From 42234e630efef5a718ca067f8f2e6516d43c692e Mon Sep 17 00:00:00 2001
From: Richie Cahill <Richie@tmmworkshop.com>
Date: Sun, 13 Apr 2025 17:26:48 -0400
Subject: [PATCH] temp

---
 systems/jeeves/services/acme.nix    | 22 ++++++++++++++++++++++
 systems/jeeves/services/haproxy.cfg | 11 ++++++-----
 2 files changed, 28 insertions(+), 5 deletions(-)
 create mode 100644 systems/jeeves/services/acme.nix

diff --git a/systems/jeeves/services/acme.nix b/systems/jeeves/services/acme.nix
new file mode 100644
index 0000000..cb02c91
--- /dev/null
+++ b/systems/jeeves/services/acme.nix
@@ -0,0 +1,22 @@
+{ config, ... }:
+let
+  vars = import ../vars.nix;
+in
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults = {
+      email = "themadmaker2@protonmail.com";
+      dnsResolver = "1.1.1.1:53";
+      extraLegoFlags = [
+        "--dns-timeout=300"
+      ];
+    };
+    certs."tmmworkshop.com" = {
+      dnsProvider = "cloudflare";
+      environmentFile = "${vars.secrets}/services/acme/cloudflare.txt";
+      email = "themadmaker2@protonmail.com";
+      group = config.services.haproxy.group;
+    };
+  };
+}
diff --git a/systems/jeeves/services/haproxy.cfg b/systems/jeeves/services/haproxy.cfg
index 06c369a..8b2afae 100644
--- a/systems/jeeves/services/haproxy.cfg
+++ b/systems/jeeves/services/haproxy.cfg
@@ -22,24 +22,25 @@ defaults
 #Application Setup
 frontend ContentSwitching
   bind *:80 v4v6
-  bind *:443 v4v6 ssl crt /zfs/storage/secrets/docker/cloudflare.pem
+  bind *:443 v4v6 ssl crt /var/lib/acme/tmmworkshop.com/full.pem
   mode  http
   # tmmworkshop.com
+  acl host_tmmworkshop  hdr(host) -i tmmworkshop.com
+  acl host_tmmworkshop  hdr(host) -i www.tmmworkshop.com
   acl host_audiobookshelf  hdr(host) -i audiobookshelf.tmmworkshop.com
   acl host_cache  hdr(host) -i cache.tmmworkshop.com
   acl host_filebrowser  hdr(host) -i filebrowser.tmmworkshop.com
   acl host_homeassistant  hdr(host) -i homeassistant.tmmworkshop.com
   acl host_jellyfin  hdr(host) -i jellyfin.tmmworkshop.com
   acl host_share  hdr(host) -i share.tmmworkshop.com
-  acl host_uptime_kuma  hdr(host) -i uptimekuma-jeeves.tmmworkshop.com
 
+  use_backend tmmworkshop_nodes if host_tmmworkshop
   use_backend audiobookshelf_nodes if host_audiobookshelf
   use_backend cache_nodes  if host_cache
   use_backend filebrowser_nodes  if host_filebrowser
   use_backend homeassistant_nodes  if host_homeassistant
   use_backend jellyfin if host_jellyfin
   use_backend share_nodes  if host_share
-  use_backend uptime_kuma_nodes  if host_uptime_kuma
 
 backend audiobookshelf_nodes
   mode http
@@ -68,6 +69,6 @@ backend share_nodes
   mode http
   server server 127.0.0.1:8091
 
-backend uptime_kuma_nodes
+backend tmmworkshop_nodes
   mode http
-  server server 127.0.0.1:3001
+  server server 127.0.0.1:8080