From 68e39b8dc3aeb2e7172ba3a62af55a90f21baed4 Mon Sep 17 00:00:00 2001
From: Lucas Sta Maria <lucas@priime.dev>
Date: Wed, 13 Aug 2025 09:08:07 +0000
Subject: [PATCH] fix(nix): configure nginx/acme for multiple domains

---
 nix/hosts/chaewon/sys.nix | 23 ++++++++++++++++++++---
 1 file changed, 20 insertions(+), 3 deletions(-)

diff --git a/nix/hosts/chaewon/sys.nix b/nix/hosts/chaewon/sys.nix
index dd11238..fff483a 100644
--- a/nix/hosts/chaewon/sys.nix
+++ b/nix/hosts/chaewon/sys.nix
@@ -58,6 +58,19 @@
   security.acme = {
     acceptTerms = true;
     defaults.email = "lucas@priime.dev";
+    certs = {
+      "priime.dev" = {
+        webroot = "/var/lib/acme/priime-dev";
+        email = "lucas@priime.dev";
+        group = "nginx";
+        extraDomainNames = [ "www.priime.dev" ];
+      };
+      "files.priime.dev" = {
+        webroot = "/var/lib/acme/files-priime-dev";
+        email = "lucas@priime.dev";
+        group = "nginx";
+      };
+    };
   };
 
   networking.firewall.allowedTCPPorts = [ 80 443 ];
@@ -92,14 +105,18 @@
   services.nginx = {
     enable = true;
     virtualHosts = {
+      "_default_" = { locations."/".return = "301 https://priime.dev"; };
       "priime.dev" = {
         forceSSL = true;
-        enableACME = true;
-        locations."/".root = "/home/priime/site/build";
+        useACMEHost = "priime.dev";
+        serverAliases = [ "www.priime.dev" ];
+        acmeRoot = "/var/lib/acme/priime-dev";
+        locations."/" = { root = "/home/priime/site/build"; };
       };
       "files.priime.dev" = {
         forceSSL = true;
-        enableACME = true;
+        useACMEHost = "files.priime.dev";
+        acmeRoot = "/var/lib/acme/files-priime-dev";
         locations."/" = {
           root = "/var/lib/files.priime.dev";
           extraConfig = ''