fix acme and jitsi stuff

modules/proxy.nix

@@ -35,10 +35,10 @@
         group = "nginx";
         keyType = "rsa4096";
       };
-      # "mumble.katzen.cafe" = {
-      #   group = "murmur";
-      #   keyType = "rsa4096";
-      # };
+      "mumble.katzen.cafe" = {
+        group = "murmur";
+        keyType = "rsa4096";
+      };
       "hc-vault.katzen.cafe" = {
         group = "nginx";
         keyType = "rsa4096";
@@ -57,6 +57,8 @@
       # };
     };
   };
+  
+  users.users.nginx.extraGroups = [ "acme" ];
   services.nginx = {
     enable = true;
     
@@ -68,6 +70,16 @@
     statusPage = true;
 
     virtualHosts = {
+      "_.katzen.cafe" = {
+        # Catchall vhost, will redirect users to HTTPS for all vhosts
+        serverAliases = [ "*.katzen.cafe" ];
+        locations."/.well-known/acme-challenge" = {
+          root = "/var/lib/acme/acme-challenge";
+        };
+        locations."/" = {
+          return = "301 https://$host$request_uri";
+        };
+      };      
       "grafana.katzen.cafe" = {
         forceSSL = true;
         enableACME = true;
@@ -102,7 +114,7 @@
         forceSSL = true;
         enableACME = true;
         locations."/" = {
-          proxyPass = "http://127.0.0.1:8080";
+          proxyPass = "http://127.0.0.3:8080";
               # proxy_set_header Host $host;
           extraConfig = ''
               proxy_buffers 4 256k;