modules/nixos: add nginx

- set worker_processes / worker_cpu_affinity to auto, enable pcre_jit

- enable ktls

- set a default virtualHost for a 404 and use it for reuseport

- set enableACME, forceSSL by default, disable for localhost

- set robots header and file

modules/nixos/buildbot.nix

@@ -9,10 +9,7 @@
     inputs.buildbot-nix.nixosModules.buildbot-worker
   ];
 
-  services.nginx.virtualHosts."buildbot.nix-community.org" = {
-    enableACME = true;
-    forceSSL = true;
-  };
+  services.nginx.virtualHosts."buildbot.nix-community.org" = { };
 
   sops.secrets.buildbot-github-oauth-secret = { };
   sops.secrets.buildbot-github-app-secret-key = { };