hosts/atlas+p-body: use cloudflared

1 files changed, 17 insertions, 18 deletions

diff --git a/hosts/atlas/nginx.nix b/hosts/atlas/nginx.nix
index 2356e1d..05cf3db 100644
--- a/hosts/atlas/nginx.nix
+++ b/hosts/atlas/nginx.nix
@@ -1,14 +1,13 @@
-{config, ...}: {
-  getchoo.server.acme.enable = true;
-  networking.firewall.allowedTCPPorts = [443];
-
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      email = "[email protected]";
-      dnsProvider = "cloudflare";
-      credentialsFile = config.age.secrets.cloudflareApiKey.path;
-    };
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (config.networking) domain;
+in {
+  getchoo.server = {
+    acme.enable = true;
+    services.cloudflared.enable = true;
   };
 
   services.nginx = {
@@ -20,8 +19,6 @@
     recommendedTlsSettings = true;
 
     virtualHosts = let
-      inherit (config.networking) domain;
-
       mkProxy = endpoint: port: {
         "${endpoint}" = {
           proxyPass = "http://localhost:${port}";
@@ -29,14 +26,16 @@
         };
       };
 
-      mkVHosts = builtins.mapAttrs (_: v:
-        v
-        // {
+      mkVHosts = let
+        commonSettings = {
           enableACME = true;
           # workaround for https://github.com/NixOS/nixpkgs/issues/210807
           acmeRoot = null;
-          forceSSL = true;
-        });
+
+          addSSL = true;
+        };
+      in
+        builtins.mapAttrs (_: lib.recursiveUpdate commonSettings);
     in
       mkVHosts {
         "miniflux.${domain}" = {