From 474115c2c6d2ce965f45a60ca59490e128124878 Mon Sep 17 00:00:00 2001
From: John Bargman
Date: Wed, 20 Aug 2025 20:57:34 +0000
Subject: fixed everything

---
 services/website.nix | 41 ++++++++++++++++++++++++++++++++---------
 1 file changed, 32 insertions(+), 9 deletions(-)

(limited to 'services/website.nix')

diff --git a/services/website.nix b/services/website.nix
index d36f538..784f3b3 100644
--- a/services/website.nix
+++ b/services/website.nix
@@ -1,14 +1,37 @@
 { webroot }: { config, lib, pkgs, ... }:
+let 
+fqdn = "crashoverburn.com";
+in
 {
-  services.nginx.enable = true;
-  services.nginx.virtualHosts."crashoverburn.com" = {
-    addSSL = true;
-    enableACME = true;
-    root = webroot;
+  users.users.nginx.extraGroups = [ "acme" ];
+  security.acme.certs."${fqdn}" = 
+  {
+    extraDomainNames=  map (x: "${x}.${fqdn}") 
+        [
+            "pubsub"
+            "proxy"
+            "upload"
+            "conference"
+            "social"
+            "pics.social"
+          ];
+    webroot = "/var/lib/acme/acme-challenge/";
   };
-  services.nginx.virtualHosts."crashoverburn.online" = {
-    addSSL = true;
-    enableACME = true;
-    root = webroot;
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "${fqdn}" = {
+        forceSSL = true;
+        enableACME = true;
+        #useACMEHost = "crashoverburn.com";
+        locations."/".root = webroot;
+      };
+      "crashoverburn.online" = {
+        forceSSL = true;
+        #useACMEHost = "crashoverburn.com";
+        enableACME = true;
+         locations."/".root = webroot;
+      };
+    };
   };
 }
-- 
cgit v1.2.3