From 62c1eb4b1d28ed5485053f30ce8ef3d9833f1395 Mon Sep 17 00:00:00 2001
From: DACHXY <Danny10132024@gmail.com>
Date: Sat, 3 May 2025 23:48:14 +0800
Subject: [PATCH] feat: ssl for pre-nextcloud

---
 system/dev/dn-server/nginx.nix | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/system/dev/dn-server/nginx.nix b/system/dev/dn-server/nginx.nix
index 7b28da1..e498b2c 100644
--- a/system/dev/dn-server/nginx.nix
+++ b/system/dev/dn-server/nginx.nix
@@ -2,8 +2,6 @@
   config,
   lib,
   pkgs,
-  settings,
-  devices,
   ...
 }:
 let
@@ -12,7 +10,7 @@ let
   certScript = pkgs.writeShellScriptBin "certbot-nextcloud" ''
     ${pkgs.certbot}/bin/certbot certonly --webroot \
     --webroot-path ${acmeWebRoot} -v \
-    -d ${config.services.neextcloud.hostName} \
+    -d ${config.services.nextcloud.hostName} \
     --server https://ca.net.dn:8443/acme/acme/directory \
     -m admin@mail.net.dn
 
@@ -63,7 +61,7 @@ in
         '';
       };
 
-      pre7780Hostname = {
+      ${pre7780.hostname} = {
         listen = [
           {
             addr = "0.0.0.0";
@@ -93,6 +91,10 @@ in
           '';
         };
 
+        forceSSL = true;
+        sslCertificate = "/etc/letsencrypt/live/${pre7780.hostname}/fullchain.pem";
+        sslCertificateKey = "/etc/letsencrypt/live/${pre7780.hostname}/privkey.pem";
+
         extraConfig = ''
           ssl_protocols TLSv1.2 TLSv1.3;
           ssl_ciphers 'TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384';