commit 4259e931486c9d626d5ac83a2f5ce4ae46022d6c
author Skyler Grey <minion@clicks.codes> Sat Oct 21 21:37:03 2023 +0000
committer Skyler Grey <minion@clicks.codes> Sat Oct 21 21:41:54 2023 +0000
tree 06f46e36a002cddedca09d1aa924fd2ed1eea966
parent fe1740cc76af3fa3b69df4d588a3112384700003

Fix nextcloud and privatebin SSL config

Both of these were not properly configured for https+muitiple hosts. This commit
fixes that
- Enable SSL for privatebin
- Enable SSL for nextcloud
- Replace extra erroneous nextcloud.clicks.codes hostname with
  cloud.clicks.codes
- Repair missing SSL certificate generation options bug
  - This was impacting our ability to issue certifiates for our secondary
    hostnames

Change-Id: Ic9e7d4b0b5c83615f18c1e50579d9148ced71ba9

modules/privatebin.nix

diff --git a/modules/privatebin.nix b/modules/privatebin.nix
index 25e29fd..839f132 100644
--- a/modules/privatebin.nix
+++ b/modules/privatebin.nix
@@ -1,5 +1,10 @@
 { config, lib, base, ... }:
 lib.recursiveUpdate {
+  services.nginx.virtualHosts.privatebin = {
+    serverName = lib.mkForce "privatebin.clicks.codes";
+    enableACME = lib.mkForce true;
+    forceSSL = lib.mkForce true;
+  };
   services.privatebin = {
     enable = true;
     settings = {
@@ -21,13 +26,10 @@
         langaugeselection = true;
       };
 
-      nginx = {
-        serverName = "privatebin.clicks.codes";
-        enableACME = true;
-      };
-
       expire.default = "1month";
 
+      nginx.forceSSL = lib.mkForce true;
+
       expire_options = {
         "5min" =
           300; # looks bonkers, but I'm trying to keep the list ordered while also keeping the privatebin label formatter happy