From c21b049ee16c64a31fec1ecfd98543900262856f Mon Sep 17 00:00:00 2001
From: FredzyW <fredrik@wastring.com>
Date: Mon, 8 Apr 2024 08:56:16 +0200
Subject: [PATCH] Added certs

---
 config/server.nix                 |  1 +
 maskiner/server/configuration.nix |  1 +
 moduler/common/nginx.nix          | 23 +++++++++++++++++++++++
 3 files changed, 25 insertions(+)
 create mode 100644 moduler/common/nginx.nix

diff --git a/config/server.nix b/config/server.nix
index ffc6a6d..2f9ebc1 100644
--- a/config/server.nix
+++ b/config/server.nix
@@ -92,6 +92,7 @@
   home.username = "fw";
   home.homeDirectory = "/home/fw";
 
+
   home.stateVersion = "23.11"; # Did you read the comment?
 
   systemd.user.startServices = "sd-switch";
diff --git a/maskiner/server/configuration.nix b/maskiner/server/configuration.nix
index 721472b..dc8c24a 100644
--- a/maskiner/server/configuration.nix
+++ b/maskiner/server/configuration.nix
@@ -11,6 +11,7 @@
 	imports = [
 		./hardware-configuration.nix
 		../../config/users.nix
+		../../moduler/common/nginx.nix
 	];
 
 	networking.hostName = "server";
diff --git a/moduler/common/nginx.nix b/moduler/common/nginx.nix
new file mode 100644
index 0000000..04ba786
--- /dev/null
+++ b/moduler/common/nginx.nix
@@ -0,0 +1,23 @@
+
+{ pkgs, lib, ... }:
+{
+  security.acme = {
+    acceptTerms = true;
+    email = "fredrik@wastring.com";
+	certs."git.wastring.com" = {
+		dnsProvider = "gandi";
+		# Supplying password files like this will make your credentials world-readable
+		# in the Nix store. This is for demonstration purpose only, do not use this in production.
+		credentialsFile = /home/fw/credentials.sh;
+  };
+    };
+   
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+virtualHosts."git.wastring.com" = { default = true; enableACME = true; addSSL = true; locations."/".proxyPass = "http://172.17.0.1:3030/"; };
+    };
+}