From d7fc02342227fbd442f47e27fa12a42ff7998cd5 Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Sat, 30 Sep 2023 14:53:27 +0200
Subject: fix everything forever i hope

---
 modules/linus.onl/default.nix | 20 +++++---------------
 1 file changed, 5 insertions(+), 15 deletions(-)

(limited to 'modules/linus.onl/default.nix')

diff --git a/modules/linus.onl/default.nix b/modules/linus.onl/default.nix
index f65bf0b..617865c 100644
--- a/modules/linus.onl/default.nix
+++ b/modules/linus.onl/default.nix
@@ -12,15 +12,6 @@ in
     enable = mkEnableOption "${domain} static site";
 
     useACME = mkEnableOption "built-in HTTPS stuff";
-
-    openFirewall = mkOption {
-      description = ''
-        Open holes in the firewall so clients on LAN can connect. You must
-        set up port forwarding if you want to play over WAN.
-      '';
-      type = types.bool;
-      default = false;
-    };
   };
 
   config = mkIf cfg.enable {
@@ -91,16 +82,15 @@ in
       wantedBy = [ "nginx.service" ];
     };
 
-    networking.firewall = mkIf cfg.openFirewall {
-      allowedTCPPorts = [ 80 ] ++ (optional cfg.useACME 443);
-    };
+    # Register domain name with ddns.
+    services.cloudflare-dyndns.domains = [ domain ];
 
-    # Serve the generated page using NGINX.
+    # Register virtual host.
     services.nginx = {
-      enable = true;
-
       virtualHosts."${domain}" = {
+        # NOTE: 'forceSSL' will cause an infite loop, if the cloudflare proxy does NOT connect over HTTPS.
         enableACME = cfg.useACME;
+        forceSSL = cfg.useACME;
         root = "/var/www/${domain}";
       };
     };
-- 
cgit v1.2.3