1 files changed, 17 insertions, 0 deletions

diff --git a/flora/services/nginx.nix b/flora/services/nginx.nix
new file mode 100644
index 0000000..bbcacb7
--- /dev/null
+++ b/flora/services/nginx.nix
@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services.nginx = {
+    enable = true;
+    
+    recommendedOptimisation = true;
+    recommendedTlsSettings = true;
+    recommendedProxySettings = true;
+
+    appendHttpConfig = ''
+      add_header Permissions-Policy "interest-cohort=()";
+    '';
+  };
+}