From 53106e91da15cbd1181521f02fedcbfb17f291b9 Mon Sep 17 00:00:00 2001
From: Sam <samual.shop@proton.me>
Date: Fri, 7 Feb 2025 15:03:01 +0000
Subject: [PATCH] nginx configs for semitamaps and vaultwarden

---
 hosts/common/optional/nginx/semitamaps.nix  |  7 ++++++
 hosts/common/optional/nginx/vaultwarden.nix | 24 +++++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 hosts/common/optional/nginx/semitamaps.nix
 create mode 100644 hosts/common/optional/nginx/vaultwarden.nix

diff --git a/hosts/common/optional/nginx/semitamaps.nix b/hosts/common/optional/nginx/semitamaps.nix
new file mode 100644
index 0000000..e9a65aa
--- /dev/null
+++ b/hosts/common/optional/nginx/semitamaps.nix
@@ -0,0 +1,7 @@
+{
+  networking.firewall.allowedTCPPorts = [ 80 ];
+  services.nginx.enable = true;
+  services.nginx.virtualHosts."samchance.xyz" = {
+    root = "/srv/hello/";
+  };
+}
diff --git a/hosts/common/optional/nginx/vaultwarden.nix b/hosts/common/optional/nginx/vaultwarden.nix
new file mode 100644
index 0000000..097912f
--- /dev/null
+++ b/hosts/common/optional/nginx/vaultwarden.nix
@@ -0,0 +1,24 @@
+{configVars, ...}: let
+  email = configVars.email.user;
+  domain = configVars.domains.vaultwarden;
+  vaultwardenIp = configVars.networking.addresses.vaultwarden.localAddress;
+  vaultwardenPort = configVars.networking.addresses.vaultwarden.port;
+in {
+  networking.firewall.allowedTCPPorts = [80 443];
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = email;
+  };
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."${domain}" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/" = {
+        proxyPass = "http://${vaultwardenIp}:${toString vaultwardenPort}";
+      };
+    };
+  };
+}