From e2e6fb5dae59b3d90968da5bc440e208025165b2 Mon Sep 17 00:00:00 2001
From: Bryan Ramos <bryan@ramos.codes>
Date: Thu, 12 Mar 2026 03:07:09 -0400
Subject: [PATCH] added ssl

---
 src/system/modules/nginx/default.nix | 30 ++++++++++++++--------------
 1 file changed, 15 insertions(+), 15 deletions(-)

diff --git a/src/system/modules/nginx/default.nix b/src/system/modules/nginx/default.nix
index 22c0201..340923c 100644
--- a/src/system/modules/nginx/default.nix
+++ b/src/system/modules/nginx/default.nix
@@ -12,29 +12,29 @@ in
   };
 
   config = mkIf cfg.enable {
-    networking.firewall.allowedTCPPorts = [ 80 /* 443 */ ];
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
 
-    # security.acme = {
-    #   acceptTerms = true;
-    #   defaults.email = config.user.email;
-    #
-    #   certs."${domain}" = {
-    #     domain = "*.${domain}";
-    #     dnsProvider = "namecheap";
-    #     environmentFile = "/var/lib/acme/namecheap.env";
-    #     group = "nginx";
-    #   };
-    # };
+    security.acme = {
+      acceptTerms = true;
+      defaults.email = config.user.email;
+
+      certs."${domain}" = {
+        domain = "*.${domain}";
+        dnsProvider = "namecheap";
+        environmentFile = "/var/lib/acme/namecheap.env";
+        group = "nginx";
+      };
+    };
 
     services.nginx = {
       enable = true;
-      # recommendedTlsSettings = true;
+      recommendedTlsSettings = true;
       recommendedOptimisation = true;
       recommendedGzipSettings = true;
 
       virtualHosts."test.${domain}" = {
-        # useACMEHost = domain;
-        # forceSSL = true;
+        useACMEHost = domain;
+        forceSSL = true;
         locations."/" = {
           return = "200 'nginx is working'";
           extraConfig = ''