From 2480fdef5b5e07c5ab02d7350f0025a876889692 Mon Sep 17 00:00:00 2001
From: Daniel Barlow <dan@telent.net>
Date: Sat, 10 Aug 2024 23:05:50 +0100
Subject: [PATCH] set up nginx on bordervm for testing outboard secrets

---
 bordervm-configuration.nix                             | 10 ++++++++++
 pkgs/http-fstree/example.json => examples/secrets.json |  0
 2 files changed, 10 insertions(+)
 rename pkgs/http-fstree/example.json => examples/secrets.json (100%)

diff --git a/bordervm-configuration.nix b/bordervm-configuration.nix
index 1488b9a..fbc77a5 100644
--- a/bordervm-configuration.nix
+++ b/bordervm-configuration.nix
@@ -89,6 +89,16 @@ in {
       };
     };
 
+    services.nginx = {
+      enable = true;
+      user = "liminix";
+      virtualHosts.${config.networking.hostName} = {
+        root = "/home/liminix";
+        default = true;
+      };
+    };
+    systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
+
     systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
 
     virtualisation = {
diff --git a/pkgs/http-fstree/example.json b/examples/secrets.json
similarity index 100%
rename from pkgs/http-fstree/example.json
rename to examples/secrets.json