more stuff moved to options and some more consistency

modules/nginx/default.nix

@@ -3,32 +3,22 @@
   lib,
   ...
 }: let
-  inherit (config) conf;
   inherit (lib) mkIf;
+  inherit (lib.attrsets) genAttrs;
+  cfg = config.conf.nginx;
 in
-  mkIf conf.nginx.enable {
+  mkIf cfg.enable {
     security.acme = {
       acceptTerms = true;
-      defaults.email = "mira@chpu.eu";
-      certs = {
-        "twoneis.site" = {
-          group = "nginx";
-          domain = "twoneis.site";
-          extraDomainNames = ["*.twoneis.site"];
-          dnsProvider = "porkbun";
-          email = "mira@chpu.eu";
-          environmentFile = "/root/porkbun-creds";
-        };
-
-        "chpu.eu" = {
-          group = "nginx";
-          domain = "chpu.eu";
-          extraDomainNames = ["*.chpu.eu"];
-          dnsProvider = "porkbun";
-          email = "mira@chpu.eu";
-          environmentFile = "/root/porkbun-creds";
-        };
-      };
+      defaults.email = cfg.email;
+      certs = genAttrs cfg.domains (domain: {
+        group = "nginx";
+        domain = domain;
+        extraDomainNames = ["*.${domain}"];
+        dnsProvider = "porkbun";
+        email = cfg.email;
+        environmentFile = "/root/porkbun-creds";
+      });
     };
 
     users.users.nginx.extraGroups = ["acme"];
@@ -38,22 +28,14 @@ in
       recommendedProxySettings = true;
       recommendedOptimisation = true;
       recommendedTlsSettings = true;
-      virtualHosts = {
-        "chpu.eu" = {
-          serverName = "chpu.eu";
-          useACMEHost = "chpu.eu";
-          forceSSL = true;
-        };
-        "twoneis.site" = {
-          serverName = "twoneis.site";
-          useACMEHost = "twoneis.site";
-          forceSSL = true;
-        };
-      };
+      virtualHosts = genAttrs cfg.domains (domain: {
+        serverName = domain;
+        useACMEHost = domain;
+        forceSSL = true;
+      });
     };
 
     networking.firewall.allowedTCPPorts = [
-      80
       443
     ];
   }