From 77cc8135c297cc2ba24bb121a6f6c07e920258ff Mon Sep 17 00:00:00 2001
From: Lukas Wurzinger <lukas@wrz.one>
Date: Thu, 22 Aug 2024 00:16:46 +0200
Subject: [PATCH] fix

---
 hosts/abacus/nginx.nix          | 31 +++++--------------------------
 hosts/abacus/static/default.nix | 12 ++++++++++++
 hosts/abacus/static/log.nix     | 18 ++++++++++++++++++
 hosts/abacus/static/main.nix    | 18 ++++++++++++++++++
 4 files changed, 53 insertions(+), 26 deletions(-)
 create mode 100644 hosts/abacus/static/default.nix
 create mode 100644 hosts/abacus/static/log.nix
 create mode 100644 hosts/abacus/static/main.nix

diff --git a/hosts/abacus/nginx.nix b/hosts/abacus/nginx.nix
index 0cea57c..dd9bc60 100644
--- a/hosts/abacus/nginx.nix
+++ b/hosts/abacus/nginx.nix
@@ -1,7 +1,4 @@
-{
-  config,
-  ...
-}: {
+{config, ...}: {
   services.nginx = {
     enable = true;
 
@@ -15,29 +12,11 @@
       access_log /var/log/nginx/access.log;
     '';
 
-    virtualHosts = let
-      inherit (config.networking) domain;
-    in {
-      "~.*" = {
-        default = true;
-        addSSL = false;
+    virtualHosts."~.*" = {
+      default = true;
+      rejectSSL = true;
 
-        globalRedirect = domain;
-      };
-
-      ${domain} = {
-        enableACME = true;
-        forceSSL = true;
-
-        root = "/var/www/${domain}";
-      };
-
-      "log.${domain}" = {
-        enableACME = true;
-        forceSSL = true;
-
-        root = "/var/www/log.${domain}";
-      };
+      globalRedirect = config.networking.domain;
     };
   };
 }
diff --git a/hosts/abacus/static/default.nix b/hosts/abacus/static/default.nix
new file mode 100644
index 0000000..0b8abc2
--- /dev/null
+++ b/hosts/abacus/static/default.nix
@@ -0,0 +1,12 @@
+{
+  imports = [
+    ./log.nix
+    ./main.nix
+  ];
+
+  systemd.tmpfiles.settings."10-static-sites"."/var/www".d = {
+    user = "root";
+    group = "root";
+    mode = "0755";
+  };
+}
diff --git a/hosts/abacus/static/log.nix b/hosts/abacus/static/log.nix
new file mode 100644
index 0000000..5187cca
--- /dev/null
+++ b/hosts/abacus/static/log.nix
@@ -0,0 +1,18 @@
+{config, ...}: let
+  inherit (config.networking) domain;
+  virtualHostName = "log.${domain}";
+  root = "/var/www/${virtualHostName}";
+in {
+  services.nginx.virtualHosts.${virtualHostName} = {
+    enableACME = true;
+    forceSSL = true;
+
+    inherit root;
+  };
+
+  systemd.tmpfiles.settings."10-static-sites".${root}.d = {
+    user = "lukas";
+    group = "lukas";
+    mode = "0755";
+  };
+}
diff --git a/hosts/abacus/static/main.nix b/hosts/abacus/static/main.nix
new file mode 100644
index 0000000..0ee4e05
--- /dev/null
+++ b/hosts/abacus/static/main.nix
@@ -0,0 +1,18 @@
+{config, ...}: let
+  inherit (config.networking) domain;
+  virtualHostName = domain;
+  root = "/var/www/${virtualHostName}";
+in {
+  services.nginx.virtualHosts.${virtualHostName} = {
+    enableACME = true;
+    forceSSL = true;
+
+    inherit root;
+  };
+
+  systemd.tmpfiles.settings."10-static-sites".${root}.d = {
+    user = "lukas";
+    group = "lukas";
+    mode = "0755";
+  };
+}