From 8bdec44465dc0192c8e92d9cd9170f489e9376a8 Mon Sep 17 00:00:00 2001
From: Vice <vice@nixfox.ca>
Date: Thu, 6 Mar 2025 21:25:21 -0500
Subject: [PATCH] Generalization and removal of legacy url

---
 .../accounts/users/system/nginx/default.nix   |   5 +-
 system/devices/boot/root-reset/default.nix    |   1 -
 .../devices/disks/snapper/jimbo/default.nix   |   4 +-
 .../devices/disks/snapper/jules/default.nix   |   4 +-
 system/devices/disks/snapper/root/default.nix |   4 +-
 system/secrets/default.nix                    | Bin 865 -> 781 bytes
 system/services/server/default.nix            |   2 +-
 system/services/server/forgejo/default.nix    |  10 ++--
 .../services/server/forgejo/nginx/default.nix |   2 +-
 .../server/jellyfin/nginx/default.nix         |   2 +-
 system/services/server/mysql/default.nix      |   6 +--
 system/services/server/nextcloud/default.nix  |  46 +++++++++---------
 .../server/nextcloud/nginx/default.nix        |   2 +-
 .../{webserver => nginx}/acme/default.nix     |   0
 system/services/server/nginx/default.nix      |  17 +++++++
 .../nginx/virtualhosts/default.nix            |   0
 .../nginx/virtualhosts/example/default.nix    |   0
 system/services/server/owncast/default.nix    |  14 +++---
 .../services/server/owncast/nginx/default.nix |   2 +-
 .../services/server/transmission/default.nix  |  14 +++---
 .../server/transmission/nginx/default.nix     |   2 +-
 .../services/server/vaultwarden/default.nix   |  38 +++++++--------
 .../server/vaultwarden/nginx/default.nix      |   2 +-
 system/services/server/webserver/default.nix  |   9 ----
 .../server/webserver/nginx/default.nix        |  19 --------
 25 files changed, 91 insertions(+), 114 deletions(-)
 rename system/services/server/{webserver => nginx}/acme/default.nix (100%)
 create mode 100644 system/services/server/nginx/default.nix
 rename system/services/server/{webserver => }/nginx/virtualhosts/default.nix (100%)
 rename system/services/server/{webserver => }/nginx/virtualhosts/example/default.nix (100%)
 delete mode 100644 system/services/server/webserver/default.nix
 delete mode 100644 system/services/server/webserver/nginx/default.nix

diff --git a/system/accounts/users/system/nginx/default.nix b/system/accounts/users/system/nginx/default.nix
index 2c5fa8a..c625847 100644
--- a/system/accounts/users/system/nginx/default.nix
+++ b/system/accounts/users/system/nginx/default.nix
@@ -3,10 +3,7 @@
   users = {
     users.nginx = {
       group = "nginx";
-      extraGroups = [
-        "turnserver"
-        "virtualMail"
-      ];
+      extraGroups = [ "virtualMail" ];
       isSystemUser = true;
       uid = 60;
     };
diff --git a/system/devices/boot/root-reset/default.nix b/system/devices/boot/root-reset/default.nix
index c7ac461..d8be8d6 100644
--- a/system/devices/boot/root-reset/default.nix
+++ b/system/devices/boot/root-reset/default.nix
@@ -1,7 +1,6 @@
 { config, ... }:
 {
   boot.initrd.systemd.services.root-reset = {
-    enable = true;
     description = "Create new and snapshot previous root";
     wantedBy = [ "initrd.target" ];
     before = [ "sysroot.mount" ];
diff --git a/system/devices/disks/snapper/jimbo/default.nix b/system/devices/disks/snapper/jimbo/default.nix
index 229beef..56e07d5 100644
--- a/system/devices/disks/snapper/jimbo/default.nix
