From a7f7e38532f07486c35afadb18e8e0db9dd6a5a9 Mon Sep 17 00:00:00 2001
From: arcnmx <git@git.arcn.mx>
Date: Thu, 21 Mar 2024 15:02:41 -0700
Subject: [PATCH] fix(hakurei): fallback ssl host

---
 systems/hakurei/nixos.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/systems/hakurei/nixos.nix b/systems/hakurei/nixos.nix
index 77c6406c..9fad6169 100644
--- a/systems/hakurei/nixos.nix
+++ b/systems/hakurei/nixos.nix
@@ -69,6 +69,14 @@ in {
   security.acme.certs = let
     inherit (nginx) access virtualHosts;
   in {
+    hakurei = {
+      inherit (nginx) group;
+      domain = config.networking.fqdn;
+      extraDomainNames = [
+        config.lib.access.hostnameForNetwork.local
+        (mkIf config.services.tailscale.enable config.lib.access.hostnameForNetwork.tail)
+      ];
+    };
     sso = {
       inherit (nginx) group;
       domain = virtualHosts.keycloak.serverName;
@@ -205,6 +213,7 @@ in {
       streamPort = 41081;
     };
     virtualHosts = {
+      fallback.ssl.cert.name = "hakurei";
       gensokyoZone.proxied.enable = "cloudflared";
       keycloak = {
         # we're not the real sso record-holder, so don't respond globally..