1 files changed, 23 insertions, 7 deletions

diff --git a/nix/tazserve.nix b/nix/tazserve.nix
index 202614fb704b..53a94f6684f8 100644
--- a/nix/tazserve.nix
+++ b/nix/tazserve.nix
@@ -1,13 +1,19 @@
 { pkgs, config, ... }:
 
-with pkgs; let
-  blogSource = fetchgit {
-    url = "https://git.tazj.in/tazjin/tazblog.git";
-    sha256 = "0m745vb8k6slzdsld63rbfg583k70q3g6i5lz576sccalkg0r2l2";
-    rev = "aeeb11f1b76729115c4db98f419cbcda1a0f7660";
+with pkgs; let blogSource = fetchgit {
+  url = "https://git.tazj.in/tazjin/tazblog.git";
+  sha256 = "0m745vb8k6slzdsld63rbfg583k70q3g6i5lz576sccalkg0r2l2";
+  rev = "aeeb11f1b76729115c4db98f419cbcda1a0f7660";
+};
+tazblog = import ./tazblog { inherit blogSource; };
+blog = tazblog.tazblog;
+blogConfig = {
+  enableACME = true;
+  addSSL = true;
+  locations."/" = {
+    proxyPass = "http://127.0.0.1:8000";
   };
-  tazblog = import ./tazblog { inherit blogSource; };
-  blog = tazblog.tazblog;
+};
 in {
   # Ensure that blog software is installed
   environment.systemPackages = [
@@ -31,4 +37,14 @@ in {
     requires              = [ "tazblog-db.service" ];
     wantedBy              = [ "multi-user.target" ];
   };
+
+  # Set up reverse proxy
+  services.nginx = {
+    enable = true;
+    recommendedTlsSettings = true;
+    recommendedProxySettings = true;
+
+    virtualHosts."tazj.in" = blogConfig;
+    virtualHosts."www.tazj.in" = blogConfig;
+  };
 }