From af7d66ac108496d206e80f4516eff55dce14ea30 Mon Sep 17 00:00:00 2001
From: Haak Saxberg <haak.erling@gmail.com>
Date: Thu, 3 Nov 2022 16:32:58 -0700
Subject: [PATCH] set up SSL for jellyfin server

note: assumes that the mediaserver is hosting jellyfin. consider separating these concerns?
---
 nix/home/programs/jellyfin/default.nix | 8 +++++++-
 secrets                                | 2 +-
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/nix/home/programs/jellyfin/default.nix b/nix/home/programs/jellyfin/default.nix
index 06dda85..433680d 100644
--- a/nix/home/programs/jellyfin/default.nix
+++ b/nix/home/programs/jellyfin/default.nix
@@ -1,3 +1,5 @@
+{ lib, ... }:
+
 {
   networking.firewall = {
     allowedTCPPorts = [
@@ -17,6 +19,8 @@
 
   services.jellyfin.enable = true;
 
+  security.acme.acceptTerms = true;
+  security.acme.defaults.email = lib.strings.fileContents ../../../../secrets/letsencrypt/mediaserver/email;
   services.nginx = {
     enable = true;
     recommendedGzipSettings = true;
@@ -24,7 +28,9 @@
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
 
-    virtualHosts."mediaserver" = {
+    virtualHosts."${lib.strings.fileContents ../../../../secrets/letsencrypt/mediaserver/domain}" = {
+      forceSSL = true;
+      enableACME = true;
       # http2 can more performant for streaming: https://blog.cloudflare.com/introducing-http2/
       http2 = true;
 
diff --git a/secrets b/secrets
index 70b9503..b914c37 160000
--- a/secrets
+++ b/secrets
@@ -1 +1 @@
-Subproject commit 70b9503c98eb2f690a6c7461549ca59be3089db2
+Subproject commit b914c37721237fc8f22edfa19b83a7bdc3d4ff83