From 0d5b7fe3f52fed73b7cbc6175561ccc4c5fb1fcb Mon Sep 17 00:00:00 2001
From: Alexander Heldt <me@alexanderheldt.se>
Date: Fri, 30 Aug 2024 20:49:30 +0200
Subject: [PATCH] tadpole: Extract cert for `gitea`

---
 hosts/tadpole/modules/certs/default.nix | 6 ++++++
 hosts/tadpole/modules/gitea/default.nix | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/hosts/tadpole/modules/certs/default.nix b/hosts/tadpole/modules/certs/default.nix
index 2b1760b..141b367 100644
--- a/hosts/tadpole/modules/certs/default.nix
+++ b/hosts/tadpole/modules/certs/default.nix
@@ -7,6 +7,12 @@
         email = "p@ppp.pm";
         group = "nginx";
       };
+
+      "git.ppp.pm" = {
+        webroot = "/var/lib/acme/acme-challenge/";
+        email = "p@ppp.pm";
+        group = "nginx";
+      };
     };
   };
 }
diff --git a/hosts/tadpole/modules/gitea/default.nix b/hosts/tadpole/modules/gitea/default.nix
index c067a9b..acfe13f 100644
--- a/hosts/tadpole/modules/gitea/default.nix
+++ b/hosts/tadpole/modules/gitea/default.nix
@@ -48,7 +48,7 @@ in
     services.nginx = {
       virtualHosts."${domain}" = {
         forceSSL = true;
-        enableACME = true;
+        useACMEHost = domain;
 
         locations."/" = {
           proxyPass = "http://0.0.0:3000";