From c6c4d905ac33a2b6431979d4db5e79500d8e8a83 Mon Sep 17 00:00:00 2001
From: sid <sid@sid.ovh>
Date: Fri, 3 Apr 2026 14:39:57 +0200
Subject: [PATCH] remove tailnet ssl

---
 hosts/sid/services/nginx.nix | 24 ------------------------
 1 file changed, 24 deletions(-)

diff --git a/hosts/sid/services/nginx.nix b/hosts/sid/services/nginx.nix
index 74c1c64..d3aaba8 100644
--- a/hosts/sid/services/nginx.nix
+++ b/hosts/sid/services/nginx.nix
@@ -1,6 +1,5 @@
 {
   inputs,
-  config,
   constants,
   lib,
   ...
@@ -16,33 +15,10 @@ in
     inputs.synix.nixosModules.nginx
   ];
 
-  users.users.nginx.extraGroups = [ "tailscale" ];
-  systemd.services.nginx.serviceConfig = {
-    SupplementaryGroups = [ "tailscale" ];
-    Requires = [ "tailscaled.service" ];
-    After = [ "tailscaled.service" ];
-  };
-
-  systemd.services."generate-tailscale-certs-${constants.hosts.sid.domain}" = {
-    wantedBy = [ "multi-user.target" ];
-    before = [ "nginx.service" ];
-    after = [ "tailscaled.service" ];
-    serviceConfig = {
-      Type = "oneshot";
-      ExecStart = "${config.services.tailscale.package}/bin/tailscale cert ${constants.hosts.sid.domain}";
-      User = "root";
-    };
-  };
-
   services.nginx = {
     enable = true;
     openFirewall = true;
     forceSSL = ssl;
-    virtualHosts."${constants.hosts.sid.domain}" = {
-      sslCertificate = "/var/lib/tailscale/certs/${constants.hosts.sid.domain}.crt";
-      sslCertificateKey = "/var/lib/tailscale/certs/${constants.hosts.sid.domain}.key";
-      forceSSL = true;
-    };
     virtualHosts."${constants.services.docs.fqdn}" = mkVirtualHost {
       inherit ssl;
       address = constants.hosts.rx4.ip;
-- 
2.51.2