2 files changed, 41 insertions, 0 deletions

diff --git a/sys/web/sites/default.nix b/sys/web/sites/default.nix
index b453d24..a131aaf 100644
--- a/sys/web/sites/default.nix
+++ b/sys/web/sites/default.nix
@@ -1,5 +1,6 @@
 {
   imports = [
+    ./home.nix
     ./portal.nix
   ];
 }
diff --git a/sys/web/sites/home.nix b/sys/web/sites/home.nix
new file mode 100644
index 0000000..74f698c
--- /dev/null
+++ b/sys/web/sites/home.nix
@@ -0,0 +1,40 @@
+{ config, lib, ... }:
+with lib; let
+  cfg = config.local.web.sites.home;
+  inherit (config.local) domains;
+in
+{
+  options.local.web.sites.home = {
+    enable = mkEnableOption "home site";
+
+    proxyUrl = mkOption {
+      type = types.str;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    local.web = {
+      enable = mkDefault true;
+      ownedCerts = [ "home" ];
+    };
+
+    services.nginx.virtualHosts.${domains.home.main} = {
+      forceSSL = true;
+      useACMEHost = domains.home.main;
+
+      extraConfig = ''
+        ssl_verify_depth 2;
+        ssl_verify_client on;
+        ssl_client_certificate ${config.local.pki.ca.home.fullchain};
+
+        if ($ssl_client_verify != "SUCCESS") {
+          return 403;
+        }
+      '';
+
+      locations."/".extraConfig = ''
+        proxy_pass ${cfg.proxyUrl};
+      '';
+    };
+  };
+}