{ pkgs, lib, config, ... }: let inherit (config) networking; inherit (config.services) nginx; in { imports = [ ../../nixos/profiles/services/nginx.nix nginx/sourcephile.fr.nix ]; users.groups."acme".members = [nginx.user]; users.groups."transmission".members = [nginx.user]; networking.nftables.ruleset = '' add rule inet filter net2fw tcp dport 8443 counter accept comment "HTTPS" ''; services.nginx = { enable = true; package = pkgs.nginx.override { modules = with pkgs.nginxModules; [ fancyindex ]; }; resolver = { addresses = [ "127.0.0.1:53" ]; valid = ""; }; virtualHosts."_" = { listen = [ { addr = "0.0.0.0"; port = 8443; ssl = true; } ]; onlySSL = true; #forceSSL = true; useACMEHost = networking.domain; }; }; }