fix certs

configuration.nix

@@ -18,6 +18,7 @@
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
   # Use the GRUB 2 boot loader.
   networking.usePredictableInterfaceNames = true;
+  nix.settings.trusted-users = [ "stuce" ];
   users.users.stuce = {
     isNormalUser = true;
     home = "/home/stuce";

nginx.nix

@@ -34,9 +34,12 @@ in {
     };
     virtualHosts."eink.${host}" = {
       forceSSL = true;
-      sslCertificateKey = "/etc/nginx/certs/ca.key";
-      sslCertificate = "/etc/nginx/certs/ca.crt";
-      extraConfig = "ssl_client_certificate /etc/nginx/certs/client.crt;";
+      # sslCertificateKey = "/etc/nginx/certs/ca.key";
+      # sslCertificate = "/etc/nginx/certs/ca.crt";
+      extraConfig = '''
+        ssl_client_certificate /etc/nginx/certs/client.crt;
+        ssl_verify_client on;
+          ''';
       locations."/" = {
         # TODO fastcgi to the script
         extraConfig = "return 200 'handshake worked !!!';";