };
+
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
 
     environment.systemPackages = with pkgs; [
       ghostty.terminfo