From d742a504f05a32815c99bd237ac1f54a49ca4d91 Mon Sep 17 00:00:00 2001
From: Stefan Junker <mail@stefanjunker.de>
Date: Fri, 1 Jan 2021 12:00:48 +0100
Subject: [PATCH] containers/webserver: use ACME for cert generation

---
 nix/os/containers/webserver.nix | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix
index 089f266..20a7e3a 100644
--- a/nix/os/containers/webserver.nix
+++ b/nix/os/containers/webserver.nix
@@ -14,14 +14,23 @@
         domain = "www.stefanjunker.de";
     };
 
+    security.acme = {
+      acceptTerms = true;
+      certs."www.stefanjunker.de".email = "mail@stefanjunker.de";
+    };
+
     services.nginx.enable = true;
-    services.nginx.virtualHosts."stefanjunker.de" = {
+    services.nginx.virtualHosts."www.stefanjunker.de" = {
       default = true;
       onlySSL = true;
       root = "/var/www/stefanjunker.de/htdocs";
 
-      sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
-      sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
+      enableACME = true;
+      serverAliases = [
+        "stefanjunker.de"
+      ];
+      # sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
+      # sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";
 
       locations."/fi" = {
         index = "index.php";