feat: nginx and webhooks

configuration.nix

@@ -4,7 +4,23 @@
   config,
   pkgs,
   ...
-} : {
+}:
+let
+  ngx_http_geoip2_module = pkgs.stdenv.mkDerivation rec {
+    name = "ngx_http_geoip2_module-a28ceff";
+    src = pkgs.fetchgit {
+      url = "https://github.com/leev/ngx_http_geoip2_module";
+      rev = "445df24ef3781e488cee3dfe8a1e111997fc1dfe";
+      sha256 = "1h2xkxpb2nk4r3pkbzgas5rbl95i59jpa59rh94x2hyzxmzrzvv8";
+    };
+    installPhase = ''
+      mkdir $out
+      cp *.c config $out/
+    '';
+    fixupPhase = "";
+  };
+in
+{
   system.stateVersion = "23.11";
 
   #boot.loader.systemd-boot.enable = true;
@@ -15,8 +31,7 @@
 
   # USER MANAGEMENT
   nix.settings.trusted-users = [ "nixos" ];
-  users.users.nixos =
+  users.users.nixos = {
-    {
     isNormalUser = true;
     extraGroups = [ "wheel" ];
     openssh.authorizedKeys.keys = [
@@ -32,9 +47,28 @@
   security.sudo.wheelNeedsPassword = false;
 
   # NGINX
-  services.nginx.enable = true;
+  services.nginx = {
+    enable = true;
+    package = pkgs.nginx.overrideAttrs (oldAttrs: {
+      configureFlags = oldAttrs.configureFlags ++ [ "--add-module=${ngx_http_geoip2_module}" ];
+      buildInputs = oldAttrs.buildInputs ++ [ pkgs.libmaxminddb ];
+    });
+  };
 
-  environment.systemPackages = [
+  # WEBHOOK
-    pkgs.nginx
+  # TODO: we will have multiple instances of these,
-  ];
+  #       should they somehow broadcast changes to eachother?
+  # Should this be a GO service instead? With some raft mechanism?
+  # At that point, we could also switch from nginx to envoy or something...
+  services.webhook = {
+    enable = true;
+    port = 9000;
+    hooks = {
+      test = {
+        execute-command = "echo 'test'";
+      };
+    };
+  };
+
+  environment.systemPackages = [ pkgs.nginx ];
 }