+++ b/system/devices/disks/snapper/jimbo/default.nix
@@ -1,6 +1,6 @@
-{ config, lib, ... }:
+{ ... }:
 {
-  services.snapper.configs.jimbo = lib.mkIf config.environment.persistence."/persist".enable {
+  services.snapper.configs.jimbo = {
     SUBVOLUME = "/persist/home/jimbo";
     TIMELINE_CREATE = true;
     TIMELINE_CLEANUP = true;
diff --git a/system/devices/disks/snapper/jules/default.nix b/system/devices/disks/snapper/jules/default.nix
index b9bbf9e..cdbabfd 100644
--- a/system/devices/disks/snapper/jules/default.nix
+++ b/system/devices/disks/snapper/jules/default.nix
@@ -1,6 +1,6 @@
-{ config, lib, ... }:
+{ ... }:
 {
-  services.snapper.configs.jules = lib.mkIf config.environment.persistence."/persist".enable {
+  services.snapper.configs.jules = {
     SUBVOLUME = "/persist/home/jules";
     TIMELINE_CREATE = true;
     TIMELINE_CLEANUP = true;
diff --git a/system/devices/disks/snapper/root/default.nix b/system/devices/disks/snapper/root/default.nix
index b6de751..92e28cf 100644
--- a/system/devices/disks/snapper/root/default.nix
+++ b/system/devices/disks/snapper/root/default.nix
@@ -1,6 +1,6 @@
-{ config, lib, ... }:
+{ ... }:
 {
-  services.snapper.configs.root = lib.mkIf config.environment.persistence."/persist".enable {
+  services.snapper.configs.root = {
     SUBVOLUME = "/persist";
     TIMELINE_CREATE = true;
     TIMELINE_CLEANUP = true;
diff --git a/system/secrets/default.nix b/system/secrets/default.nix
index d18b6b7286e58357c389ae3da294220ce4fed0cb..6f2918ef0a6fe069c1bf453727c7d3ac32e0cb76 100644
GIT binary patch
literal 781
zcmV+o1M>U;M@dveQdv+`0Kmms4`c|sivN}A%@UDBS1n9zt6lk9VP+C;9cU)X7EyGP
zuC<4goS>gPem;CvVsvjC4uj+`)C?bhj)Olp9sNV9Dz}`$8l7GrQF-D9tk?{{S;Tbl
z#%Mmk!8Y8``}%J)c|w(>t+Io(x{T-i6Zpvp;kTR;{V?B!Ykt_D8)_9M9?_=|m1IAm
zNdm`~G!bVxw}SnvPQtgeX%ytv#nKqwFR56h_)>)D*Gr}kwq@iU>jiXe&Aw?J;Enp?
z|L%%9$h3t=+d|o`^T_+wfkzZ(mXs%KIy1V<o~pEMbRJsa3aU9=(Un?iKA}XfuH<&u
z&NK^Yp@>w0B$p#Rjf6B%7JgIBKEIGny5A1sX`uYBiV^D(H;>d^WVY&cG=J#v`q>_U
zPE7yWuCZ%Xm}Z>Z_?j(Mw41IB)s0XNoABfpm~b#<*O&zy2K3V(vSKLW(D8Q%NP*M_
zqCxBQX(By0H^7tywv-<w0K!<GN+7;uufVYfgv5uOs2FJ+k_{@A*-j;2WRF|GJ{KdZ
z@LvX{oW^iv0|ycKQ2Mzn_*nagZ0STWK2Udx#P_e8mb<F!y8n^4Vi@0vd~kS)7tJ97
zBwfJv*7#p`IcoVibpSC8a-o5(0CS|<GC}HFZokwru43m4YxfZsI+(foALi!C=@?tL
zyb5DBZO~k=3~=DNh0D!#%b+PIH3-p`9&{{M@f8<|)|FjRHrNM@dkN;iZ;WUMeCYVp
z4_4$jOa>O|zOg>t^SaC{7a-^EWO^q)#BQ&3IWD41J;af&?RR-~_3^4|B%!`)G>|Ls
zl$KhuNqT~?yV}{csLbXl<T^(NIO))b!#FVSt%WetH<%{TlK!-!c&$}J<W}L0r=1ZM
zVdk^nk+I4=C%c~o^Y{gTXMN$0KzYj~(22c3<GPQ!H5ZicPBUB5c_MdQ^$!u&0iw}e
zY%l&4#0X=;=&2+|udtSNs0(h!v_7@$Zy5G!jd&S;_ivEYFHIdx=nV`Q>Y$a2!}U{(
L5I9j<&t(rGIPZqm

literal 865
zcmV-n1D^Z<M@dveQdv+`0CtVtO$bJR=mU)4+XJUDw@qB^7<hP1t5;_@8=@Y<(~IiU
z)qlgZMzJY@Gr@w5X_B0ma7L=s^u&LSt>_^nAeSQj&USb}lLO;8ZNDGiMno|0WTa^|
zz^+RtCRSw9^Iyf=)MRPxeKgb*;Z2w3ghy?!f*W3o@Xi-)Sw;&|5<j%`ui*ml8P#%j
zFJ|BmwT737M@zH2KEc9fN-Po9L?%h5X#vk-kO#c1cU7Z{U<a_|q3TG-ztOcqyh4kD
z+lR!IVL6tS9LF|6Y4V~|X-K3veoE0;)VJfosGU5p9)o%<xp|B$L#tDwR`D!FnbnsI
z!eXjFzMFB2F=k*A!ehONsUBp$%lME^g>DOX4#8-lEKhcr9Ub3?xJff~liWVVhb_-k
zjYTDNs=?1z2EO~FfH{zQYrGs#K=7Q-pV$3ijV09AKQaBF-++RvZF&I@E#%0rYF<E-
z!lST#<}u_G@8YSrI|nsRUI?Xbq+Nl%T=G90Y)jaLJELMQQr!-Bi+NY=!_}ui8$xIE
zhyRQ&yI&l$=nDwTpYYTkpSfW$_wC^?9u=><i;3JuJp9#vntBtU=694EO%~7OZyDaz
zYcyeH@%f!O7FYg;^RydMO!4A&1J|IjOoiy;FZE_wT>sBWQjFm*vx?U-4=^mGmCex=
zOvXuWf6X_yt6+in|7$M89L2^0lt5lN`4!4GME07rz$0;B5501n?bS~lG(%u@*plPM
