From 5d11f49ecf05048626227dfe6f758360775b300f Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 7 May 2023 13:45:04 -0700
Subject: profile/acme: default DNS provider is gandi

Add the API key for gandi to the secrest, create a profile for acme with
my defaults.

The profile is loaded by tahoe since that's where our services are
running on.

Update all the servers in nginx to listen on their wireguard interface.
---
 modules/services/navidrome/default.nix | 15 ++++++---------
 1 file changed, 6 insertions(+), 9 deletions(-)

(limited to 'modules/services/navidrome/default.nix')

diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix
index 1e3b6e7..1c8243a 100644
--- a/modules/services/navidrome/default.nix
+++ b/modules/services/navidrome/default.nix
@@ -21,20 +21,22 @@ in
   config = lib.mkIf cfg.enable {
     services.navidrome = {
       enable = true;
-      settings = { MusicFolder = cfg.musicFolder; };
+      settings = {
+        MusicFolder = cfg.musicFolder;
+      };
     };
 
     services.nginx.virtualHosts."${cfg.vhostName}" = {
       forceSSL = true;
-      useACMEHost = cfg.vhostName;
+      useACMEHost = config.homelab.domain;
       listen = [
         {
-          addr = "100.85.232.66";
+          addr = "192.168.6.40";
           port = 443;
           ssl = true;
         }
         {
-          addr = "100.85.232.66";
+          addr = "192.168.6.40";
           port = 80;
           ssl = false;
         }
@@ -45,11 +47,6 @@ in
       };
     };
 
-    security.acme.certs."${cfg.vhostName}" = {
-      dnsProvider = "gcloud";
-      credentialsFile = secrets."acme/credentials".path;
-    };
-
     my.services.backup = {
       paths = [ "/var/lib/navidrome" ];
       exclude = [ "/var/lib/navidrome/cache/" ];
-- 
cgit 1.4.1