feat(attic): enable HTTPS and configure Nginx with ACME

- Allow TCP ports 80 and 443 in the firewall for HTTP and HTTPS traffic.
- Enable Nginx with ACME integration for automatic SSL certificate management.
- Configure a virtual host with proxy settings and support for WebSocket traffic.

systems/x86_64-linux/attic/default.nix

@@ -44,9 +44,31 @@
     address = [ "2a01:4f9:c014:619::1/64" ];
     routes = [{ Gateway = "fe80::1"; }];
   };
-  networking.firewall.allowedTCPPorts = [ 8080 ];
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
   networking.firewall.allowPing = true;
 
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "harald@hoyer.xyz";
+  };
+
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."attic.teepot.org" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://[::1]:8080";
+        proxyWebsockets = true;
+        extraConfig = ''
+          client_max_body_size 0;
+        '';
+      };
+    };
+  };
+
   powerManagement.cpuFreqGovernor = "ondemand";
 
   system.stateVersion = "25.11";