hosts/architect/nginx.nix

@@ -13,7 +13,6 @@
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-    sslProtocols = "TLSv1.3";
 
     virtualHosts."architect.devs.giugl.io" = {
       default = true;

hosts/architect/prosody.nix

@@ -7,21 +7,18 @@ let
   network = import ./network.nix;
 in
 {
-  architect.firewall = {
-    openTCP = [ 5222 5269 ];
-  };
-
   services = {
     prosody = {
       enable = true;
-      virtualHosts.${domain} = {
+      virtualHosts = {
-        inherit domain;
+        "${domain}" = {
-
+          domain = domain;
           enabled = true;
           ssl.key = "${config.security.acme.certs.${domain}.directory}/key.pem";
           ssl.cert =
             "${config.security.acme.certs.${domain}.directory}/fullchain.pem";
         };
+      };
 
       muc = [{ domain = conference_domain; }];
       uploadHttp = { domain = upload_domain; };
@@ -30,16 +27,11 @@ in
       #httpInterfaces = [ "wg0" ];
       #httpsInterfaces = [ "wg0" ];
     };
+  };
 
-    nginx.virtualHosts = {
+  services.nginx.virtualHosts."${domain}".enableACME = true;
-      "${domain}" = {
+  #services.nginx.virtualHosts."${conference_domain}".enableACME = true;
-        enableACME = true;
+  #services.nginx.virtualHosts."${upload_domain}".enableACME = true;
-        forceSSL = true;
-      };
-      # "${conference_domain}".enableACME = true;
-      # "${upload_domain}".enableACME = true;
-    };
-  };
 
   networking.extraHosts = ''
     ${network.architect-lan} ${domain}