From b893d6e21eb3258bfb373c16e23407a212cde3a1 Mon Sep 17 00:00:00 2001
From: teidesu <alina@tei.su>
Date: Sat, 23 Nov 2024 16:40:44 +0300
Subject: [PATCH] fix(koi): use security.acme.defaults

---
 hosts/koi/services/nginx.nix | 29 ++++++++++++++---------------
 1 file changed, 14 insertions(+), 15 deletions(-)

diff --git a/hosts/koi/services/nginx.nix b/hosts/koi/services/nginx.nix
index c2303f9..4857f7f 100644
--- a/hosts/koi/services/nginx.nix
+++ b/hosts/koi/services/nginx.nix
@@ -66,28 +66,27 @@
   systemd.services.nginx.after = [ "coredns.service" ];
 
   security.acme.acceptTerms = true;
-  security.acme.defaults.dnsResolver = "8.8.8.8:53"; # coredns tends to cache these too much
-  security.acme.certs = let 
-    common = {
-      email = "alina@tei.su";
-      group = "nginx";
-      dnsProvider = "cloudflare";
-      credentialFiles = {
-        "CLOUDFLARE_EMAIL_FILE" = config.desu.secrets.cloudflare-email.path;
-        "CLOUDFLARE_API_KEY_FILE" = config.desu.secrets.cloudflare-token.path;
-      };
+  security.acme.defaults = {
+    dnsResolver = "8.8.8.8:53"; # coredns tends to cache these too much
+    email = "alina@tei.su";
+    group = "nginx";
+    dnsProvider = "cloudflare";
+    credentialFiles = {
+      "CLOUDFLARE_EMAIL_FILE" = config.desu.secrets.cloudflare-email.path;
+      "CLOUDFLARE_API_KEY_FILE" = config.desu.secrets.cloudflare-token.path;
     };
-  in {
-    "stupid.fish" = common // {
+  };
+  security.acme.certs = {
+    "stupid.fish" = {
       extraDomainNames = [ "*.stupid.fish" ];
     };
-    "tei.su" = common // {
+    "tei.su" = {
       extraDomainNames = [ "*.tei.su" ];
     };
-    "tei.pet" = common // {
+    "tei.pet" = {
       extraDomainNames = [ "*.tei.pet" ];
     };
-    "s3.stupid.fish" = common // {
+    "s3.stupid.fish" = {
       extraDomainNames = [ "*.s3.stupid.fish" ];
     };
   };