chore(pages): cleanup module

machines/gustave/pages.nix

@@ -5,18 +5,6 @@
   ...
 }:
 {
-  options.services.nginx.virtualHosts = lib.mkOption {
-    type = lib.types.attrsOf (
-      lib.types.submodule {
-        config.extraConfig = ''
-          real_ip_header proxy_protocol;
-          set_real_ip_from 127.0.0.1;
-        '';
-      }
-    );
-  };
-
-  config = {
   age.secrets."pages-settings-file".file = ../../secrets/pages-settings-file.age;
 
   services.codeberg-pages = {
@@ -51,12 +39,17 @@
   };
 
   networking.firewall.allowedTCPPorts = [
-      80
-      443
     8447
   ];
 
-    services.nginx.defaultListen = [
+  luj.nginx.enable = true;
+  services.nginx = {
+    appendHttpConfig = ''
+      set_real_ip_from 127.0.0.1;
+      real_ip_header proxy_protocol;
+    '';
+
+    defaultListen = [
       {
         addr = "127.0.0.1";
         port = 8446;
@@ -69,21 +62,12 @@
       }
     ];
 
-    security.acme.acceptTerms = true;
-    security.acme.defaults.email = "julien@malka.sh";
-    luj.nginx.enable = lib.mkForce false;
-    services.nginx = {
-      enable = true;
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
     streamConfig = ''
       map $ssl_preread_server_name $sni_upstream {
         hostnames;
         default 0.0.0.0:8010;
       ${lib.concatMapStringsSep "\n" (vhost: "  ${vhost} 0.0.0.0:8446;") (
-          lib.attrNames config.services.nginx.virtualHosts
+        lib.filter (e: e != "default") (lib.attrNames config.services.nginx.virtualHosts)
       )}
       }
 
@@ -104,5 +88,4 @@
     defaultSSLListenPort = 8446;
 
   };
-  };
 }