From 5dfec647b049343605e21add3759c8c99e562663 Mon Sep 17 00:00:00 2001
From: Mohammad Rafiq <rafiq@rrv.sh>
Date: Wed, 4 Jun 2025 20:49:54 +0800
Subject: [PATCH] feat(web-servers): add SSL support

---
 modules/nixos/server/web-servers/default.nix | 39 ++++++++++++++++----
 1 file changed, 32 insertions(+), 7 deletions(-)

diff --git a/modules/nixos/server/web-servers/default.nix b/modules/nixos/server/web-servers/default.nix
index 008c2a1..cfe2e49 100644
--- a/modules/nixos/server/web-servers/default.nix
+++ b/modules/nixos/server/web-servers/default.nix
@@ -9,16 +9,41 @@ in
     };
   };
   config = lib.mkMerge [
+    {
+      security.acme = {
+        acceptTerms = true;
+        defaults.email = "rafiq@rrv.sh";
+      };
+    }
     (lib.mkIf cfg.nginx.enable {
-      networking.firewall.allowedTCPPorts = [ 80 ];
+      networking.firewall.allowedTCPPorts = [
+        443
+        80
+      ];
       services.nginx = {
         enable = true;
-        virtualHosts.${config.system.hostname} = {
-          locations."/" = {
-            return = "200 '<html><body>It works!</body></html'";
-            extraConfig = ''
-              default_type text/html;
-            '';
+        virtualHosts = {
+          "chat.bwfiq.com" = {
+            forceSSL = true;
+            enableACME = true;
+            locations."/" = {
+              proxyPass = "http://helios:3080";
+            };
+          };
+          "il.bwfiq.com" = {
+            forceSSL = true;
+            enableACME = true;
+            locations."/" = {
+              proxyPass = "http://helios:2283";
+            };
+          };
+          ${config.system.hostname} = {
+            locations."/" = {
+              return = "200 '<html><body>It works!</body></html'";
+              extraConfig = ''
+                default_type text/html;
+              '';
+            };
           };
         };
       };