z|3OEY<yn|tBcP7C0hc^m)xn5?FH`BZ4tIv>W_gJU@CR@IRe)Slx(Pp%tpqJ3uMM8N
z>F~b>f|j`a3s@Wd@jSWmUF6O2PF@J=V$4Q{nf6DH`vp-bl9r}Wp+&#sF)~bl821%J
zHsre8cx0UEVOS$X<E{LL4X?Srr98SuaBQn!1C1v?ZPB-EWVZw@x`U?!*HSZxJeFxr
z$HhF^zY5Nj)D#0|Tuv^NLw1&@B7EG=s+bh~;_9Bay9eq0)N-yck(fnEAI@+rPXM`%
zXt#Z!Q-CNu?LWg^rgZoMGKsFq7aknw;@KUzFXhZdR_r77`SM$E(zQYw6xnDgdj3qv
r+TN}Xb#Qq7)T2}lGnJ+pA;qNO+YC=mjAcx(J3rO_&5)6(T}^D>U_`R5

diff --git a/system/services/server/default.nix b/system/services/server/default.nix
index 6ad7046..1fa1c26 100644
--- a/system/services/server/default.nix
+++ b/system/services/server/default.nix
@@ -7,10 +7,10 @@
     ./mysql
     ./nextcloud
     ./nfs
+    ./nginx
     ./owncast
     ./transmission
     ./vaultwarden
-    ./webserver
   ];
 
   options.system.server.enable = with lib; mkEnableOption "Enable server apps and services";
diff --git a/system/services/server/forgejo/default.nix b/system/services/server/forgejo/default.nix
index 9f6de97..963bfe1 100644
--- a/system/services/server/forgejo/default.nix
+++ b/system/services/server/forgejo/default.nix
@@ -8,17 +8,17 @@
       package = pkgs.forgejo;
       settings = {
         server = {
-          DOMAIN = "git.nixfox.ca";
-          ROOT_URL = "https://git.nixfox.ca:443";
+          DOMAIN = "git.example.com";
+          ROOT_URL = "https://git.example.com:443";
           HTTP_PORT = 3110;
           SSH_PORT = 2299;
           START_SSH_SERVER = true;
         };
         mailer = {
           ENABLED = true;
-          SMTP_ADDR = "mx.nixfox.ca";
-          FROM = "NixFox Git <noreply@nixfox.ca>";
-          USER = "noreply@nixfox.ca";
+          SMTP_ADDR = "mx.example.com";
+          FROM = "Example Git <noreply@example.com>";
+          USER = "noreply@example.com";
           PASSWD = config.secrets.noreplyPassword;
           PROTOCOL = "smtps";
         };
diff --git a/system/services/server/forgejo/nginx/default.nix b/system/services/server/forgejo/nginx/default.nix
index 5428884..f33cade 100644
--- a/system/services/server/forgejo/nginx/default.nix
+++ b/system/services/server/forgejo/nginx/default.nix
@@ -1,6 +1,6 @@
 { config, lib, ... }:
 {
-  services.nginx.virtualHosts."git.nixfox.ca" = lib.mkIf config.services.forgejo.enable {
+  services.nginx.virtualHosts."git.example.com" = lib.mkIf config.services.forgejo.enable {
     enableACME = true;
     forceSSL = true;
     locations."/" = {
diff --git a/system/services/server/jellyfin/nginx/default.nix b/system/services/server/jellyfin/nginx/default.nix
index bc9db65..73cd9da 100644
--- a/system/services/server/jellyfin/nginx/default.nix
+++ b/system/services/server/jellyfin/nginx/default.nix
@@ -1,6 +1,6 @@
 { config, lib, ... }:
 {
-  services.nginx.virtualHosts."jelly.nixfox.ca" = lib.mkIf config.services.forgejo.enable {
+  services.nginx.virtualHosts."jelly.example.com" = lib.mkIf config.services.forgejo.enable {
     enableACME = true;
     forceSSL = true;
     locations."/" = {
diff --git a/system/services/server/mysql/default.nix b/system/services/server/mysql/default.nix
index 65d5e15..4bd6b62 100644
--- a/system/services/server/mysql/default.nix
+++ b/system/services/server/mysql/default.nix
@@ -1,7 +1,7 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
 {
-  services.mysql = lib.mkIf config.system.server.enable {
