Work on hydra config, fix tor relay config, prepare web-public-2 host

configuration/common/default.nix

@@ -1,7 +1,8 @@
-{ config, pkgs, ... }:
+{ pkgs, ... }:
 {
   imports = [
     ./prometheus-node-exporter.nix
+    ./nginx.nix
     ../../users/colmena-deploy
     ../../users/yuri
   ];
@@ -36,6 +37,7 @@
 
   services.openssh = {
     enable = true;
+    openFirewall = true;
     settings = {
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = false;
@@ -43,5 +45,10 @@
     };
   };
 
+  security.acme = {
+    defaults.email = "acme@grzb.de";
+    acceptTerms = true;
+  };
+
   services.fstrim.enable = true;
 }

configuration/common/nginx.nix

@@ -0,0 +1,9 @@
+{ ... }: {
+  services.nginx = {
+    enableReload = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+}