nixos/nginx: actually act as a mixin

This doesn't require disabling anything. It only changes the defaults

5 files changed, 43 insertions, 23 deletions

diff --git a/modules/nixos/mixins/nginx.nix b/modules/nixos/mixins/nginx.nix
index 67d0c25..13dd5b5 100644
--- a/modules/nixos/mixins/nginx.nix
+++ b/modules/nixos/mixins/nginx.nix
@@ -1,22 +1,35 @@
 { config, lib, ... }:
-let
-  cfg = config.mixins.nginx;
-in
+
 {
-  options.mixins.nginx = {
-    enable = lib.mkEnableOption "NGINX mixin";
+  options = {
+    services.nginx.virtualHosts = lib.mkOption {
+      type = lib.types.attrsOf (
+        lib.types.submodule {
+          config = {
+            enableACME = lib.mkDefault true;
+            forceSSL = lib.mkDefault true;
+          };
+        }
+      );
+    };
   };
 
-  config = lib.mkIf cfg.enable {
-    services.nginx = {
-      enable = true;
+  config = lib.mkMerge [
+    {
+      services.nginx = {
+        enableReload = true;
 
-      recommendedBrotliSettings = true;
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-      recommendedZstdSettings = true;
-    };
-  };
+        recommendedBrotliSettings = true;
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+        recommendedZstdSettings = true;
+      };
+    }
+
+    (lib.mkIf config.services.nginx.enable {
+      security.acme.defaults.reloadServices = [ "nginx.service" ];
+    })
+  ];
 }
diff --git a/modules/nixos/profiles/server.nix b/modules/nixos/profiles/server.nix
index fe369ef..a6a19ca 100644
--- a/modules/nixos/profiles/server.nix
+++ b/modules/nixos/profiles/server.nix
@@ -36,7 +36,6 @@ in
 
         mixins = {
           cloudflared.enable = true;
-          nginx.enable = true;
         };
 
         nix.gc = {
diff --git a/systems/atlas/default.nix b/systems/atlas/default.nix
index a2abce8..f1d0f55 100644
--- a/systems/atlas/default.nix
+++ b/systems/atlas/default.nix
@@ -25,5 +25,9 @@
 
   nixpkgs.hostPlatform = "aarch64-linux";
 
+  services = {
+    nginx.enable = true;
+  };
+
   system.stateVersion = "23.05";
 }
diff --git a/systems/atlas/forgejo.nix b/systems/atlas/forgejo.nix
index 719ea7c..e60fafc 100644
--- a/systems/atlas/forgejo.nix
+++ b/systems/atlas/forgejo.nix
@@ -9,6 +9,9 @@ in
 
   services.nginx.virtualHosts = {
     "git.getchoo.com" = {
+      enableACME = false;
+      forceSSL = false;
+
       locations."/" = {
         proxyPass = "http://unix:${forgejoCfg.settings.server.HTTP_ADDR}";
       };
diff --git a/systems/atlas/miniflux.nix b/systems/atlas/miniflux.nix
index 6d3f8ca..179e512 100644
--- a/systems/atlas/miniflux.nix
+++ b/systems/atlas/miniflux.nix
@@ -17,12 +17,13 @@
       };
     };
 
-    nginx = {
-      virtualHosts = {
-        "miniflux.getchoo.com" = {
-          locations."/" = {
-            proxyPass = "http://unix:${lib.head config.systemd.sockets.miniflux.listenStreams}";
-          };
+    nginx.virtualHosts = {
+      "miniflux.getchoo.com" = {
+        enableACME = false;
+        forceSSL = false;
+
+        locations."/" = {
+          proxyPass = "http://unix:${lib.head config.systemd.sockets.miniflux.listenStreams}";
         };
       };
     };