From e21d82c3931873446b187bcf205d1d0b38be8698 Mon Sep 17 00:00:00 2001
From: Henri Saudubray <henri.saudubray@proton.me>
Date: Tue, 17 Feb 2026 13:29:37 +0100
Subject: [PATCH] feat (hosts/mystra): nginx configuration

---
 hosts/mystra/default.nix | 32 ++++++++++++++------------------
 nixos/server.nix         | 26 ++++++++++++++++++++++++++
 2 files changed, 40 insertions(+), 18 deletions(-)
 create mode 100644 nixos/server.nix

diff --git a/hosts/mystra/default.nix b/hosts/mystra/default.nix
index c3d7bc4..4a33466 100644
--- a/hosts/mystra/default.nix
+++ b/hosts/mystra/default.nix
@@ -1,30 +1,26 @@
-{ pkgs, ... }:
+{ ... }:
 {
   imports = [
     ./hardware-configuration.nix
     ./disk-config.nix
-    ../../nixos/common.nix
+    ../../nixos/server.nix
   ];
 
-  boot.loader.grub = {
-    efiSupport = true;
-    efiInstallAsRemovable = true;
+  services.nginx = {
+    enable = true;
+    virtualHosts."henri-saudubray.fr" = {
+      enableACME = true;
+      forceSSL = true;
+      root = "/home/hms/www";
+    };
   };
 
-  services.openssh.enable = true;
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
 
-  environment.systemPackages = [
-    pkgs.curl
-    pkgs.gitMinimal
-  ];
-
-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/RpQqBYdXKNjLLpRWq04NJHD7mODOjwjpmqnQ6qppp hms@nixos-selune"
-  ];
-
-  users.users.hms.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/RpQqBYdXKNjLLpRWq04NJHD7mODOjwjpmqnQ6qppp hms@nixos-selune"
-  ];
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "henri.saudubray@proton.me";
+  };
 
   networking.hostName = "mystra";
   system.stateVersion = "25.11";
diff --git a/nixos/server.nix b/nixos/server.nix
new file mode 100644
index 0000000..eb9e014
--- /dev/null
+++ b/nixos/server.nix
@@ -0,0 +1,26 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ./common.nix
+  ];
+
+  boot.loader.grub = {
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  services.openssh.enable = true;
+
+  environment.systemPackages = [
+    pkgs.curl
+    pkgs.gitMinimal
+  ];
+
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/RpQqBYdXKNjLLpRWq04NJHD7mODOjwjpmqnQ6qppp hms@nixos-selune"
+  ];
+
+  users.users.hms.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG/RpQqBYdXKNjLLpRWq04NJHD7mODOjwjpmqnQ6qppp hms@nixos-selune"
+  ];
+}