From 7958b5fbdb5e7e3e0cec9ef0cc3eacd86a9186c6 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Fri, 19 Apr 2024 16:09:54 -0700
Subject: [PATCH] chore(nginx): disable preread for now

---
 nixos/access/freeipa.nix    |  2 +-
 systems/hakurei/default.nix | 13 ++++++++-----
 2 files changed, 9 insertions(+), 6 deletions(-)

diff --git a/nixos/access/freeipa.nix b/nixos/access/freeipa.nix
index d19a1aef..da502d43 100644
--- a/nixos/access/freeipa.nix
+++ b/nixos/access/freeipa.nix
@@ -59,7 +59,7 @@ in {
     };
     preread = {
       enable = mkEnableOption "ssl preread" // {
-        default = true;
+        # TODO: default = true;
       };
       port = mkOption {
         type = port;
diff --git a/systems/hakurei/default.nix b/systems/hakurei/default.nix
index bfbb784e..1e97c024 100644
--- a/systems/hakurei/default.nix
+++ b/systems/hakurei/default.nix
@@ -1,4 +1,4 @@
-_: {
+{ lib, ... }: {
   imports = [
     ./proxmox.nix
   ];
@@ -24,17 +24,20 @@ _: {
         enable = true;
         id = "login.local";
       };
-      nginx = {
+      nginx = let
+        inherit (lib.modules) mkIf;
+        preread = false;
+      in {
         enable = true;
         ports = {
-          https_global = {
+          https_global = mkIf preread {
             port = 443;
             protocol = "https";
             listen = "wan";
           };
           https = {
-            enable = true;
-            port = 444;
+            port = mkIf preread 444;
+            listen = mkIf (!preread) "wan";
           };
           http.listen = "wan";
         };