From 4ef795afb1946185bbf3b41d68c7ba985c96a44f Mon Sep 17 00:00:00 2001
From: Victor Mignot <dala@dalaran.fr>
Date: Mon, 20 Nov 2023 21:37:14 +0100
Subject: [PATCH] Add Nginx and Hydra config

---
 flake.nix                  |  4 +++-
 modules/server/default.nix |  1 +
 modules/server/hydra.nix   |  7 +++++--
 modules/server/network.nix |  6 ------
 modules/server/nginx.nix   | 11 +++++++++++
 5 files changed, 20 insertions(+), 9 deletions(-)
 create mode 100644 modules/server/nginx.nix

diff --git a/flake.nix b/flake.nix
index 9aa1253..0770ca1 100644
--- a/flake.nix
+++ b/flake.nix
@@ -23,7 +23,7 @@
     extra-config.url = "git+ssh://git@git.sr.ht/~dala/extra-config";
   };
 
-  outputs = { self, nixpkgs-unstable, nixpkgs-stable, home-manager, sops-nix, flake-utils }:
+  outputs = { self, nixpkgs-unstable, nixpkgs-stable, home-manager, sops-nix, flake-utils, extra-config }:
     let
       machines = import ./machines.nix;
     in
@@ -45,6 +45,8 @@
               } // value;
 
               sopsHmModule = sops-nix.homeManagerModules.sops;
+
+              extraInfo = extra-config.extraSecrets;
             };
 
             modules = [
diff --git a/modules/server/default.nix b/modules/server/default.nix
index 87a064f..a82ed32 100644
--- a/modules/server/default.nix
+++ b/modules/server/default.nix
@@ -2,5 +2,6 @@
   imports = [
     ./network.nix
     ./hydra.nix
+    ./nginx.nix
   ];
 }
diff --git a/modules/server/hydra.nix b/modules/server/hydra.nix
index 80ec3ec..4f30aa6 100644
--- a/modules/server/hydra.nix
+++ b/modules/server/hydra.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, extraInfo, ... }:
 with lib;
 {
   options.server.builder.enableHydra = mkOption {
@@ -16,7 +16,10 @@ with lib;
       useSubstitutes = true;
     };
 
-    services.nginx.virtualHosts.localhost = mkIf config.services.nginx.enable {
+    services.nginx.virtualHosts.${extraInfo.hydraURI} = mkIf config.services.nginx.enable {
+      enableACME = true;
+      forceSSL = true;
+
       locations."/" = {
         recommendedProxySettings = true;
         proxyPass = config.services.hydra.hydraURL;
diff --git a/modules/server/network.nix b/modules/server/network.nix
index 437e84c..3102189 100644
--- a/modules/server/network.nix
+++ b/modules/server/network.nix
@@ -7,12 +7,6 @@ with lib;
     example = false;
   };
 
-  options.server.networking.enableNginx = mkOption {
-    type = types.bool;
-    default = true;
-    example = false;
-  };
-
   config = {
     services.openssh = mkIf config.server.networking.enableSSH {
       enable = true;
diff --git a/modules/server/nginx.nix b/modules/server/nginx.nix
new file mode 100644
index 0000000..fdbe8d2
--- /dev/null
+++ b/modules/server/nginx.nix
@@ -0,0 +1,11 @@
+{
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "dala@dalaran.fr";
+
+  services.nginx = {
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+}