-    enable = true;
+  services.mysql = {
+    enable = config.system.server.enable;
     package = pkgs.mariadb;
     ensureDatabases = [
       "minecraft"
diff --git a/system/services/server/nextcloud/default.nix b/system/services/server/nextcloud/default.nix
index 6bdb1de..de2e455 100644
--- a/system/services/server/nextcloud/default.nix
+++ b/system/services/server/nextcloud/default.nix
@@ -1,30 +1,28 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
 {
   imports = [ ./nginx ];
 
-  config = lib.mkIf config.system.server.enable {
-    services.nextcloud = {
-      enable = true;
-      package = pkgs.nextcloud30;
-      hostName = "cloud.nixfox.ca";
-      https = true;
-      config = {
-        adminuser = config.sysusers.main;
-        adminpassFile = "${pkgs.writeText "initial" config.secrets.initialPass}";
-      };
-      settings = {
-        trusted_proxies = [ "127.0.0.1" ];
-        trusted_domains = [ "cloud.nixfox.ca" ];
-        overwriteprotocol = "https";
-        mail_smtphost = "mx.nixfox.ca";
-        mail_domain = "nixfox.ca";
-        mail_from_address = "noreply";
-        mail_smtpauth = "true";
-        mail_smtpname = "noreply@nixfox.ca";
-        mail_smtppassword = config.secrets.noreplyPassword;
-        mail_smtpmode = "smtp";
-        mail_smtpport = 587;
-      };
+  services.nextcloud = {
+    enable = config.system.server.enable;
+    package = pkgs.nextcloud30;
+    hostName = "cloud.example.com";
+    https = true;
+    config = {
+      adminuser = config.sysusers.main;
+      adminpassFile = "${pkgs.writeText "initial" config.secrets.initialPass}";
+    };
+    settings = {
+      trusted_proxies = [ "127.0.0.1" ];
+      trusted_domains = [ "cloud.example.com" ];
+      overwriteprotocol = "https";
+      mail_smtphost = "mx.example.com";
+      mail_domain = "example.com";
+      mail_from_address = "noreply";
+      mail_smtpauth = "true";
+      mail_smtpname = "noreply@example.com";
+      mail_smtppassword = config.secrets.noreplyPassword;
+      mail_smtpmode = "smtp";
+      mail_smtpport = 587;
     };
   };
 }
diff --git a/system/services/server/nextcloud/nginx/default.nix b/system/services/server/nextcloud/nginx/default.nix
index 88712d4..b3e87a7 100644
--- a/system/services/server/nextcloud/nginx/default.nix
+++ b/system/services/server/nextcloud/nginx/default.nix
@@ -1,6 +1,6 @@
 { config, lib, ... }:
 {
-  services.nginx.virtualHosts."cloud.nixfox.ca" = lib.mkIf config.services.nextcloud.enable {
+  services.nginx.virtualHosts."cloud.example.com" = lib.mkIf config.services.nextcloud.enable {
     enableACME = true;
     addSSL = true;
     locations."/" = {
diff --git a/system/services/server/webserver/acme/default.nix b/system/services/server/nginx/acme/default.nix
similarity index 100%
rename from system/services/server/webserver/acme/default.nix
rename to system/services/server/nginx/acme/default.nix
diff --git a/system/services/server/nginx/default.nix b/system/services/server/nginx/default.nix
new file mode 100644
index 0000000..0ad0194
--- /dev/null
+++ b/system/services/server/nginx/default.nix
@@ -0,0 +1,17 @@
+{ config, lib, ... }:
+{
+  imports = [ ./virtualhosts ];
+
+  services.nginx = {
+    enable = config.system.server.enable;
+    recommendedTlsSettings = true;
