feat: add ssl

2026-03-15 20:42:53 +01:00 · 2026-03-15 20:42:53 +01:00 · c3406d7df6
commit c3406d7df6
parent e3a3f16fd6
2 changed files with 9 additions and 5 deletions
--- a/data/network.nix
+++ b/data/network.nix
@ -64,10 +64,7 @@ rec {
      ip = ips.pi;
      reverse_proxy = {
        port = 6167;
-        extraConfig = {
-          enableACME = true;
-          forceSSL = true;
-        };
+        ssl = true;
      };
      domainOverride = "v2202603344638441294.bestsrv.de";
    };
--- a/services/nginx.nix
+++ b/services/nginx.nix
@ -21,6 +21,13 @@ let
    myExtraConfig = if service.reverse_proxy ? extraConfig
        then service.reverse_proxy.extraConfig
        else {};
+    sslConfig = if service.reverse_proxy ? ssl && service.reverse_proxy.ssl
+        then {
+          enableACME = true;
+          forceSSL = true;
+          listen = [ {addr = "0.0.0.0"; port = 443;} ];
+        }
+        else {};
  in
    {
      serverName = "${domain}";
@ -30,7 +37,7 @@ let
        allow ${network.network.subnet};
        deny all;
      '';
-    } // serverAlias // myExtraConfig;
+    } // serverAlias // sslConfig // myExtraConfig;
  rproxyServices = builtins.mapAttrs (virtualHostFn) network.reverse_proxy;
  serviceNamesMessage = builtins.toString (builtins.attrNames network.reverse_proxy);
  fallback = {