feat(modules): Init dgn-web

Add a module to enable recommended web settings

modules/default.nix

@@ -43,6 +43,7 @@
     "dgn-network"
     "dgn-secrets"
     "dgn-ssh"
+    "dgn-web"
   ]) ++ [
     "${sources.agenix}/modules/age.nix"
     "${sources.attic}/nixos/atticd.nix"

modules/dgn-web.nix

@@ -0,0 +1,26 @@
+{ config, lib, ... }:
+
+let
+  inherit (lib) mkEnableOption mkIf;
+
+  cfg = config.dgn-web;
+in {
+  options.dgn-web = {
+    enable = mkEnableOption "sane defaults for web services.";
+  };
+
+  config = mkIf cfg.enable {
+    services.nginx = {
+      enable = true;
+
+      recommendedBrotliSettings = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      recommendedZstdSettings = true;
+    };
+
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+  };
+}