From 8438bf5b4580f70a790a35a16d67a2adaabd9e42 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Sun, 18 Feb 2024 20:11:21 -0800
Subject: [PATCH] fix(invidious): https

---
 nixos/access/invidious.nix |  5 ++++-
 systems/hakurei/nixos.nix  | 19 +++++++++----------
 2 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/nixos/access/invidious.nix b/nixos/access/invidious.nix
index b55aa49c..2a17d1b3 100644
--- a/nixos/access/invidious.nix
+++ b/nixos/access/invidious.nix
@@ -5,6 +5,7 @@
 }: let
   inherit (lib.options) mkOption;
   inherit (lib.modules) mkIf mkDefault mkOptionDefault;
+  inherit (config.services.nginx) virtualHosts;
   cfg = config.services.invidious;
   access = config.services.nginx.access.invidious;
 in {
@@ -44,9 +45,11 @@ in {
         kTLS = mkDefault true;
         inherit extraConfig;
       };
-      ${access.localDomain} = {
+      ${access.localDomain} = { config, ... }: {
         local.enable = true;
         locations."/" = location;
+        useACMEHost = mkDefault virtualHosts.${access.domain}.useACMEHost;
+        addSSL = mkIf (config.useACMEHost != null) (mkDefault true);
         kTLS = mkDefault true;
         inherit extraConfig;
       };
diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix
index 9f632f6b..b065b21c 100644
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@@ -123,6 +123,11 @@ in {
 
   services.nginx = let
     inherit (config.services.nginx) access;
+    vouch = {
+      authUrl = vouch-proxy.authUrl;
+      url = vouch-proxy.url;
+      proxyOrigin = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}";
+    };
   in {
     access.plex = assert plex.enable; {
       url = "http://${mediabox.networking.access.hostnameForNetwork.local}:32400";
@@ -158,18 +163,12 @@ in {
         useACMEHost = access.plex.domain;
       };
       ${access.kitchencam.domain} = {
-        vouch = {
-          authUrl = vouch-proxy.authUrl;
-          url = vouch-proxy.url;
-          proxyOrigin = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}";
-        };
+        inherit vouch;
       };
       ${access.invidious.domain} = {
-        vouch = {
-          authUrl = vouch-proxy.authUrl;
-          url = vouch-proxy.url;
-          proxyOrigin = "http://${tei.networking.access.hostnameForNetwork.tail}:${toString vouch-proxy.settings.vouch.port}";
-        };
+        inherit vouch;
+        useACMEHost = access.invidious.domain;
+        forceSSL = true;
       };
     };
   };