change secrets, cleanup nginx

modules/secrets.nix

@@ -139,9 +139,14 @@ in {
   }];
 
   config.home-manager.users.alukard = {
-    xsession.windowManager.i3 = {
+    xsession.windowManager.i3 = lib.mkIf (!config.deviceSpecific.isServer) {
       config.startup = [{ command = "activate-secrets"; }];
     };
+    systemd.services.activate-secrets = lib.mkIf config.deviceSpecific.isServer {
+      script = "activate-secrets";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig.Type = "oneshot";
+    };
     programs.password-store = {
       enable = true;
       package = pkgs.pass-nodmenu;

profiles/servers/nginx.nix

@@ -1,23 +1,4 @@
-{ pkgs, config, lib, ... }:
+{ pkgs, config, lib, ... }: {
-let
-  # creds = pkgs.writeTextFile {
-  #   name = "cloudflare.env";
-  #   # text = builtins.readFile ./secret/acme-cf.env;
-  #   text = config.secrets."cloudflare.env".decrypted;
-  # };
-in {
-  # security.acme = {
-  #   email = "ataraxiadev@ataraxiadev.com";
-  #   acceptTerms = true;
-  #   certs."ataraxiadev.com" = {
-  #     group = "nginx";
-  #     email = "ataraxiadev@ataraxiadev.com";
-  #     dnsProvider = "cloudflare";
-  #     # credentialsFile = "${creds}";
-  #     credentialsFile = config.secrets."cloudflare.env".decrypted;
-  #     extraDomainNames = [ "*.ataraxiadev.com" ];
-  #   };
-  # };
   secrets."ataraxiadev.com.pem" = {
     owner = "nginx:nginx";
   };
@@ -86,7 +67,6 @@ in {
         default = true;
         locations."/" = {
           root = "/var/lib/ataraxiadev.com";
-          # index = "index.txt";
         };
         locations."/.well-known" = {
           proxyPass = "http://localhost:13748";