fix nginx

flake.nix

@@ -83,6 +83,7 @@
           ./common.nix
           ./hosts/vps/configuration.nix
           ./hosts/vps/disko-config.nix
+          ./services/nginx.nix
           ./services/blog.nix
           ./services/coturn.nix
           ./services/wireguard-outer.nix

services/blog.nix

@@ -1,22 +1,13 @@
 { ... }:
 
 {
-  services.nginx = {
-    enable = true;
+  services.nginx.virtualHosts."ellie.town" = {
+    enableACME = true;
+    forceSSL = true;
+    root = "/var/www/blog";
 
-    virtualHosts."ellie.town" = {
-      enableACME = true;
-      forceSSL = true;
-      root = "/var/www/blog";
-
-      locations."/" = {
-        index = "index.html";
-      };
+    locations."/" = {
+      index = "index.html";
     };
   };
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "contact@elliehigh.com";
-  };
 }

services/coturn.nix

@@ -8,13 +8,8 @@
     group = "turnserver";
   };
 
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "wizzeh@protonmail.com";
-    certs."turn.ellie.town" = {
-      webroot = "/var/lib/acme/acme-challenges";
-    };
-    certs."ellie.town" = { };
+  security.acme.certs."turn.ellie.town" = {
+    webroot = "/var/lib/acme/acme-challenges";
   };
 
   networking.firewall = {
@@ -25,8 +20,6 @@
     allowedTCPPorts = [
       3478
       5349
-      80
-      443
     ];
     allowedUDPPortRanges = [
       {
@@ -62,7 +55,6 @@
   };
 
   services.nginx = {
-    enable = true;
     virtualHosts."turn.ellie.town" = {
       locations."/.well-known/acme-challenge/" = {
         root = "/var/lib/acme/acme-challenges";

services/nginx.nix

@@ -0,0 +1,15 @@
+{ ... }:
+
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "wizzeh@protonmail.com";
+  };
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+
+  services.nginx.enable = true;
+}