From 1f605ad799a7eaf080dd762e594c607f050262a1 Mon Sep 17 00:00:00 2001
From: Mel <mel@rnrd.eu>
Date: Sun, 13 Jul 2025 15:41:08 +0200
Subject: Re-enable preliminary self-signed certificates

Signed-off-by: Mel <mel@rnrd.eu>
---
 modules/foundation/www/default.nix | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'modules/foundation/www')

diff --git a/modules/foundation/www/default.nix b/modules/foundation/www/default.nix
index 2e2b662..7a4ee01 100644
--- a/modules/foundation/www/default.nix
+++ b/modules/foundation/www/default.nix
@@ -75,8 +75,10 @@ in
 
     security.acme = {
       acceptTerms = true;
-      # causes issues with tailscale certificates
-      preliminarySelfsigned = false;
+      # this sometimes causes issues with tailnet certificates,
+      # but otherwise nginx does not want to launch with how i've configured it.
+      # TODO if tailscale cert generation is failing again, investigate.
+      preliminarySelfsigned = true;
       defaults = {
         email = "mel@rnrd.eu";
         # our certificates are really only used with Nginx
-- 
cgit 1.4.1