nixos/gancio: actually enable ssl by default.

This commit is contained in:
Jean-Baptiste Giraudeau 2024-09-09 14:25:07 +02:00
parent 5af6aefbcc
commit 58ec286785
No known key found for this signature in database
GPG Key ID: 7CEF8C9CC2D9933B

View File

@ -157,11 +157,18 @@ in
};
nginx = mkOption {
type = types.submodule (import ../web-servers/nginx/vhost-options.nix { inherit config lib; });
type = types.submodule (
lib.recursiveUpdate (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) {
# enable encryption by default,
# as sensitive login credentials should not be transmitted in clear text.
options.forceSSL.default = true;
options.enableACME.default = true;
}
);
default = { };
example = {
enableACME = true;
forceSSL = true;
enableACME = false;
forceSSL = false;
};
description = "Extra configuration for the nginx virtual host of gancio.";
};
@ -260,8 +267,6 @@ in
virtualHosts."${cfg.settings.hostname}" = mkMerge [
cfg.nginx
{
enableACME = mkDefault true;
forceSSL = mkDefault true;
locations = {
"/" = {
index = "index.html";