burnham: add thelounge and nginx

hosts/burnham/configuration.nix

@@ -10,6 +10,9 @@
       # Infrastructure
       ./services/wireguard.nix
 
+      # Other
+      ./services/thelounge.nix
+      ./services/nginx.nix
   ];
 
   boot.loader.systemd-boot.enable = lib.mkForce false;

hosts/burnham/services/nginx.nix

@@ -0,0 +1,19 @@
+{ config, values, ... }:
+{
+  services.nginx = {
+    enable = true;
+    enableReload = true;
+
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "felix@albrigtsen.it";
+  };
+}

hosts/burnham/services/thelounge.nix

@@ -0,0 +1,21 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.thelounge.extraConfig;
+  domain = "irc.home.feal.no";
+in {
+  services.thelounge = {
+    enable = true;
+
+    extraConfig = {
+      public = false;
+      host = "127.0.1.2";
+      port = 9000;
+      reverseProxy = true;
+    };
+  };
+
+  services.nginx.virtualHosts.${domain} = {
+    locations."/".proxyPass = "http://${cfg.host}:${toString cfg.port}";
+  };
+}
+