1 files changed, 60 insertions, 0 deletions

diff --git a/nix/machines/vm-synology/web.nix b/nix/machines/vm-synology/web.nix
new file mode 100644
index 0000000..f9c34cc
--- /dev/null
+++ b/nix/machines/vm-synology/web.nix
@@ -0,0 +1,60 @@
+{ ... }: {
+  # container for excalidraw
+  virtualisation.oci-containers.containers.excalidraw = {
+    autoStart = true;
+    image = "excalidraw/excalidraw:latest";
+    environment = { TZ = "America/Los_Angeles"; };
+    ports = [ "127.0.0.1:3030:80" ];
+    extraOptions = [ "--pull=always" ];
+  };
+
+  security.acme = {
+    defaults.email = "acme@fcuny.net";
+    acceptTerms = true;
+  };
+
+  services.nginx = {
+    enable = true;
+
+    recommendedProxySettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = {
+      "test.fcuny.net" = {
+        # make it the default site: if a request goes through nginx
+        # without a host header, this will be the default site we serve
+        # for that request.
+        default = true;
+        forceSSL = true;
+        enableACME = true;
+        locations = {
+          "/" = { root = "/srv/www/fcuny.net"; };
+          "/.well-known/acme-challenge" = {
+            root = "/var/lib/acme/acme-challenges";
+          };
+        };
+      };
+      "git.fcuny.net" = {
+        forceSSL = true;
+        enableACME = true;
+        locations = {
+          "/.well-known/acme-challenge" = {
+            root = "/var/lib/acme/acme-challenges";
+          };
+        };
+      };
+      "draw.fcuny.net" = {
+        forceSSL = true;
+        enableACME = true;
+        locations = {
+          "/".proxyPass = "http://127.0.0.1:3030";
+          "/.well-known/acme-challenge" = {
+            root = "/var/lib/acme/acme-challenges";
+          };
+        };
+      };
+    };
+  };
+}