wip: Add host deertopia

hosts/deertopia/services/nginx.nix

@@ -0,0 +1,46 @@
+{ config, lib, pkgs, ... }:
+
+let
+  deertopiaRoot = {
+    directory = "/persist/deertopia.net/";
+    group = "nginx";
+    user = "nginx";
+  };
+in
+{
+  services.nginx.enable = true;
+
+  networking.firewall.allowedTCPPorts = [
+    80  # HTTP
+    443 # HTTPS
+  ];
+
+  # With this section, virtual hosts declared through the Nginx NixOS module
+  # will automatically request ACME SSL certificates and configure systemd
+  # timers to renew the certificate if required.  See the article on the NixOS
+  # wiki, from which I've nabbed the following snippet:
+  # https://nixos.wiki/wiki/Nginx#Let.27s_Encrypt_certificates
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "lomiskiam@gmail.com";
+  };
+
+  services.nginx.virtualHosts."deertopia.net" = {
+    root = "${deertopiaRoot.directory}/www";
+
+    # addSSL = true;
+    forceSSL = true;
+    enableACME = true;
+
+    locations."/" = {
+      index = "index.html";
+    };
+  };
+
+  system.activationScripts.initialiseDeertopiaRoot.text = ''
+    mkdir -p "${deertopiaRoot.directory}"
+    chown -R "${deertopiaRoot.user}:${deertopiaRoot.user}" \
+      "${deertopiaRoot.directory}"
+    chmod -R 775 "${deertopiaRoot.directory}"
+  '';
+}