modules/nixos: add nginx

- set worker_processes / worker_cpu_affinity to auto, enable pcre_jit

- enable ktls

- set a default virtualHost for a 404 and use it for reuseport

- set enableACME, forceSSL by default, disable for localhost

- set robots header and file

modules/nixos/monitoring/default.nix

@@ -11,8 +11,6 @@
   sops.secrets.nginx-basic-auth-file.owner = "nginx";
 
   services.nginx.virtualHosts."monitoring.nix-community.org" = {
-    enableACME = true;
-    forceSSL = true;
     locations."/".return = "302 https://nix-community.org/monitoring";
     locations."/alertmanager/" = {
       basicAuthFile = config.sops.secrets.nginx-basic-auth-file.path;