From fba9f555d3260360b6ab1432d7bcb7f4a538ad04 Mon Sep 17 00:00:00 2001
From: Lgmrszd <lgmrszd@disroot.org>
Date: Tue, 16 Jan 2024 21:50:40 +0300
Subject: [PATCH] Simpler acme setup

---
 hosts/vps1/configuration.nix | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/hosts/vps1/configuration.nix b/hosts/vps1/configuration.nix
index b232b1a..79a3bb9 100644
--- a/hosts/vps1/configuration.nix
+++ b/hosts/vps1/configuration.nix
@@ -39,10 +39,15 @@ in
 
   services.nginx = {
     enable = true;
-    virtualHosts.${gtnhDomain} = {
+    virtualHosts.${rootDomain} = {
       # addSSL = true;
       forceSSL = true;
-      # enableACME = true;
+      default = true;
+      enableACME = true;
+      root = "/var/www/todo";
+    };
+    virtualHosts.${gtnhDomain} = {
+      forceSSL = true;
       useACMEHost = "${rootDomain}";
       root = "/var/www/gtnh";
     };
@@ -61,24 +66,12 @@ in
       useACMEHost = "${rootDomain}";
       root = "/var/www/todo";
     };
-    virtualHosts."acmechallenge.${rootDomain}" = {
-      # Catchall vhost, will redirect users to HTTPS for all vhosts
-      serverAliases = [ "*.${rootDomain}" ];
-      locations."/.well-known/acme-challenge" = {
-        root = "/var/lib/acme/.challenges";
-      };
-      locations."/" = {
-        return = "301 https://$host$request_uri";
-      };
-    };
   };
 
   security.acme = {
     acceptTerms = true;
     defaults.email = "lgmrszd@disroot.org";
     certs.${rootDomain} = {
-      group = "nginx";
-      webroot = "/var/lib/acme/.challenges";
       extraDomainNames = [
         gtnhDomain
         akkoDomain