From ee4da2ede6747388ba3ab2211adc1991d33d9f5b Mon Sep 17 00:00:00 2001
From: Till <till@ktiu.net>
Date: Tue, 3 Dec 2024 20:05:14 +0100
Subject: [PATCH] outline, nginx

---
 system/web-server.nix | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

diff --git a/system/web-server.nix b/system/web-server.nix
index 0c948a1..c51b0dc 100644
--- a/system/web-server.nix
+++ b/system/web-server.nix
@@ -1,5 +1,45 @@
 { config, pkgs, ... }:
 
 {
+  nixpkgs.config.allowUnfree = true;
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
   services.jenkins.enable = true;
+
+  services.outline = {
+    enable = true;
+    storage.storageType = "local";
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  services.nginx.virtualHosts."outline.ktiu.net" = {
+    addSSL = true;
+    enableACME = true;
+    root = "/var/www/myhost.org";
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:3000";
+      extraConfig = 
+        "proxy_set_header Upgrade $http_upgrade;" +
+        "proxy_set_header Connection \"Upgrade\";" +
+        "proxy_set_header Host $host;" +
+        "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header Host $host;" +
+        "proxy_set_header X-Real-IP $remote_addr;" +
+        "proxy_set_header X-Scheme $scheme;" +
+        "proxy_set_header X-Forwarded-Proto $scheme;" +
+        "proxy_redirect off;"
+      ;
+    };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "till@ktiu.net";
+  };
+
 }