fix: fueltide hosting

hosts/web-arm/modules/nextcloud/default.nix

@@ -1,11 +1,5 @@
 { pkgs, config, ... }: 
 let
-  nextcloud30 = pkgs.nextcloud30.overrideAttrs (oldAttrs: {
-    src = pkgs.fetchurl {
-      url = "https://download.nextcloud.com/server/releases/nextcloud-30.0.2.tar.bz2";
-      sha256 = "sha256-kpu4BF6WIW/iKmXc1mJ55b17oauynZm/QB1CO2RqRF8=";
-    };
-  });
 in
 {
   sops.secrets.nextcloud-adminpass.owner = "nextcloud";

hosts/web-arm/sites/fueltide.io.nix

@@ -1,11 +1,21 @@
 { pkgs, lib, config, ... }:
-let
+{
-  domain = "fueltide.cloonar.dev";
+  # SOPS secret for fueltide.io DNS credentials (separate Hetzner API token)
-  dataDir = "/var/www/${domain}";
+  sops.secrets.fueltide-lego-credentials = { };
-in {
 
-  services.webstack.instances."${domain}" = {
+  # Override ACME credentials for fueltide.io domains
+  # These use a separate Hetzner DNS API token from the global default
+  security.acme.certs."app.fueltide.io" = {
+    credentialsFile = config.sops.secrets.fueltide-lego-credentials.path;
+  };
+
+  security.acme.certs."app.stage.fueltide.io" = {
+    credentialsFile = config.sops.secrets.fueltide-lego-credentials.path;
+  };
+
+  services.webstack.instances."fueltide.cloonar.dev" = {
     enablePhp = false;
+    enableDefaultLocations = false;
 
     authorizedKeys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv"
@@ -13,6 +23,47 @@ in {
 
     locations."/".extraConfig = ''
       index index.html;
+      try_files $uri $uri/ /index.html;
+    '';
+
+    locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = ''
+      expires 365d;
+      add_header Pragma "public";
+      add_header Cache-Control "public";
+    '';
+  };
+
+  services.webstack.instances."app.fueltide.io" = {
+    enablePhp = false;
+    enableDefaultLocations = false;
+
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv"
+    ];
+
+    locations."/".extraConfig = ''
+      index index.html;
+      try_files $uri $uri/ /index.html;
+    '';
+
+    locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = ''
+      expires 365d;
+      add_header Pragma "public";
+      add_header Cache-Control "public";
+    '';
+  };
+
+  services.webstack.instances."app.stage.fueltide.io" = {
+    enablePhp = false;
+    enableDefaultLocations = false;
+
+    authorizedKeys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv"
+    ];
+
+    locations."/".extraConfig = ''
+      index index.html;
+      try_files $uri $uri/ /index.html;
     '';
 
     locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = ''