cert access to homepage

modules/servers/homepage.nix

@@ -7,7 +7,15 @@ in
   options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082;
   config = {
     networking.firewall.allowedTCPPorts = lib.mkIf (!cfg.isLocal) [ cfg.port ];
-    sops.secrets = lib.mkIf cfg.enable { homepage.sopsFile = ../../secrets/homepage.yaml; };
+    sops.secrets = lib.mkIf cfg.enable {
+      homepage.sopsFile = ../../secrets/homepage.yaml;
+      "private-ca/pem" = {
+        sopsFile = ../../secrets/certs.yaml;
+        owner = "nginx";
+        group = "nginx";
+      };
+    };
+    my.servers.homepage.certPath = config.sops.secrets."private-ca/pem".path;
     services = {
       homepage-dashboard = lib.mkIf cfg.enable {
         enable = true;
@@ -25,7 +33,7 @@ in
           |> builtins.filter (file: builtins.match ".*\\.nix" file != null)
           |> map (file: import ./homepage/bookmarks/${file});
       };
-      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReverse cfg);
+      nginx.virtualHosts."${cfg.host}" = lib.mkIf cfg.enableProxy (setup.proxyReversePrivate cfg);
     };
   };
 }