From 390bc08ed1d567943e0ca2eb03d27fcf10a0c061 Mon Sep 17 00:00:00 2001
From: Alexander Heldt <me@alexanderheldt.se>
Date: Sun, 21 Jul 2024 10:58:02 +0200
Subject: [PATCH] tadpole: Add `ppp.pm-site` module

---
 hosts/tadpole/modules/default.nix             |  2 ++
 hosts/tadpole/modules/ppp.pm-site/default.nix | 33 +++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 hosts/tadpole/modules/ppp.pm-site/default.nix

diff --git a/hosts/tadpole/modules/default.nix b/hosts/tadpole/modules/default.nix
index 1ef72bd..97d1980 100644
--- a/hosts/tadpole/modules/default.nix
+++ b/hosts/tadpole/modules/default.nix
@@ -10,6 +10,8 @@ in
     mod = {
       ssh.enable = true;
       nginx.enable = true;
+
+      pppdotpm-site.enable = true;
     };
   };
 }
diff --git a/hosts/tadpole/modules/ppp.pm-site/default.nix b/hosts/tadpole/modules/ppp.pm-site/default.nix
new file mode 100644
index 0000000..06d889d
--- /dev/null
+++ b/hosts/tadpole/modules/ppp.pm-site/default.nix
@@ -0,0 +1,33 @@
+{ inputs, lib, config, ... }:
+let
+  enabled = config.mod.pppdotpm-site.enable;
+
+  nginxEnabled = config.mod.nginx.enable;
+in
+{
+  imports = [ inputs.pppdotpm-site.nixosModules.default ];
+
+  options = {
+    mod.pppdotpm-site = {
+      enable = lib.mkEnableOption "enable ppp.pm site";
+    };
+  };
+
+  config = lib.mkIf (enabled && nginxEnabled) {
+    security.acme = {
+      certs = {
+        "ppp.pm" = {
+          webroot = "/var/lib/acme/acme-challenge/";
+          email = "p@ppp.pm";
+          group = "nginx";
+        };
+      };
+    };
+
+    services.pppdotpm-site = {
+      enable = true;
+      domain = "ppp.pm";
+      useACMEHost = "ppp.pm";
+    };
+  };
+}