nginx

modules/server/nginx/default.nix

@@ -0,0 +1,45 @@
+{ config, lib, ... }:
+let
+  cfg = config.syscfg.server;
+  containers = cfg.containers; 
+  
+  # Function to convert your container config into an NGINX vhost
+  mkVhost = name: container: {
+    forceSSL = true;
+    useACMEHost = "${cfg.hostDomain}";
+    locations."/" = {
+      proxyPass = "http://${container.ip}:${toString container.port}";
+      proxyWebsockets = true; # Recommended for modern apps
+    };
+  };
+in {
+
+
+security.acme = {
+  acceptTerms = true;
+  defaults.email = "admin@domain.org";
+
+  certs."${cfg.hostDomain}" = {
+    domain = "*.${cfg.hostDomain}";
+    extraDomainNames = [ "${cfg.hostDomain}" ]; # Adds the root too
+    dnsProvider = "cloudflare"; # Change to your provider
+    # File containing your API token (e.g. CLOUDFLARE_DNS_API_TOKEN=...)
+    credentialsFile = "/var/lib/secrets/acme-dns.env";
+    group = "nginx"; 
+  };
+};
+
+  services.nginx = {
+    enable = true;
+    
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = lib.mapAttrs' (name: value: 
+      lib.nameValuePair "${value.subdomain}.${cfg.hostDomain}" (mkVhost name value)
+    ) cfg;
+  };
+
+  # Open the firewall
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}