Fix everything.

system/services/server/webserver/acme/default.nix

@@ -0,0 +1,10 @@
+{ config, lib, ... }:
+{
+  config = lib.mkIf config.services.nginx.enable {
+    security.acme = { 
+      acceptTerms = true;
+      defaults.email = "contact@nixfox.ca";
+    };
+    environment.persistence."/persist".directories = [ "/var/lib/acme" ];
+  };
+}

system/services/server/webserver/default.nix

@@ -0,0 +1,9 @@
+{ lib, ... }: 
+{
+  options.system.webserver.enable = lib.mkEnableOption "Enable nginx related services";
+
+  imports = [
+    ./acme
+    ./nginx
+  ];
+}

system/services/server/webserver/nginx/default.nix

@@ -0,0 +1,24 @@
+{ config, lib, ... }:
+{
+  imports = [
+    ./rtmp
+    ./virtualhosts
+  ];
+
+  config = lib.mkIf config.system.server.enable {
+    services.nginx = {
+      enable = true;
+      recommendedTlsSettings = true;
+      recommendedOptimisation = true;
+      recommendedGzipSettings = true;
+      recommendedProxySettings = true;
+    };
+
+    environment.persistence."/persist".directories = [ "/var/www" ];
+
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
+  };
+}

system/services/server/webserver/nginx/rtmp/default.nix

@@ -0,0 +1,32 @@
+{ config, lib, pkgs, ... }:
+{
+  options.services.nginx.rtmp.enable = lib.mkEnableOption "Enable an RTMP server using Nginx";
+
+  config = lib.mkIf config.services.nginx.rtmp.enable {
+    services.nginx = {
+      package = (pkgs.nginx.override {
+        modules = with pkgs.nginxModules; [ rtmp ];
+      });
+      appendConfig = ''
+        rtmp {
+          server {
+            listen 1935;
+            chunk_size 4096;
+            allow publish all;
+            application stream {
+              record off;
+              live on;
+              allow play all;
+              hls on;
+              hls_path /var/www/landing-page/streams/hls/;
+              hls_fragment_naming system;
+              hls_fragment 3;
+              hls_playlist_length 40;
+            }
+          }
+        }
+      '';
+    };
+    systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/www/landing-page/streams/hls/" ];
+  };
+}

system/services/server/webserver/nginx/virtualhosts/default.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  imports = [
+    ./nixfox
+    ./jimbosfiles
+  ];
+}

system/services/server/webserver/nginx/virtualhosts/jimbosfiles/default.nix

@@ -0,0 +1,27 @@
+{ config, lib, ... }:
+{
+  services.nginx.virtualHosts."jimbosfiles.com" = lib.mkIf config.system.server.enable {
+    enableACME = true;
+    addSSL = true;
+    globalRedirect = "www.nixfox.ca";
+    locations = {
+      "/.well-known/matrix/client".extraConfig = ''
+        default_type application/json;
+        return 200 '
+          {
+            "m.homeserver": {
+              "base_url": "https://matrix.jimbosfiles.com"
+            },
+            "m.identity_server": {
+              "base_url": "https://matrix.org"
+            }
+          }
+        ';
+      '';
+      "/.well-known/matrix/server".extraConfig = ''
+        default_type application/json;
+        return 200 '{ "m.server": "matrix.jimbosfiles.com:443" }';
+      '';
+    };
+  };
+}

system/services/server/webserver/nginx/virtualhosts/nixfox/default.nix

@@ -0,0 +1,16 @@
+{ config, lib, ... }:
+{
+  services.nginx.virtualHosts = lib.mkIf config.system.server.enable {
+    "www.nixfox.ca" = {
+      enableACME = true;
+      addSSL = true;
+      default = true;
+      root = "/var/www/landing-page";
+    };
+    "nixfox.ca" = {
+      enableACME = true;
+      addSSL = true;
+      globalRedirect = "www.nixfox.ca";
+    };
+  };
+}