5 changed files with 5 additions and 49 deletions
--- a/configuration/common/default.nix
+++ b/configuration/common/default.nix
@ -52,23 +52,6 @@
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
-
-    appendHttpConfig = ''
-      server_names_hash_bucket_size 64;
-    '';
-
-    virtualHosts = {
-      "default" = {
-        default = true;
-        rejectSSL = true;
-        locations."/" = {
-          return = ''200 "Some piece of infrastructure\n"'';
-          extraConfig = ''
-            types { } default_type "text/plain; charset=utf-8";
-          '';
-        };
-      };
-    };
  };

  security.acme = {
--- a/hosts/porter/configuration.nix
+++ b/hosts/porter/configuration.nix
@ -22,18 +22,6 @@
  networking.defaultGateway6 = { address = "fe80::1"; interface = "ens3"; };
  networking.nameservers = [ "46.38.255.230" "46.38.252.230" ];

-  services.nginx.enable = true;
-  services.nginx.virtualHosts = {
-    "chisel.clerie.de" = {
-      enableACME = true;
-      addSSL = true;
-      locations."/" = {
-        proxyPass = "http://[::1]:3765";
-        proxyWebsockets = true;
-      };
-    };
-  };
-
  clerie.nginx-port-forward = {
    enable = true;
    tcpPorts."2022" = {
@ -44,7 +32,7 @@

  clerie.chisel.enable = true;

-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [ 443 ];
  networking.firewall.allowedUDPPorts = [];

  clerie.monitoring = {
--- a/modules/akne/default.nix
+++ b/modules/akne/default.nix
@ -9,9 +9,9 @@ in {
  options = {
    clerie.akne = {
      enable = mkEnableOption "Makes fun stuff with the nixos acme module.";
-      selfSignedOnlyHostNames = mkOption {
+      selfSigneOnlyHostNames = mkOption {
        type = with types; listOf str;
-        default = [];
+        default = {};
        description = "List of hostnames for which the acme client gets disabled. This hostnames use the self-signed certs instead.";
      };
    };
@ -34,21 +34,7 @@ in {
              }
            )
          ]
-        ) cfg.selfSignedOnlyHostNames
-      )
-    );
-    systemd.targets = with lib; listToAttrs (
-      flatten (
-        map (
-          name: [
-            (
-              nameValuePair "acme-finished-${name}" {
-                after = mkForce [ "acme-selfsigned-${name}.service" ];
-                requires = mkForce [ "acme-selfsigned-${name}.service" ];
-              }
-            )
-          ]
-        ) cfg.selfSignedOnlyHostNames
+        ) cfg.selfSigneOnlyHostNames
      )
    );
  };
--- a/modules/chisel/default.nix
+++ b/modules/chisel/default.nix
@ -19,7 +19,7 @@ in {
      after = [ "network.target" ];

      serviceConfig = {
-        ExecStart = "${pkgs.chisel}/bin/chisel server --host [::1] --port 3765 --authfile /var/src/secrets/chisel/users.json";
+        ExecStart = "${pkgs.chisel}/bin/chisel server --port 443 --authfile /var/src/secrets/chisel/users.json";
        Restart = "always";
      };
    };
--- a/modules/default.nix
+++ b/modules/default.nix
@ -3,7 +3,6 @@
 {
  imports = [
    ./policyrouting
-    ./akne
    ./anycast_healthchecker
    ./chisel
    ./gre-tunnel