feat: allow setting tls on nixos

flake.nix

@@ -72,6 +72,12 @@
                 default = true;
                 description = "Whether to use Nginx to proxy requests.";
               };
+              useHostTls = lib.mkOption {
+                type = lib.types.bool;
+                default = false;
+                description =
+                  "Whether virtual host should enable NixOS ACME certs";
+              };
             };
             config.users = lib.mkIf cfg.enable {
               groups."${backendName}" = { };
@@ -99,8 +105,10 @@
                   Group = "${backendName}";
                 };
             };
-            config.services.nginx.virtualHosts.${cfg.host}.locations."/api" =
-              lib.mkIf cfg.enable {
+            config.services.nginx.virtualHosts.${cfg.host} = {
+              forceSSL = cfg.useHostTls;
+              enableACME = cfg.useHostTls;
+              locations."/api" = lib.mkIf cfg.enable {
                 proxyPass = "http://127.0.0.1:${toString cfg.port}";
                 # this is config for websocket
                 proxyWebsockets = true;
@@ -112,6 +120,7 @@
                   proxy_set_header X-Forwarded-Proto $scheme;
                 '';
               };
+            };
           };
       });
   # see https://serokell.io/blog/practical-nix-flakes