From f620449ae6970fb18e450d2a426c00bff75a10e0 Mon Sep 17 00:00:00 2001
From: Craige McWhirter <craige.mcwhirter@iohk.io>
Date: Wed, 2 Sep 2020 13:50:42 +1000
Subject: [PATCH] Added ACME terms and proxypass settings

---
 roles/gitea.nix | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/roles/gitea.nix b/roles/gitea.nix
index 34b7298..84491e9 100644
--- a/roles/gitea.nix
+++ b/roles/gitea.nix
@@ -67,15 +67,26 @@
       locations."/".proxyPass = "http://localhost:3002/";   # Proxy Gitea
     };
     virtualHosts."git.mcwhirter.io" = {                     # Hostname to be redirected
+      enableACME = true;                                    # Use ACME certs
+      forceSSL = true;                                      # Force SSL
+      locations."/".proxyPass = "http://localhost:3002/";   # Proxy Gitea
       globalRedirect = "source.mcwhirter.io";               # Redirect permanently to the host
     };
     virtualHosts."code.mcwhirter.io" = {                    # Hostname to be redirected
+      enableACME = true;                                    # Use ACME certs
+      forceSSL = true;                                      # Force SSL
+      locations."/".proxyPass = "http://localhost:3002/";   # Proxy Gitea
       globalRedirect = "source.mcwhirter.io";               # Redirect permanently to the host
     };
   };
 
-  security.acme.certs = {
+  security.acme = {
+    acceptTerms = true;
+    certs = {
+      "code.mcwhirter.io".email   = "craige@mcwhirter.io";
+      "git.mcwhirter.io".email    = "craige@mcwhirter.io";
       "source.mcwhirter.io".email = "craige@mcwhirter.io";
+    };
   };
 
   users.groups.keys.members = [ "gitea" ];   # Required due to NixOps issue #1204