diff options
Diffstat (limited to 'hosts/atlas/nginx.nix')
| -rw-r--r-- | hosts/atlas/nginx.nix | 35 |
1 files changed, 17 insertions, 18 deletions
diff --git a/hosts/atlas/nginx.nix b/hosts/atlas/nginx.nix index 2356e1d..05cf3db 100644 --- a/hosts/atlas/nginx.nix +++ b/hosts/atlas/nginx.nix @@ -1,14 +1,13 @@ -{config, ...}: { - getchoo.server.acme.enable = true; - networking.firewall.allowedTCPPorts = [443]; - - security.acme = { - acceptTerms = true; - defaults = { - email = "[email protected]"; - dnsProvider = "cloudflare"; - credentialsFile = config.age.secrets.cloudflareApiKey.path; - }; +{ + config, + lib, + ... +}: let + inherit (config.networking) domain; +in { + getchoo.server = { + acme.enable = true; + services.cloudflared.enable = true; }; services.nginx = { @@ -20,8 +19,6 @@ recommendedTlsSettings = true; virtualHosts = let - inherit (config.networking) domain; - mkProxy = endpoint: port: { "${endpoint}" = { proxyPass = "http://localhost:${port}"; @@ -29,14 +26,16 @@ }; }; - mkVHosts = builtins.mapAttrs (_: v: - v - // { + mkVHosts = let + commonSettings = { enableACME = true; # workaround for https://github.com/NixOS/nixpkgs/issues/210807 acmeRoot = null; - forceSSL = true; - }); + + addSSL = true; + }; + in + builtins.mapAttrs (_: lib.recursiveUpdate commonSettings); in mkVHosts { "miniflux.${domain}" = { |