feat: allow setting tls on nixos

flake.nix

@@ -72,6 +72,12 @@
                 default = true;
                 description = "Whether to use Nginx to proxy requests.";
               };
+              useHostTls = lib.mkOption {
+                type = lib.types.bool;
+                default = false;
+                description =
+                  "Whether virtual host should enable NixOS ACME certs";
+              };
             };
             config.users = lib.mkIf cfg.enable {
               groups."${backendName}" = { };
@@ -99,23 +105,22 @@
                   Group = "${backendName}";
                 };
             };
-            config.services.nginx.virtualHosts.${cfg.host}.locations."/api" =
-              lib.mkIf cfg.enable {
+            config.services.nginx.virtualHosts.${cfg.host} = {
+              forceSSL = cfg.useHostTls;
+              enableACME = cfg.useHostTls;
+              locations."/api" = lib.mkIf cfg.enable {
                 proxyPass = "http://127.0.0.1:${toString cfg.port}";
                 # this is config for websocket
+                proxyWebsockets = true;
                 extraConfig = ''
                   rewrite ^/api/(.*)$ /$1 break;
                   proxy_set_header Host $host;
                   proxy_set_header X-Real-IP $remote_addr;
                   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                   proxy_set_header X-Forwarded-Proto $scheme;
-
-                  # Add the following lines for WebSocket support
-                  proxy_http_version 1.1;
-                  proxy_set_header Upgrade $http_upgrade;
-                  proxy_set_header Connection "upgrade";
                 '';
               };
+            };
           };
       });
   # see https://serokell.io/blog/practical-nix-flakes