From b48e7ebb13899b3c9d576e059fccebd3b1473dd6 Mon Sep 17 00:00:00 2001
From: Ellie <6687206+wizzeh@users.noreply.github.com>
Date: Tue, 10 Mar 2026 19:17:44 -0700
Subject: [PATCH] fix nginx

---
 flake.nix           |  1 +
 services/blog.nix   | 21 ++++++---------------
 services/coturn.nix | 12 ++----------
 services/nginx.nix  | 15 +++++++++++++++
 4 files changed, 24 insertions(+), 25 deletions(-)
 create mode 100644 services/nginx.nix

diff --git a/flake.nix b/flake.nix
index c2784cf..7ac02c3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -83,6 +83,7 @@
           ./common.nix
           ./hosts/vps/configuration.nix
           ./hosts/vps/disko-config.nix
+          ./services/nginx.nix
           ./services/blog.nix
           ./services/coturn.nix
           ./services/wireguard-outer.nix
diff --git a/services/blog.nix b/services/blog.nix
index 65eaf10..c79e464 100644
--- a/services/blog.nix
+++ b/services/blog.nix
@@ -1,22 +1,13 @@
 { ... }:
 
 {
-  services.nginx = {
-    enable = true;
+  services.nginx.virtualHosts."ellie.town" = {
+    enableACME = true;
+    forceSSL = true;
+    root = "/var/www/blog";
 
-    virtualHosts."ellie.town" = {
-      enableACME = true;
-      forceSSL = true;
-      root = "/var/www/blog";
-
-      locations."/" = {
-        index = "index.html";
-      };
+    locations."/" = {
+      index = "index.html";
     };
   };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "contact@elliehigh.com";
-  };
 }
diff --git a/services/coturn.nix b/services/coturn.nix
index 18cd4e0..5a7f74f 100644
--- a/services/coturn.nix
+++ b/services/coturn.nix
@@ -8,13 +8,8 @@
     group = "turnserver";
   };
 
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "wizzeh@protonmail.com";
-    certs."turn.ellie.town" = {
-      webroot = "/var/lib/acme/acme-challenges";
-    };
-    certs."ellie.town" = { };
+  security.acme.certs."turn.ellie.town" = {
+    webroot = "/var/lib/acme/acme-challenges";
   };
 
   networking.firewall = {
@@ -25,8 +20,6 @@
     allowedTCPPorts = [
       3478
       5349
-      80
-      443
     ];
     allowedUDPPortRanges = [
       {
@@ -62,7 +55,6 @@
   };
 
   services.nginx = {
-    enable = true;
     virtualHosts."turn.ellie.town" = {
       locations."/.well-known/acme-challenge/" = {
         root = "/var/lib/acme/acme-challenges";
diff --git a/services/nginx.nix b/services/nginx.nix
new file mode 100644
index 0000000..9a35612
--- /dev/null
+++ b/services/nginx.nix
@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "wizzeh@protonmail.com";
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  services.nginx.enable = true;
+}