Emma Thorpe
108f7b9528
Enable nginx with the recommended proxy/TLS/optimisation/gzip settings and a declarative virtualHosts table -- each proxied service is a Nix entry, so the routing lives in-repo. Ships one HTTP-only example vhost; enableACME/forceSSL are present but commented, to be flipped per-vhost once a DNS name and cert exist. Opens 80 and 443.