X-Git-Url: http://these/git/?a=blobdiff_plain;f=hosts%2Fthese%2Fconfiguration.nix;h=e3ad13645a274ea1874992f518b20b9ac3750f8d;hb=7a01c9e93bb43005f36f9a6b58221f88a6a4b07f;hp=86e11e009e59252ad5c914dbd575f1a398f790aa;hpb=6aaa19dd7cdb81600caad5b9d62dcb80950c998e;p=awful.systems.git

diff --git a/hosts/these/configuration.nix b/hosts/these/configuration.nix
index 86e11e0..e3ad136 100644
--- a/hosts/these/configuration.nix
+++ b/hosts/these/configuration.nix
@@ -5,15 +5,36 @@
     ../../hardware/hetzner-cloud/cx21.nix
     ../../secrets
     ../../pass
-    #../../lemmy
+    ../../lemmy/staging
+    ../../lemmy/dev
     ../../maint-mode
     ../../git
   ];
 
   networking.hostName = "these";
 
-  awful.systems.maint-mode = {
-    enable = true;
-    virtualHost = "awful.systems";
+  services.nginx = {
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = {
+      "breaking.awful.systems" = {
+        forceSSL = true;
+        enableACME = true;
+      };
+
+      "making.awful.systems" = {
+        forceSSL = true;
+        enableACME = true;
+      };
+
+    };
   };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "self@awful.systems";
+  };
+
+  networking.firewall.allowedTCPPorts = [ 443 ];
 }