Re-enable preliminary self-signed certificates

Signed-off-by: Mel <mel@rnrd.eu>
author: Mel <mel@rnrd.eu> 2025-07-13 15:41:08 +0200
committer: Mel <mel@rnrd.eu> 2025-07-13 15:41:08 +0200
commit: 1f605ad799a7eaf080dd762e594c607f050262a1 (patch)
tree: 4dd13f05b808c4437c7122220a2548e5f228b2b8
parent: 14c2a036ffe2aa2f4737de40a15806d9497f5c2a (diff)
download: network-1f605ad799a7eaf080dd762e594c607f050262a1.tar.zst
network-1f605ad799a7eaf080dd762e594c607f050262a1.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/modules/foundation/www/default.nix b/modules/foundation/www/default.nix
index 2e2b662..7a4ee01 100644
--- a/modules/foundation/www/default.nix
+++ b/modules/foundation/www/default.nix
@@ -75,8 +75,10 @@ in
 
     security.acme = {
       acceptTerms = true;
-      # causes issues with tailscale certificates
-      preliminarySelfsigned = false;
+      # this sometimes causes issues with tailnet certificates,
+      # but otherwise nginx does not want to launch with how i've configured it.
+      # TODO if tailscale cert generation is failing again, investigate.
+      preliminarySelfsigned = true;
       defaults = {
         email = "mel@rnrd.eu";
         # our certificates are really only used with Nginx
author	Mel <mel@rnrd.eu>	2025-07-13 15:41:08 +0200
committer	Mel <mel@rnrd.eu>	2025-07-13 15:41:08 +0200
commit	1f605ad799a7eaf080dd762e594c607f050262a1 (patch)
tree	4dd13f05b808c4437c7122220a2548e5f228b2b8
parent	14c2a036ffe2aa2f4737de40a15806d9497f5c2a (diff)
download	network-1f605ad799a7eaf080dd762e594c607f050262a1.tar.zst network-1f605ad799a7eaf080dd762e594c607f050262a1.zip