From 57f02e2dbeb0db6d9aefb4480ca22e04b08e6e0a Mon Sep 17 00:00:00 2001
From: Katharina Heidenreich <katharina.heidenreich@stud.tu-darmstadt.de>
Date: Sun, 15 Mar 2026 21:11:17 +0100
Subject: [PATCH] fix allow extern ssl connections

---
 data/network.nix   | 1 +
 services/nginx.nix | 9 ++++++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/data/network.nix b/data/network.nix
index 2284c9e..9cfcb06 100644
--- a/data/network.nix
+++ b/data/network.nix
@@ -65,6 +65,7 @@ rec {
       reverse_proxy = {
         port = 6167;
         ssl = true;
+        allowExternConnections = true;
         endpoints = ["/_matrix"];
       };
       domainOverride = "v2202603344638441294.bestsrv.de";
diff --git a/services/nginx.nix b/services/nginx.nix
index 36f1243..353e1cb 100644
--- a/services/nginx.nix
+++ b/services/nginx.nix
@@ -28,6 +28,13 @@ let
           listen = [ {addr = "0.0.0.0"; port = 80;} {addr = "0.0.0.0"; port = 443; ssl=true;} ];
         }
         else {};
+    externConnections = if service.reverse_proxy ? allowExternConnections && service.reverse_proxy.allowExternConnections
+        then {
+          extraConfig = ''
+            allow all;
+          '';
+        }
+        else {};
   in
     {
       serverName = "${domain}";
@@ -37,7 +44,7 @@ let
         allow ${network.network.subnet};
         deny all;
       '';
-    } // serverAlias // sslConfig // myExtraConfig;
+    } // serverAlias // sslConfig // externConnections // myExtraConfig;
   rproxyServices = builtins.mapAttrs (virtualHostFn) network.reverse_proxy;
   serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy);
   fallback = {