+    recommendedOptimisation = true;
+    recommendedGzipSettings = true;
+    recommendedProxySettings = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+}
diff --git a/system/services/server/webserver/nginx/virtualhosts/default.nix b/system/services/server/nginx/virtualhosts/default.nix
similarity index 100%
rename from system/services/server/webserver/nginx/virtualhosts/default.nix
rename to system/services/server/nginx/virtualhosts/default.nix
diff --git a/system/services/server/webserver/nginx/virtualhosts/example/default.nix b/system/services/server/nginx/virtualhosts/example/default.nix
similarity index 100%
rename from system/services/server/webserver/nginx/virtualhosts/example/default.nix
rename to system/services/server/nginx/virtualhosts/example/default.nix
diff --git a/system/services/server/owncast/default.nix b/system/services/server/owncast/default.nix
index fd66cd6..a1cd7ab 100644
--- a/system/services/server/owncast/default.nix
+++ b/system/services/server/owncast/default.nix
@@ -1,13 +1,11 @@
-{ config, lib, ... }:
+{ config, ... }:
 {
   imports = [ ./nginx ];
 
-  config = lib.mkIf config.system.server.enable {
-    services.owncast = {
-      enable = true;
-      port = 8060;
-      rtmp-port = 1945;
-      listen = "0.0.0.0";
-    };
+  services.owncast = {
+    enable = config.system.server.enable;
+    port = 8060;
+    rtmp-port = 1945;
+    listen = "0.0.0.0";
   };
 }
diff --git a/system/services/server/owncast/nginx/default.nix b/system/services/server/owncast/nginx/default.nix
index abc052f..5dee103 100644
--- a/system/services/server/owncast/nginx/default.nix
+++ b/system/services/server/owncast/nginx/default.nix
@@ -1,6 +1,6 @@
 { config, lib, ... }:
 {
-  services.nginx.virtualHosts."live.nixfox.ca" = lib.mkIf config.services.owncast.enable {
+  services.nginx.virtualHosts."live.example.com" = lib.mkIf config.services.owncast.enable {
     enableACME = true;
     forceSSL = true;
     locations."/" = {
diff --git a/system/services/server/transmission/default.nix b/system/services/server/transmission/default.nix
index fbf29bb..c6594e1 100644
--- a/system/services/server/transmission/default.nix
+++ b/system/services/server/transmission/default.nix
@@ -1,13 +1,11 @@
-{ config, lib, pkgs, ... }:
+{ config, pkgs, ... }:
 {
   imports = [ ./nginx ];
 
-  config = lib.mkIf config.system.server.enable {
-    services.transmission = {
-      enable = true;
-      credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile;
-      openPeerPorts = true;
-      settings.rpc-authentication-required = true;
-    };
+  services.transmission = {
+    enable = config.system.server.enable;
+    credentialsFile = pkgs.writeText "credentials" config.secrets.transmissionCredFile;
+    openPeerPorts = true;
+    settings.rpc-authentication-required = true;
   };
 }
diff --git a/system/services/server/transmission/nginx/default.nix b/system/services/server/transmission/nginx/default.nix
index c4c737a..ee0ec29 100644
--- a/system/services/server/transmission/nginx/default.nix
+++ b/system/services/server/transmission/nginx/default.nix
@@ -1,6 +1,6 @@
 { config, lib, ... }:
 {
-  services.nginx.virtualHosts."tor.nixfox.ca" = lib.mkIf config.services.transmission.enable {
+  services.nginx.virtualHosts."tor.example.com" = lib.mkIf config.services.transmission.enable {
