From 12cbc5ed1e022e24a77f959268a63c61ae7086cb Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Mon, 29 Aug 2022 21:12:21 +0200
Subject: ma bgt: enable acme with cloudflare

---
 makefu/2configs/bgt/download.binaergewitter.de.nix | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/makefu/2configs/bgt/download.binaergewitter.de.nix b/makefu/2configs/bgt/download.binaergewitter.de.nix
index 1cf21f21..85379e77 100644
--- a/makefu/2configs/bgt/download.binaergewitter.de.nix
+++ b/makefu/2configs/bgt/download.binaergewitter.de.nix
@@ -59,6 +59,11 @@ in {
   systemd.services.nginx.serviceConfig.ReadWritePaths = [
     "/var/spool/nginx/logs/"
   ];
+  security.acme.certs."download.binaergewitter.de" = {
+    dnsProvider = "cloudflare";
+    credentialsFile = toString <secrets/lego-binaergewitter>;
+    webroot = lib.mkForce null;
+  };
 
   services.nginx = {
     appendHttpConfig = ''
@@ -70,6 +75,8 @@ in {
     recommendedGzipSettings = true;
     recommendedOptimisation = true;
     virtualHosts."download.binaergewitter.de" = {
+      enableSSL = true;
+      enableACME = true;
         serverAliases = [ "dl2.binaergewitter.de" ];
         root = "/var/www/binaergewitter";
         extraConfig = ''
-- 
cgit v1.2.3