From f7ab0030360941df9d9c118c7fa1b408a6d1aac0 Mon Sep 17 00:00:00 2001
From: Stuce <lefabricesaucy@outlook.com>
Date: Thu, 13 Nov 2025 17:11:01 +0100
Subject: [PATCH] fix certs

---
 configuration.nix | 1 +
 nginx.nix         | 9 ++++++---
 2 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/configuration.nix b/configuration.nix
index 81d4079..ede61d8 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -18,6 +18,7 @@
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
   # Use the GRUB 2 boot loader.
   networking.usePredictableInterfaceNames = true;
+  nix.settings.trusted-users = [ "stuce" ];
   users.users.stuce = {
     isNormalUser = true;
     home = "/home/stuce";
diff --git a/nginx.nix b/nginx.nix
index dbed4d4..24121ab 100644
--- a/nginx.nix
+++ b/nginx.nix
@@ -34,9 +34,12 @@ in {
     };
     virtualHosts."eink.${host}" = {
       forceSSL = true;
-      sslCertificateKey = "/etc/nginx/certs/ca.key";
-      sslCertificate = "/etc/nginx/certs/ca.crt";
-      extraConfig = "ssl_client_certificate /etc/nginx/certs/client.crt;";
+      # sslCertificateKey = "/etc/nginx/certs/ca.key";
+      # sslCertificate = "/etc/nginx/certs/ca.crt";
+      extraConfig = '''
+        ssl_client_certificate /etc/nginx/certs/client.crt;
+        ssl_verify_client on;
+          ''';
       locations."/" = {
         # TODO fastcgi to the script
         extraConfig = "return 200 'handshake worked !!!';";