fix(invidious): https

nixos/access/invidious.nix

@@ -5,6 +5,7 @@
 }: let
   inherit (lib.options) mkOption;
   inherit (lib.modules) mkIf mkDefault mkOptionDefault;
+  inherit (config.services.nginx) virtualHosts;
   cfg = config.services.invidious;
   access = config.services.nginx.access.invidious;
 in {
@@ -44,9 +45,11 @@ in {
         kTLS = mkDefault true;
         inherit extraConfig;
       };
-      ${access.localDomain} = {
+      ${access.localDomain} = { config, ... }: {
         local.enable = true;
         locations."/" = location;
+        useACMEHost = mkDefault virtualHosts.${access.domain}.useACMEHost;
+        addSSL = mkIf (config.useACMEHost != null) (mkDefault true);
         kTLS = mkDefault true;
         inherit extraConfig;
       };

systems/hakurei/nixos.nix

@@ -123,6 +123,11 @@ in {
 
   services.nginx = let
     inherit (config.services.nginx) access;
+    vouch = {
+      authUrl = vouch-proxy.authUrl;
+      url = vouch-proxy.url;
+      proxyOrigin = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}";
+    };
   in {
     access.plex = assert plex.enable; {
       url = "http://${mediabox.networking.access.hostnameForNetwork.local}:32400";
@@ -158,18 +163,12 @@ in {
         useACMEHost = access.plex.domain;
       };
       ${access.kitchencam.domain} = {
-        vouch = {
-          authUrl = vouch-proxy.authUrl;
-          url = vouch-proxy.url;
-          proxyOrigin = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}";
-        };
+        inherit vouch;
       };
       ${access.invidious.domain} = {
-        vouch = {
-          authUrl = vouch-proxy.authUrl;
-          url = vouch-proxy.url;
-          proxyOrigin = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}";
-        };
+        inherit vouch;
+        useACMEHost = access.invidious.domain;
+        forceSSL = true;
       };
     };
   };