force https for dev and staging

[awful.systems.git] / hosts / these / configuration.nix

diff --git a/hosts/these/configuration.nix b/hosts/these/configuration.nix
index 86e11e009e59252ad5c914dbd575f1a398f790aa..e3ad13645a274ea1874992f518b20b9ac3750f8d 100644 (file)
--- a/hosts/these/configuration.nix
+++ b/hosts/these/configuration.nix
@@ -5,15 +5,36 @@
     ../../hardware/hetzner-cloud/cx21.nix
     ../../secrets
     ../../pass
-    #../../lemmy
+    ../../lemmy/staging
+    ../../lemmy/dev
     ../../maint-mode
     ../../git
   ];
 
   networking.hostName = "these";
 
-  awful.systems.maint-mode = {
-    enable = true;
-    virtualHost = "awful.systems";
+  services.nginx = {
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = {
+      "breaking.awful.systems" = {
+        forceSSL = true;
+        enableACME = true;
+      };
+
+      "making.awful.systems" = {
+        forceSSL = true;
+        enableACME = true;
+      };
+
+    };
   };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "self@awful.systems";
+  };
+
+  networking.firewall.allowedTCPPorts = [ 443 ];
 }