fix nginx

flake.nix

@@ -83,6 +83,7 @@
           ./common.nix
           ./hosts/vps/configuration.nix
           ./hosts/vps/disko-config.nix
+          ./services/nginx.nix
           ./services/blog.nix
           ./services/coturn.nix
           ./services/wireguard-outer.nix

services/blog.nix

@@ -1,10 +1,7 @@
 { ... }:
 
 {
-  services.nginx = {
+  services.nginx.virtualHosts."ellie.town" = {
-    enable = true;
-
-    virtualHosts."ellie.town" = {
     enableACME = true;
     forceSSL = true;
     root = "/var/www/blog";
@@ -13,10 +10,4 @@
       index = "index.html";
     };
   };
-  };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "contact@elliehigh.com";
-  };
 }

services/coturn.nix

@@ -8,14 +8,9 @@
     group = "turnserver";
   };
 
-  security.acme = {
+  security.acme.certs."turn.ellie.town" = {
-    acceptTerms = true;
-    defaults.email = "wizzeh@protonmail.com";
-    certs."turn.ellie.town" = {
     webroot = "/var/lib/acme/acme-challenges";
   };
-    certs."ellie.town" = { };
-  };
 
   networking.firewall = {
     allowedUDPPorts = [
@@ -25,8 +20,6 @@
     allowedTCPPorts = [
       3478
       5349
-      80
-      443
     ];
     allowedUDPPortRanges = [
       {
@@ -62,7 +55,6 @@
   };
 
   services.nginx = {
-    enable = true;
     virtualHosts."turn.ellie.town" = {
       locations."/.well-known/acme-challenge/" = {
         root = "/var/lib/acme/acme-challenges";

services/nginx.nix

@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "wizzeh@protonmail.com";
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  services.nginx.enable = true;
+}