3 files changed, 22 insertions, 1 deletions

diff --git a/configuration/snorlax/default.nix b/configuration/snorlax/default.nix
index 4355364..5771eb0 100644
--- a/configuration/snorlax/default.nix
+++ b/configuration/snorlax/default.nix
@@ -4,6 +4,7 @@
     ./disk-config.nix
     ./git.nix
     ./samba.nix
+    ./nginx.nix
 
     ../core
   ];
diff --git a/configuration/snorlax/git.nix b/configuration/snorlax/git.nix
index 7a696fe..a24c26a 100644
--- a/configuration/snorlax/git.nix
+++ b/configuration/snorlax/git.nix
@@ -61,7 +61,6 @@ in
     createHome = true;
     shell = pkgs.zsh;
     group = "git";
-    hashedPassword = "$6$Rc//lmBr5orYHn.0$M9y3Zj4zCe723r8hYGIhPC5kPv5SVGHjF1FsjrT9IIx7trxuNTLtLDQVL9lhmR5/7bFMUFEf0CMx9w7.vgXgY0";
     openssh.authorizedKeys.keyFiles = [
       ../../keys/id_tarrel.pub
       ../../keys/id_work.pub
diff --git a/configuration/snorlax/nginx.nix b/configuration/snorlax/nginx.nix
new file mode 100644
index 0000000..cc38496
--- /dev/null
+++ b/configuration/snorlax/nginx.nix
@@ -0,0 +1,21 @@
+{ ... }:
+{
+  networking.firewall.allowedTCPPorts = [ 443 ];
+
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = {
+      "jras.nl" = {
+        onlySSL = true;
+        kTLS = true;
+        enableACME = true;
+        root = "/srv/www/jras.nl";
+      };
+    };
+  };
+
+  security.acme.defaults.email = "jaspert.ras@gmail.com";
+  security.acme.acceptTerms = true;
+}