Fix baka shark

hosts/shark/configuration.nix

@@ -6,6 +6,7 @@
       ../../base.nix
       ../../misc/metrics-exporters.nix
 
+      ./services/nginx.nix
       ./services/kanidm.nix
     ];
 

hosts/shark/services/kanidm.nix

@@ -1,7 +1,7 @@
 { config, pkgs, lib, ... }:
 let
   cfg = config.services.kanidm;
-  domain = "auth.pvv.ntnu.no";
+  domain = "idmtest.pvv.ntnu.no";
   bindaddr_web = "127.0.0.1:8300"; #
   bindaddr_ldaps = "0.0.0.0:636";
 in {
@@ -22,12 +22,10 @@ in {
     };
   };
 
-  systemd.services.kanidm = let
+  systemd.services.kanidm = {
-    certName = config.services.nginx.virtualHosts.${cfg.serverSettings.domain}.useACMEHost;
+    requires = [ "acme-finished-${domain}.target" ];
-  in {
-    requires = [ "acme-finished-${certName}.target" ];
     serviceConfig.LoadCredential = let
-      certDir = config.security.acme.certs.${certName}.directory;
+      certDir = config.security.acme.certs.${domain}.directory;
     in [
       "fullchain.pem:${certDir}/fullchain.pem"
       "key.pem:${certDir}/key.pem"

hosts/shark/services/nginx.nix

@@ -0,0 +1,29 @@
+{ config, values, ... }:
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "drift@pvv.ntnu.no";
+  };
+
+  services.nginx = {
+    enable = true;
+
+    enableReload = true;
+
+    defaultListenAddresses = [
+      values.hosts.shark.ipv4
+      "[${values.hosts.shark.ipv6}]"
+
+      "127.0.0.1"
+      "127.0.0.2"
+      "[::1]"
+    ];
+
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}