Add Nginx and Hydra config

flake.nix

@@ -23,7 +23,7 @@
     extra-config.url = "git+ssh://git@git.sr.ht/~dala/extra-config";
   };
 
-  outputs = { self, nixpkgs-unstable, nixpkgs-stable, home-manager, sops-nix, flake-utils }:
+  outputs = { self, nixpkgs-unstable, nixpkgs-stable, home-manager, sops-nix, flake-utils, extra-config }:
     let
       machines = import ./machines.nix;
     in
@@ -45,6 +45,8 @@
               } // value;
 
               sopsHmModule = sops-nix.homeManagerModules.sops;
+
+              extraInfo = extra-config.extraSecrets;
             };
 
             modules = [

modules/server/default.nix

@@ -2,5 +2,6 @@
   imports = [
     ./network.nix
     ./hydra.nix
+    ./nginx.nix
   ];
 }

modules/server/hydra.nix

@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, extraInfo, ... }:
 with lib;
 {
   options.server.builder.enableHydra = mkOption {
@@ -16,7 +16,10 @@ with lib;
       useSubstitutes = true;
     };
 
-    services.nginx.virtualHosts.localhost = mkIf config.services.nginx.enable {
+    services.nginx.virtualHosts.${extraInfo.hydraURI} = mkIf config.services.nginx.enable {
+      enableACME = true;
+      forceSSL = true;
+
       locations."/" = {
         recommendedProxySettings = true;
         proxyPass = config.services.hydra.hydraURL;

modules/server/network.nix

@@ -7,12 +7,6 @@ with lib;
     example = false;
   };
 
-  options.server.networking.enableNginx = mkOption {
-    type = types.bool;
-    default = true;
-    example = false;
-  };
-
   config = {
     services.openssh = mkIf config.server.networking.enableSSH {
       enable = true;

modules/server/nginx.nix

@@ -0,0 +1,11 @@
+{
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = "dala@dalaran.fr";
+
+  services.nginx = {
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+}