{ pkgs, lib, config, ... }: { # SOPS secret for fueltide.io DNS credentials (separate Hetzner API token) sops.secrets.fueltide-lego-credentials = { }; # Override ACME credentials for fueltide.io domains # These use a separate Hetzner DNS API token from the global default security.acme.certs."app.fueltide.io" = { credentialsFile = config.sops.secrets.fueltide-lego-credentials.path; }; security.acme.certs."app.stage.fueltide.io" = { credentialsFile = config.sops.secrets.fueltide-lego-credentials.path; }; services.webstack.instances."fueltide.cloonar.dev" = { enablePhp = false; enableDefaultLocations = false; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv" ]; locations."/".extraConfig = '' index index.html; try_files $uri $uri/ /index.html; ''; locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = '' expires 365d; add_header Pragma "public"; add_header Cache-Control "public"; ''; }; services.webstack.instances."app.fueltide.io" = { enablePhp = false; enableDefaultLocations = false; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv" ]; locations."/".extraConfig = '' index index.html; try_files $uri $uri/ /index.html; ''; locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = '' expires 365d; add_header Pragma "public"; add_header Cache-Control "public"; ''; }; services.webstack.instances."app.stage.fueltide.io" = { enablePhp = false; enableDefaultLocations = false; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIILf3KpvY3sG/l5w4phV3qxOnahFpb7op/8y6i3oLWXv" ]; locations."/".extraConfig = '' index index.html; try_files $uri $uri/ /index.html; ''; locations."~* \.(js|jpg|gif|png|webp|avif|css|woff2)$".extraConfig = '' expires 365d; add_header Pragma "public"; add_header Cache-Control "public"; ''; }; }