1 files changed, 18 insertions, 3 deletions

diff --git a/hosts/ahmed/configuration.nix b/hosts/ahmed/configuration.nix
index a1937b0..fc1cc9c 100644
--- a/hosts/ahmed/configuration.nix
+++ b/hosts/ahmed/configuration.nix
@@ -9,7 +9,6 @@
       ./hardware-configuration.nix
       ./ssh.nix
       ./disable-screen.nix
-      ./cloudflare-ddns.nix
     ];
 
   # Create the main user.
@@ -45,13 +44,18 @@
     openFirewall = true;
   };
 
+  # Set up dukse server. Det er satme hårdt at være overduksepåmindelsesansvarlig.
   my.services.duksebot.enable = true;
 
-  # Host <https://linus.onl>.
+  # Virtual hosts.
+  services.nginx.enable = true;
   my.modules."linus.onl" = {
     enable = true;
     useACME = true;
-    openFirewall = true;
+  };
+  my.modules."notifications.linus.onl" = {
+    enable = true;
+    useACME = true;
   };
 
   # Configure ACME for various HTTPS services.
@@ -60,6 +64,17 @@
     defaults.email = "linusvejlo+${config.networking.hostName}[email protected]";
   };
 
+  # Configure DDNS. The website for each module is responsible for extending `services.cloudflare-dyndns.domains` with its domain.
+  age.secrets.cloudflare-dyndns-api-token.file = ../../secrets/cloudflare-ddns-token.env.age;
+  services.cloudflare-dyndns = {
+    enable = true;
+    apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path;
+    proxied = true;
+  };
+
+  # Listen for HTTP connections.
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
   # We are running behind CF proxy.
   my.modules.cloudflare-proxy.enable = true;