chore: maintain

system/dev/dn-server/network/nginx.nix

@@ -2,22 +2,12 @@
   config,
   ...
 }:
+let
+  inherit (config.networking) domain;
+
+  gcpIP = "10.10.0.1";
+in
 {
-  security.acme = {
-    acceptTerms = true;
-    defaults = {
-      validMinDays = 2;
-      server = "https://10.0.0.1:${toString config.services.step-ca.port}/acme/acme/directory";
-      renewInterval = "daily";
-      email = "danny@net.dn";
-      dnsProvider = "pdns";
-      dnsPropagationCheck = false;
-      environmentFile = config.sops.secrets."acme/env".path;
-    };
-  };
-
-  users.users.nginx.extraGroups = [ "acme" ];
-
   services.nginx = {
     enable = true;
     enableReload = true;
@@ -26,44 +16,10 @@
     recommendedTlsSettings = true;
     recommendedProxySettings = true;
 
-    virtualHosts = {
-      "files.${config.networking.domain}" = {
-        enableACME = true;
-        forceSSL = true;
-
-        root = "/var/www/files";
-        locations."/" = {
-          extraConfig = ''
-            autoindex on;
-            autoindex_exact_size off;
-            autoindex_localtime on;
-          '';
-        };
-
-        extraConfig = ''
-          types {
-            image/png png;
-            image/jpeg jpg jpeg;
-            image/gif gif;
-          }
-        '';
-      };
-
-      "webcam.net.dn" = {
-        enableACME = true;
-        forceSSL = true;
-
-        locations."/ws/" = {
-          proxyPass = "http://10.0.0.130:8080/";
-          extraConfig = ''
-            proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "upgrade";
-          '';
-        };
-
-        locations."/".proxyPass = "http://10.0.0.130:8001/phone.html";
-      };
+    virtualHosts."manage.stalwart.${domain}" = {
+      useACMEHost = domain;
+      forceSSL = true;
+      locations."/".proxyPass = "http://${gcpIP}:8081";
     };
   };
 }