From f3557fbc8e43ad2d5608485f6181a75297c8ce0c Mon Sep 17 00:00:00 2001
From: Joshua Bell <abc@joshuabell.xyz>
Date: Mon, 9 Feb 2026 00:18:02 -0600
Subject: [PATCH] update ssl settings

---
 hosts/h001/containers/dawarich.nix | 7 ++++---
 hosts/h001/containers/immich.nix   | 7 ++++---
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/hosts/h001/containers/dawarich.nix b/hosts/h001/containers/dawarich.nix
index 337bc25b..9f8913a8 100644
--- a/hosts/h001/containers/dawarich.nix
+++ b/hosts/h001/containers/dawarich.nix
@@ -100,9 +100,10 @@ in
   options = { };
 
   config = {
-    services.nginx.virtualHosts."${domain}" = lib.mkIf (hasSecret "linode_rw_domains") {
-      forceSSL = true;
-      useACMEHost = "joshuabell.xyz";
+    services.nginx.virtualHosts."${domain}" = {
+      addSSL = true;
+      sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
+      sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
       extraConfig = ''
         client_max_body_size 50G;
         proxy_read_timeout 600s;
diff --git a/hosts/h001/containers/immich.nix b/hosts/h001/containers/immich.nix
index 4bd25d94..98330ea1 100644
--- a/hosts/h001/containers/immich.nix
+++ b/hosts/h001/containers/immich.nix
@@ -91,9 +91,10 @@ in
 {
   options = { };
   config = {
-    services.nginx.virtualHosts."photos.joshuabell.xyz" = lib.mkIf (hasSecret "linode_rw_domains") {
-      forceSSL = true;
-      useACMEHost = "joshuabell.xyz";
+    services.nginx.virtualHosts."photos.joshuabell.xyz" = {
+      addSSL = true;
+      sslCertificate = "/var/lib/acme/joshuabell.xyz/fullchain.pem";
+      sslCertificateKey = "/var/lib/acme/joshuabell.xyz/key.pem";
       extraConfig = ''
         client_max_body_size 50G;
         proxy_read_timeout 600s;