nixos/gancio: actually enable ssl by default.

2024-10-11 06:57:38 +03:00 · 2024-09-09 14:25:07 +02:00 · 2024-09-09 14:25:07 +02:00 · 58ec286785
commit 58ec286785
parent 5af6aefbcc
1 changed files with 10 additions and 5 deletions
--- a/nixos/modules/services/web-apps/gancio.nix
+++ b/nixos/modules/services/web-apps/gancio.nix
@ -157,11 +157,18 @@ in
    };

    nginx = mkOption {
-      type = types.submodule (import ../web-servers/nginx/vhost-options.nix { inherit config lib; });
+      type = types.submodule (
+        lib.recursiveUpdate (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) {
+          # enable encryption by default,
+          # as sensitive login credentials should not be transmitted in clear text.
+          options.forceSSL.default = true;
+          options.enableACME.default = true;
+        }
+      );
      default = { };
      example = {
-        enableACME = true;
-        forceSSL = true;
+        enableACME = false;
+        forceSSL = false;
      };
      description = "Extra configuration for the nginx virtual host of gancio.";
    };
@ -260,8 +267,6 @@ in
      virtualHosts."${cfg.settings.hostname}" = mkMerge [
        cfg.nginx
        {
-          enableACME = mkDefault true;
-          forceSSL = mkDefault true;
          locations = {
            "/" = {
              index = "index.html";