Add an SSL listener to insecure vhosts It is impossible to specify both a secure and an insecure variety of the same vhost, as they would need to be on the same hostname. As the only types of insecure hosts we want are forwards to ACME challenges anyway it makes sense to allow them over SSL too. Along with a helper nixfiles commit this will fix access to email over https Change-Id: I1e3dc3db735c0ccea5a6b7407cda8338ff7cf1e8

commit: 2efad7486c91522cf829fd72323d083594b51a90 [log] [tgz]
author: Skyler Grey <minion@clicks.codes> Sun Oct 22 10:58:12 2023 +0000
committer: Skyler Grey <minion@clicks.codes> Sun Oct 22 16:43:11 2023 +0000
tree: e89905d097a983488b5a2da632ecaf4023fb7232
parent: 5c7ee827fd35a9b2e489e919796f73536788c483 [diff] [blame]
diff --git a/nginx.nix b/nginx.nix
index 08dea07..376ed02 100644
--- a/nginx.nix
+++ b/nginx.nix

@@ -91,15 +91,10 @@
                     value = {
                         serverAliases = service.extraHosts;
 
-                        enableACME = service.secure;
+                        enableACME = true;
                         forceSSL = service.secure;
-                        listen = [
-                            {
-                                addr = "0.0.0.0";
-                                port = if service.secure then 443 else 80;
-                                ssl = service.secure;
-                            }
-                        ];
+                        addSSL = !service.secure;
+                        listenAddresses = [ "0.0.0.0" ];
                     };
                 }) currentPath service.secure priority
             else if service.type == "reverseproxy"
commit	2efad7486c91522cf829fd72323d083594b51a90	[log] [tgz]
author	Skyler Grey <minion@clicks.codes>	Sun Oct 22 10:58:12 2023 +0000
committer	Skyler Grey <minion@clicks.codes>	Sun Oct 22 16:43:11 2023 +0000
tree	e89905d097a983488b5a2da632ecaf4023fb7232
parent	5c7ee827fd35a9b2e489e919796f73536788c483 [diff] [blame]