From e72478968c593eb8f7b72f72b797012e66e8c57b Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Tue, 16 Apr 2024 03:53:46 -0700
Subject: [PATCH] feat(exports): nginx

---
 modules/system/exports/nginx.nix | 34 ++++++++++++++++++++++++++++++++
 systems/hakurei/default.nix      | 15 ++++++++++++++
 systems/mediabox/default.nix     |  1 +
 systems/tei/default.nix          |  1 +
 systems/utsuho/default.nix       |  1 +
 5 files changed, 52 insertions(+)
 create mode 100644 modules/system/exports/nginx.nix

diff --git a/modules/system/exports/nginx.nix b/modules/system/exports/nginx.nix
new file mode 100644
index 00000000..bdadca7f
--- /dev/null
+++ b/modules/system/exports/nginx.nix
@@ -0,0 +1,34 @@
+{lib, gensokyo-zone, ...}: let
+  inherit (gensokyo-zone.lib) mapAlmostOptionDefaults mkAlmostOptionDefault;
+  inherit (lib.modules) mkIf;
+  inherit (lib.attrsets) mapAttrs;
+in {
+  config.exports.services.nginx = { config, ... }: let
+    mkAssertion = f: nixosConfig: let
+      cfg = nixosConfig.services.nginx;
+    in f nixosConfig cfg;
+    assertPorts = nixosConfig: cfg: {
+      assertion = config.ports.http.port == cfg.defaultHTTPListenPort && config.ports.https.port == cfg.defaultSSLListenPort;
+      message = "ports mismatch";
+    };
+  in {
+    nixos = {
+      serviceAttr = "nginx";
+      assertions = mkIf config.enable [
+        (mkAssertion assertPorts)
+      ];
+    };
+    defaults.port.listen = mkAlmostOptionDefault "lan";
+    ports = mapAttrs (_: mapAlmostOptionDefaults) {
+      http = {
+        port = 80;
+        protocol = "http";
+      };
+      https = {
+        enable = false;
+        port = 443;
+        protocol = "https";
+      };
+    };
+  };
+}
diff --git a/systems/hakurei/default.nix b/systems/hakurei/default.nix
index e1174fa8..bfbb784e 100644
--- a/systems/hakurei/default.nix
+++ b/systems/hakurei/default.nix
@@ -24,6 +24,21 @@ _: {
         enable = true;
         id = "login.local";
       };
+      nginx = {
+        enable = true;
+        ports = {
+          https_global = {
+            port = 443;
+            protocol = "https";
+            listen = "wan";
+          };
+          https = {
+            enable = true;
+            port = 444;
+          };
+          http.listen = "wan";
+        };
+      };
       sshd = {
         enable = true;
         ports.global = {
diff --git a/systems/mediabox/default.nix b/systems/mediabox/default.nix
index bb74d79a..ca7a5a85 100644
--- a/systems/mediabox/default.nix
+++ b/systems/mediabox/default.nix
@@ -10,6 +10,7 @@ _: {
   exports = {
     services = {
       sshd.enable = true;
+      nginx.enable = true;
       plex.enable = true;
       invidious.enable = true;
     };
diff --git a/systems/tei/default.nix b/systems/tei/default.nix
index 803d26d0..a43b433c 100644
--- a/systems/tei/default.nix
+++ b/systems/tei/default.nix
@@ -10,6 +10,7 @@ _: {
   exports = {
     services = {
       sshd.enable = true;
+      nginx.enable = true;
       tailscale.enable = true;
       home-assistant.enable = true;
       zigbee2mqtt.enable = true;
diff --git a/systems/utsuho/default.nix b/systems/utsuho/default.nix
index 37ef9195..e72175c0 100644
--- a/systems/utsuho/default.nix
+++ b/systems/utsuho/default.nix
@@ -10,6 +10,7 @@ _: {
   exports = {
     services = {
       sshd.enable = true;
+      nginx.enable = true;
       unifi.enable = true;
       mosquitto.enable = true;
       dnsmasq.enable = true;