From 3bb9569eb4b1854b6f7da2e7ed1f7d2302b6d900 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?=
 <nicolas.jeannerod@tweag.io>
Date: Fri, 20 Sep 2024 18:51:21 +0200
Subject: [PATCH] ACME

---
 fediversity/default.nix  | 10 ++++++++++
 fediversity/pixelfed.nix |  2 ++
 2 files changed, 12 insertions(+)

diff --git a/fediversity/default.nix b/fediversity/default.nix
index 46ee05d..0fed04f 100644
--- a/fediversity/default.nix
+++ b/fediversity/default.nix
@@ -100,4 +100,14 @@ in {
       };
     };
   };
+
+  config = {
+    ## FIXME: This should clearly go somewhere else; and we should have a
+    ## `staging` vs. `production` setting somewhere.
+    security.acme = {
+      acceptTerms = true;
+      defaults.email = "nicolas.jeannerod+fediversity@moduscreate.com";
+      defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
+    };
+  };
 }
diff --git a/fediversity/pixelfed.nix b/fediversity/pixelfed.nix
index da77fea..c9b48a0 100644
--- a/fediversity/pixelfed.nix
+++ b/fediversity/pixelfed.nix
@@ -50,6 +50,8 @@ lib.mkIf (config.fediversity.enable && config.fediversity.pixelfed.enable) {
     ##
     ## TODO: If that indeed makes sense, upstream.
     nginx = {
+      forceSSL = true;
+      enableACME = true;
       # locations."/public/".proxyPass = "${config.fediversity.internal.garage.web.urlFor "pixelfed"}/public/";
     };
   };