From 61c05b35ebea09eb9aef59f4aac4a706001f7ec6 Mon Sep 17 00:00:00 2001
From: Seth Flynn <getchoo@tuta.io>
Date: Sat, 8 Feb 2025 20:44:49 -0500
Subject: nixos/nginx: actually act as a mixin

This doesn't require disabling anything. It only changes the defaults
---
 modules/nixos/mixins/nginx.nix | 45 +++++++++++++++++++++++++++---------------
 1 file changed, 29 insertions(+), 16 deletions(-)

(limited to 'modules/nixos/mixins')

diff --git a/modules/nixos/mixins/nginx.nix b/modules/nixos/mixins/nginx.nix
index 67d0c25..13dd5b5 100644
--- a/modules/nixos/mixins/nginx.nix
+++ b/modules/nixos/mixins/nginx.nix
@@ -1,22 +1,35 @@
 { config, lib, ... }:
-let
-  cfg = config.mixins.nginx;
-in
+
 {
-  options.mixins.nginx = {
-    enable = lib.mkEnableOption "NGINX mixin";
+  options = {
+    services.nginx.virtualHosts = lib.mkOption {
+      type = lib.types.attrsOf (
+        lib.types.submodule {
+          config = {
+            enableACME = lib.mkDefault true;
+            forceSSL = lib.mkDefault true;
+          };
+        }
+      );
+    };
   };
 
-  config = lib.mkIf cfg.enable {
-    services.nginx = {
-      enable = true;
+  config = lib.mkMerge [
+    {
+      services.nginx = {
+        enableReload = true;
 
-      recommendedBrotliSettings = true;
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-      recommendedZstdSettings = true;
-    };
-  };
+        recommendedBrotliSettings = true;
+        recommendedGzipSettings = true;
+        recommendedOptimisation = true;
+        recommendedProxySettings = true;
+        recommendedTlsSettings = true;
+        recommendedZstdSettings = true;
+      };
+    }
+
+    (lib.mkIf config.services.nginx.enable {
+      security.acme.defaults.reloadServices = [ "nginx.service" ];
+    })
+  ];
 }
-- 
cgit v1.2.3