7 files changed, 92 insertions, 30 deletions

diff --git a/flake.nix b/flake.nix
index f3d31ff..557e550 100644
--- a/flake.nix
+++ b/flake.nix
@@ -151,6 +151,8 @@
         };
     in
     {
+      nixosModules = import ./nix/modules;
+
       packages = forAllSystems (
         system:
         let
diff --git a/nix/lib/mkSystem.nix b/nix/lib/mkSystem.nix
index ba9a46a..e96e1ef 100644
--- a/nix/lib/mkSystem.nix
+++ b/nix/lib/mkSystem.nix
@@ -42,7 +42,10 @@ systemFunc rec {
 
       inputs.agenix.nixosModules.default
     ]
-    ++ nixpkgs.lib.optional (!darwin) inputs.disko.nixosModules.disko
+    ++ nixpkgs.lib.optional (!darwin) [
+      (import ../modules/fcuny-net.nix)
+      inputs.disko.nixosModules.disko
+    ]
     ++ [
       {
         # https://github.com/nix-darwin/nix-darwin/issues/1339
diff --git a/nix/machines/vm-synology/default.nix b/nix/machines/vm-synology/default.nix
index 966d173..ec508d8 100644
--- a/nix/machines/vm-synology/default.nix
+++ b/nix/machines/vm-synology/default.nix
@@ -22,6 +22,7 @@
     ./git.nix
     ./hardware.nix
     ./ingress.nix
+    ./nginx.nix
     ../common/network.nix
   ];
 
diff --git a/nix/machines/vm-synology/nginx.nix b/nix/machines/vm-synology/nginx.nix
new file mode 100644
index 0000000..2c3b7fb
--- /dev/null
+++ b/nix/machines/vm-synology/nginx.nix
@@ -0,0 +1,10 @@
+{
+  ...
+}:
+{
+  services.fcuny-net = {
+    enable = true;
+    domain = "fcuny.net";
+    enableSSL = false; # Enable if you want HTTPS
+  };
+}
diff --git a/nix/modules/default.nix b/nix/modules/default.nix
new file mode 100644
index 0000000..3314156
--- /dev/null
+++ b/nix/modules/default.nix
@@ -0,0 +1,4 @@
+{
+  fcuny-net = import ./fcuny-net.nix;
+  # Add other modules here as you create them
+}
diff --git a/nix/modules/fcuny-net.nix b/nix/modules/fcuny-net.nix
new file mode 100644
index 0000000..eb5bf95
--- /dev/null
+++ b/nix/modules/fcuny-net.nix
@@ -0,0 +1,70 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  cfg = config.services.fcuny-net;
+
+  # Import your site - you'll need to adjust the path relative to this module
+  fcunyNet = import ../../src/fcuny.net { inherit pkgs; };
+in
+{
+  options.services.fcuny-net = {
+    enable = lib.mkEnableOption "fcuny.net static site";
+
+    domain = lib.mkOption {
+      type = lib.types.str;
+      default = "fcuny.net";
+      description = "Domain name for the site";
+    };
+
+    port = lib.mkOption {
+      type = lib.types.port;
+      default = 80;
+      description = "Port to serve the site on";
+    };
+
+    enableSSL = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = "Enable SSL/TLS with Let's Encrypt";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+      virtualHosts.${cfg.domain} = {
+        root = fcunyNet.site;
+
+        # SSL configuration
+        enableACME = cfg.enableSSL;
+        forceSSL = cfg.enableSSL;
+
+        locations."/" = {
+          tryFiles = "$uri $uri/ =404";
+        };
+
+        extraConfig = ''
+          # Cache static assets
+          location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
+            expires 1y;
+            add_header Cache-Control "public, immutable";
+          }
+        '';
+      };
+    };
+
+    # Open firewall
+    networking.firewall.allowedTCPPorts = [ cfg.port ] ++ lib.optional cfg.enableSSL 443;
+
+    # ACME/Let's Encrypt setup if SSL is enabled
+    security.acme = lib.mkIf cfg.enableSSL {
+      acceptTerms = true;
+      defaults.email = "franck@fcuny.net";
+    };
+  };
+}
diff --git a/src/fcuny.net/default.nix b/src/fcuny.net/default.nix
index b34bfe0..6ace901 100644
--- a/src/fcuny.net/default.nix
+++ b/src/fcuny.net/default.nix
@@ -17,7 +17,6 @@ let
 
     buildPhase = ''
       zola build
-      lychee docs/*.html
     '';
 
     installPhase = ''
@@ -31,36 +30,9 @@ let
     cd src/fcuny.net
     ${pkgs.zola}/bin/zola serve --interface 0.0.0.0 --port 1111
   '';
-
-  # Nginx configuration
-  nginxConfig = pkgs.writeText "fcuny-net.conf" ''
-    server {
-        listen 80;
-        server_name fcuny.net;
-
-        root ${site};
-        index index.html;
-
-        location / {
-            try_files $uri $uri/ =404;
-        }
-
-        # Optional: Add some basic security headers
-        add_header X-Frame-Options "SAMEORIGIN" always;
-        add_header X-Content-Type-Options "nosniff" always;
-        add_header X-XSS-Protection "1; mode=block" always;
-
-        # Cache static assets
-        location ~* \.(css|js|png|jpg|jpeg|gif|ico|svg)$ {
-            expires 1y;
-            add_header Cache-Control "public, immutable";
-        }
-    }
-  '';
-
 in
 {
-  inherit site serve nginxConfig;
+  inherit site serve;
 
   # Make site the default output
   default = site;