From e4edffd69f0e53fac865c2dea5c446833b44b777 Mon Sep 17 00:00:00 2001
From: efim <efim666@bk.ru>
Date: Mon, 9 Oct 2023 03:22:58 +0000
Subject: [PATCH] feat: allow setting tls on nixos

---
 flake.nix | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/flake.nix b/flake.nix
index 8a1884f..7f4bde7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -72,6 +72,12 @@
                 default = true;
                 description = "Whether to use Nginx to proxy requests.";
               };
+              useHostTls = lib.mkOption {
+                type = lib.types.bool;
+                default = false;
+                description =
+                  "Whether virtual host should enable NixOS ACME certs";
+              };
             };
             config.users = lib.mkIf cfg.enable {
               groups."${backendName}" = { };
@@ -99,8 +105,10 @@
                   Group = "${backendName}";
                 };
             };
-            config.services.nginx.virtualHosts.${cfg.host}.locations."/api" =
-              lib.mkIf cfg.enable {
+            config.services.nginx.virtualHosts.${cfg.host} = {
+              forceSSL = cfg.useHostTls;
+              enableACME = cfg.useHostTls;
+              locations."/api" = lib.mkIf cfg.enable {
                 proxyPass = "http://127.0.0.1:${toString cfg.port}";
                 # this is config for websocket
                 proxyWebsockets = true;
@@ -112,6 +120,7 @@
                   proxy_set_header X-Forwarded-Proto $scheme;
                 '';
               };
+            };
           };
       });
   # see https://serokell.io/blog/practical-nix-flakes