     enableACME = true;
     forceSSL = true;
     locations."/" = {
diff --git a/system/services/server/vaultwarden/default.nix b/system/services/server/vaultwarden/default.nix
index 2b2e1a9..47bb956 100644
--- a/system/services/server/vaultwarden/default.nix
+++ b/system/services/server/vaultwarden/default.nix
@@ -1,27 +1,25 @@
-{ config, lib, ... }:
+{ config, ... }:
 {
   imports = [ ./nginx ];
 
-  config = lib.mkIf config.system.server.enable {
-    services.vaultwarden = {
-      enable = true;
-      config = {
-        DOMAIN = "https://pass.nixfox.ca";
-        SIGNUPS_ALLOWED = false;
-        ROCKET_ADDRESS = "127.0.0.1";
-        ROCKET_PORT = 8222;
-        ROCKET_LOG = "critical";
+  services.vaultwarden = {
+    enable = config.system.server.enable;
+    config = {
+      DOMAIN = "https://pass.example.com";
+      SIGNUPS_ALLOWED = false;
+      ROCKET_ADDRESS = "127.0.0.1";
+      ROCKET_PORT = 8222;
+      ROCKET_LOG = "critical";
 
-        # Smtp email
-        SMTP_HOST = "mx.nixfox.ca";
-        SMTP_FROM = "noreply@nixfox.ca";
-        SMTP_FROM_NAME = "Vaultwarden";
-        SMTP_USERNAME = "noreply@nixfox.ca";
-        SMTP_PASSWORD = config.secrets.noreplyPassword;
-        SMTP_SECURITY = "starttls";
-        SMTP_PORT = 587;
-        SMTP_TIMEOUT = 15;
-      };
+      # Smtp email
+      SMTP_HOST = "mx.example.com";
+      SMTP_FROM = "noreply@example.com";
+      SMTP_FROM_NAME = "Vaultwarden";
+      SMTP_USERNAME = "noreply@example.com";
+      SMTP_PASSWORD = config.secrets.noreplyPassword;
+      SMTP_SECURITY = "starttls";
+      SMTP_PORT = 587;
+      SMTP_TIMEOUT = 15;
     };
   };
 }
diff --git a/system/services/server/vaultwarden/nginx/default.nix b/system/services/server/vaultwarden/nginx/default.nix
index 0877413..c2df452 100644
--- a/system/services/server/vaultwarden/nginx/default.nix
+++ b/system/services/server/vaultwarden/nginx/default.nix
@@ -1,6 +1,6 @@
 { config, lib, ... }:
 {
-  services.nginx.virtualHosts."pass.nixfox.ca" = lib.mkIf config.services.vaultwarden.enable {
+  services.nginx.virtualHosts."pass.example.com" = lib.mkIf config.services.vaultwarden.enable {
     enableACME = true;
     forceSSL = true;
     locations."/" = {
diff --git a/system/services/server/webserver/default.nix b/system/services/server/webserver/default.nix
deleted file mode 100644
index 5ccf66c..0000000
--- a/system/services/server/webserver/default.nix
+++ /dev/null
@@ -1,9 +0,0 @@
-{ lib, ... }: 
-{
-  imports = [
-    ./acme
-    ./nginx
-  ];
-
-  options.system.webserver.enable = lib.mkEnableOption "Enable nginx related services";
-}
diff --git a/system/services/server/webserver/nginx/default.nix b/system/services/server/webserver/nginx/default.nix
deleted file mode 100644
index 1a43163..0000000
--- a/system/services/server/webserver/nginx/default.nix
+++ /dev/null
@@ -1,19 +0,0 @@
-{ config, lib, ... }:
-{
-  imports = [ ./virtualhosts ];
-
-  config = lib.mkIf config.system.server.enable {
-    services.nginx = {
-      enable = true;
-      recommendedTlsSettings = true;
-      recommendedOptimisation = true;
-      recommendedGzipSettings = true;
-      recommendedProxySettings = true;
-    };
-
-    networking.firewall.allowedTCPPorts = [
-      80
-      443
-    ];
-  };
-}