From f6b5bfc8e2d4745f7fdcfb6c4a24aa17d0eb410c Mon Sep 17 00:00:00 2001
From: kat <kat@inskip.me>
Date: Sun, 25 Sep 2022 20:43:10 -0700
Subject: [PATCH] fix(network): filter for create_cert

---
 nixos/network.nix | 12 ++++++------
 tf                |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/nixos/network.nix b/nixos/network.nix
index 79c65a97..681eadee 100644
--- a/nixos/network.nix
+++ b/nixos/network.nix
@@ -189,7 +189,7 @@
   };
   config = let
   sane_networks = lib.filterAttrs (network: settings: settings.interfaces != []) config.networks;
-    in {
+    in  {
     networks = {
         internet = {
           zone = mkDefault "kittywit.ch.";
@@ -346,7 +346,7 @@
               group = "domain-auth";
               mode = "0440";
             }
-          ) sane_networks;
+          ) (filterAttrs (_: settings: settings.create_cert) sane_networks);
           networks' = mapAttrs' (network: settings:
             nameValuePair "${fixedTarget settings}-key" {
               text = tf.acme.certs.${fixedTarget settings}.out.refPrivateKeyPem;
@@ -354,7 +354,7 @@
               group = "domain-auth";
               mode = "0440";
             }
-          ) sane_networks;
+          ) (filterAttrs (_: settings: settings.create_cert) sane_networks);
           domains = mapAttrs' (network: settings:
             nameValuePair "${fixedTarget settings}-cert" {
               text = tf.acme.certs.${fixedTarget settings}.out.refFullchainPem;
@@ -365,12 +365,12 @@
           ) (filterAttrs (network: settings: settings.create_cert) config.domains);
           domains' = mapAttrs' (network: settings:
             nameValuePair "${fixedTarget settings}-key" {
-              text = tf.acme.certs.${fixedTarget settings}.out.refPrivateKeyPem;
+              text = tf.acme.certs.${fixedTarget settings}.out.refFullchainPem;
               owner = settings.owner;
               group = settings.group;
               mode = "0440";
             }
-          ) (filterAttrs (network: settings: settings.create_cert) config.domains);
+          ) (filterAttrs (_: settings: settings.create_cert) config.domains);
           in networks // networks' // domains // domains';
 
     services.nginx.virtualHosts = let
@@ -378,7 +378,7 @@
             forceSSL = true;
             sslCertificate = config.secrets.files."${removeSuffix "." settings.target}-cert".path;
             sslCertificateKey = config.secrets.files."${removeSuffix "." settings.target}-key".path;
-          }) ([ settings.target ] ++ settings.extra_domains)) sane_networks);
+          }) ([ settings.target ] ++ settings.extra_domains)) (filterAttrs (_: settings: settings.create_cert) sane_networks));
           domainVirtualHosts = (attrValues (mapAttrs (network: settings: removeSuffix "." settings.target) (filterAttrs (network: settings:  settings.create_cert) config.domains)));
           domainVirtualHosts' = (map (hostname2: let
             hostname = if hasPrefix "@" hostname2 then "root" else hostname2;
diff --git a/tf b/tf
index ea25bd48..7e062031 160000
--- a/tf
+++ b/tf
@@ -1 +1 @@
-Subproject commit ea25bd488426f965bf39ad0a9cf01e84024d4554
+Subproject commit 7e06203140c80c7be8f84eba0f41bdc396e38341