1 files changed, 32 insertions, 1 deletions

diff --git a/nixos/tente-configuration.nix b/nixos/tente-configuration.nix
index 8254fb0..e74a679 100644
--- a/nixos/tente-configuration.nix
+++ b/nixos/tente-configuration.nix
@@ -3,6 +3,10 @@
 # your system. Help is available in the configuration.nix(5) man page, on
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
 
+let
+  domain = "beta.push-f.com";
+  acmeEmail = "martin@push-f.com";
+in
 { config, lib, pkgs, ... }:
 
 {
@@ -41,7 +45,10 @@
 
   users.users.martin = {
     isNormalUser = true;
-    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+    extraGroups = [
+      "wheel" # Enable ‘sudo’ for the user.
+      "www-data"
+    ];
     packages = with pkgs; [
     ];
   };
@@ -65,6 +72,7 @@
   networking.firewall.allowedTCPPorts = [
     # Enabling openssh automatically opens its port in the firewall.
     # For all other services we need to manually list the ports here.
+    80 443
   ];
   networking.firewall.allowedUDPPorts = [];
 
@@ -73,6 +81,12 @@
   # Enable the OpenSSH daemon.
   services.openssh.enable = true;
 
+  users.groups.www-data = {};
+
+  systemd.tmpfiles.rules = [
+    "d /srv/www 2770 root www-data -"
+  ];
+
   services.gitolite = {
     enable = true;
     adminPubkey = ""; # TODO: submit PR to nixpkgs to make this option optional
@@ -80,6 +94,23 @@
     dataDir = "/srv/gitolite";
   };
 
+  security.acme = {
+    acceptTerms = true; # https://letsencrypt.org/repository/
+    defaults.email = acmeEmail;
+  };
+
+  services.nginx = {
+    enable = true;
+    group = "www-data";
+
+    # My personal website
+    virtualHosts."${domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      root = "/srv/www/${domain}";
+    };
+  };
+
   # Copy the NixOS configuration file and link it from the resulting system
   # (/run/current-system/configuration.nix). This is useful in case you
   # accidentally delete configuration.nix.