From 6d8ce8772bf45c7edf27cb6a5c01e6ff3090c5de Mon Sep 17 00:00:00 2001
From: s-prechtl <stefan@tague.at>
Date: Mon, 14 Jul 2025 18:44:06 +0200
Subject: [PATCH] feat: ssl certs

---
 hosts/hitsugibune/matrix.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/hosts/hitsugibune/matrix.nix b/hosts/hitsugibune/matrix.nix
index 86ab4f2..81162ab 100644
--- a/hosts/hitsugibune/matrix.nix
+++ b/hosts/hitsugibune/matrix.nix
@@ -42,16 +42,18 @@ in {
   };
   networking.firewall.allowedTCPPorts = [ 80 443 ];
 
-  services.nginx.virtualHosts.${config.services.coturn.realm} = {
+  services.nginx.virtualHosts.${turn.realm} = {
   addSSL = true;
   enableACME = false; # we’ll do ACME ourselves
   forceSSL = false;
+  sslCertificate = "${config.security.acme.certs.${turn.realm}.directory}/full.pem";
+  sslCertificateKey = "${config.security.acme.certs.${turn.realm}.directory}/key.pem";
   locations."/.well-known/acme-challenge/" = {
     root = "/var/lib/acme/acme-challenges";
   };
 };
 
-  security.acme.certs.${config.services.coturn.realm} = {
+  security.acme.certs.${turn.realm} = {
     email = "stefan@tague.at";
     webroot = "/var/lib/acme/acme-challenges";
     postRun = "systemctl restart coturn.service";