fix(openwebui): enable ssl for internal sgx

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>

systems/x86_64-linux/sgx/nginx.nix

@@ -0,0 +1,29 @@
+{ pkgs, lib, ... }:
+{
+  users.users.nginx.extraGroups = [ "acme" ];
+  services.nginx = {
+    enable = true;
+    clientMaxBodySize = "1000M";
+    appendHttpConfig = ''
+      log_format vcombined '$host:$server_port '
+              '$remote_addr - $remote_user [$time_local] '
+              '"$request" $status $body_bytes_sent '
+              '"$http_referer" "$http_user_agent"';
+      access_log /var/log/nginx/access.log vcombined;
+    '';
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts = {
+      "internal.hoyer.world" = {
+        enableACME = false;
+        useACMEHost = "internal.hoyer.world";
+        forceSSL = true;
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:${config.services.open-webui.port}";
+        };
+      };
+    };
+  };
+}