srv0,webserver: expose port 80 so ACME can verify the certificate

nix/os/containers/webserver.nix

@@ -1,5 +1,6 @@
 { hostAddress
 , localAddress
+, httpPort ? 80
 , httpsPort ? 443
 }: {
   config = { config, pkgs, lib, ... }: {
@@ -17,18 +18,35 @@
     security.acme = {
       acceptTerms = true;
       certs."www.stefanjunker.de".email = "mail@stefanjunker.de";
+      preliminarySelfsigned = true;
+
+      # can be used for debugging
+      # server = "https://acme-staging-v02.api.letsencrypt.org/directory";
     };
 
     services.nginx.enable = true;
     services.nginx.virtualHosts."www.stefanjunker.de" = {
       default = true;
-      onlySSL = true;
+      addSSL = true;
+      listen = [
+        {
+          addr = "0.0.0.0";
+          port = httpPort;
+          ssl = false;
+        }
+        {
+          addr = "0.0.0.0";
+          port = httpsPort;
+          ssl = true;
+        }
+      ];
+
       root = "/var/www/stefanjunker.de/htdocs";
 
       enableACME = true;
-      serverAliases = [
+      # serverAliases = [
-        "stefanjunker.de"
+      #   "www.stefanjunker.de"
-      ];
+      # ];
       # sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
       # sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
 
@@ -94,6 +112,12 @@
 
   privateNetwork = true;
   forwardPorts = [
+    {
+      # http
+      containerPort = 80;
+      hostPort = httpPort;
+      protocol = "tcp";
+    }
     {
       # https
       containerPort = 443;

nix/os/devices/srv0.home-ch.stefanjunker.de/system.nix

@@ -61,6 +61,7 @@ in {
       hostAddress = "192.168.100.12";
       localAddress = "192.168.100.13";
 
+      httpPort = 80;
       httpsPort = 443;
     };