From f1defd435aa85e77a985348c9e50afe36038df63 Mon Sep 17 00:00:00 2001
From: Cilly Leang <mini@cilly.moe>
Date: Tue, 16 Jun 2026 23:22:18 +1000
Subject: [PATCH] containers/fluorite: configure ssl cert correctly

---
 containers/fluorite/flake.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/containers/fluorite/flake.nix b/containers/fluorite/flake.nix
index 4a447f9..746c702 100644
--- a/containers/fluorite/flake.nix
+++ b/containers/fluorite/flake.nix
@@ -28,7 +28,8 @@
       inherit modules;
     };
     nixosModule = { config, ... }: let
-      altfqdn = "fluorite.${config.networking.hostName}.lava.moe";
+      hostfqdn = "${config.networking.hostName}.lava.moe";
+      altfqdn = "fluorite.${hostfqdn}";
       # TODO: HACK
       listenAddr = if (config.networking.hostName == "alyssum")
         then [ "100.67.2.1" ]
@@ -48,8 +49,9 @@
         listenAddresses = listenAddr;
       };
 
+      security.acme.certs.${hostfqdn} = { extraDomainNames = [ "*.${hostfqdn}" ]; };
       services.nginx.virtualHosts."${altfqdn}" = {
-        useACMEHost = "lava.moe";
+        useACMEHost = hostfqdn;
         forceSSL = true;
         locations."/".proxyPass = "http://[${client}]:5030";
         listenAddresses = listenAddr;