From b646261dd5439744c774989a370294b31eaf7c4a Mon Sep 17 00:00:00 2001
From: Vinzenz Schroeter <vinzenz.f.s@gmail.com>
Date: Mon, 15 Sep 2025 20:28:15 +0200
Subject: [PATCH] clean up nginx config

---
 nixosConfigurations/hetzner-vpn2/nginx.nix | 79 +++++-----------------
 1 file changed, 18 insertions(+), 61 deletions(-)

diff --git a/nixosConfigurations/hetzner-vpn2/nginx.nix b/nixosConfigurations/hetzner-vpn2/nginx.nix
index 2520533..563eb08 100644
--- a/nixosConfigurations/hetzner-vpn2/nginx.nix
+++ b/nixosConfigurations/hetzner-vpn2/nginx.nix
@@ -9,17 +9,9 @@ in
     defaults.email = "acme@zerforschen.plus";
   };
 
-  security.pam.services.nginx.setEnvironment = false;
   systemd.services = {
-    nginx.serviceConfig = {
-      SupplementaryGroups = [
-        "shadow"
-        "anubis"
-      ];
-    };
-    anubis-main.serviceConfig = {
-      SupplementaryGroups = [ "nginx" ];
-    };
+    nginx.serviceConfig.SupplementaryGroups = [ "anubis" ];
+    anubis-main.serviceConfig.SupplementaryGroups = [ "nginx" ];
   };
 
   services = {
@@ -32,59 +24,24 @@ in
       recommendedGzipSettings = true;
       recommendedOptimisation = true;
 
-      virtualHosts =
-        #let
-        #  servicesDomain = "services.zerforschen.plus";
-        #  mkServiceConfig =
-        #    { host, port }:
-        #    {
-        #      addSSL = true;
-        #      enableACME = true;
-        #      locations."/" = {
-        #        proxyPass = "http://${host}:${toString port}/";
-        #        extraConfig = ''
-        #          # bind to tailscale ip
-        #          proxy_bind 100.88.118.60;
-        #          # pam auth
-        #          limit_except OPTIONS {
-        #            auth_pam  "Password Required";
-        #            auth_pam_service_name "nginx";
-        #          }
-        #        '';
-        #      };
-        #    };
-        #  pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net";
-        #in
-        {
-          #"code.${servicesDomain}" = lib.mkMerge [
-          #  (mkServiceConfig {
-          #    host = pc2;
-          #    port = 8542;
-          #  })
-          #  { locations."/".proxyWebsockets = true; }
-          #];
-          #"view.${servicesDomain}" = mkServiceConfig {
-          #  host = pc2;
-          #  port = 1313;
-          #};
-
-          "zerforschen.plus" = {
-            addSSL = true;
-            enableACME = true;
-            locations."/" = {
-              proxyPass = "http://unix:" + anubis-domain-socket;
-            };
-          };
-
-          "blog-in-anubis" = {
-            root = pkgs.zerforschen-plus-content;
-            listen = [
-              {
-                addr = "unix:" + blog-domain-socket;
-              }
-            ];
+      virtualHosts = {
+        "zerforschen.plus" = {
+          addSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://unix:" + anubis-domain-socket;
           };
         };
+
+        "blog-in-anubis" = {
+          root = pkgs.zerforschen-plus-content;
+          listen = [
+            {
+              addr = "unix:" + blog-domain-socket;
+            }
+          ];
+        };
+      };
     };
 
     anubis.instances.main = {