From d564bd5d0f2f8dea102fa2c1d56d27da784ee0c6 Mon Sep 17 00:00:00 2001
From: Till <till@ktiu.net>
Date: Mon, 15 Dec 2025 18:19:39 +0100
Subject: [PATCH] fixes?

---
 system/web-server/default.nix      | 4 ++++
 system/web-server/forgejo.nix      | 2 +-
 system/web-server/mail/default.nix | 6 ++++++
 3 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/system/web-server/default.nix b/system/web-server/default.nix
index 889f87b..6081eb1 100644
--- a/system/web-server/default.nix
+++ b/system/web-server/default.nix
@@ -11,6 +11,7 @@
     recommendedTlsSettings = true;
 
     virtualHosts = {
+
       "${config.networking.domain}" = {
         onlySSL = true;
         useACMEHost = config.networking.domain;
@@ -21,6 +22,7 @@
           '';
         };
       };
+
       "${config.networking.fqdn}-80" = {
         serverAliases = [
           "*.ktiu.net"
@@ -33,6 +35,7 @@
           return = "301 https://$host$request_uri";
         };
       };
+
       "${config.networking.fqdn}" = {
         onlySSL = true;
         useACMEHost = config.networking.domain;
@@ -40,6 +43,7 @@
           return = "404";
         };
       };
+
     };
 
   };
diff --git a/system/web-server/forgejo.nix b/system/web-server/forgejo.nix
index d84f349..f29d56a 100644
--- a/system/web-server/forgejo.nix
+++ b/system/web-server/forgejo.nix
@@ -14,7 +14,7 @@ in
   ];
 
   services.nginx.virtualHosts."${srv.DOMAIN}" = {
-    forceSSL = true;
+    onlySSL = true;
     useACMEHost = config.networking.domain;
     locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
     extraConfig = ''
diff --git a/system/web-server/mail/default.nix b/system/web-server/mail/default.nix
index 45d91b7..47fc6ac 100644
--- a/system/web-server/mail/default.nix
+++ b/system/web-server/mail/default.nix
@@ -7,4 +7,10 @@
     ./dovecot.nix
     ./roundcube.nix
   ];
+
+  security.acme.certs."${config.networking.domain}".reloadServices = [
+    "nginx"
+    "dovecot2"
+    "postfix"
+  ];
 }