From fdf62860536faafd517d06560208831c54c53ac2 Mon Sep 17 00:00:00 2001
From: kurogeek <kurogeek@lmvhaus.com>
Date: Wed, 30 Jul 2025 16:06:03 +0700
Subject: [PATCH] mob next [ci-skip] [ci skip] [skip ci]

lastFile:machines/rigel/configuration.nix
---
 machines/rigel/configuration.nix      | 12 +++++++++++-
 machines/rigel/services/pocket-id.nix |  1 +
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/machines/rigel/configuration.nix b/machines/rigel/configuration.nix
index 60b7d9c..e252096 100644
--- a/machines/rigel/configuration.nix
+++ b/machines/rigel/configuration.nix
@@ -1,8 +1,18 @@
-{ inputs, ... }:
+{ config, inputs, ... }:
 {
   imports = [
     (inputs.import-tree ./services)
   ];
   system.stateVersion = "25.11";
   networking.fqdn = "rigel.local";
+  networking.firewall.allowedTCPPorts = [
+    22
+    80
+    443
+  ];
+  security.acme.defaults.email = "admin@b4l.co.th";
+  security.acme.acceptTerms = true;
+  services.nginx.virtualHosts."${config.networking.fqdn}" = {
+    enableACME = true;
+  };
 }
diff --git a/machines/rigel/services/pocket-id.nix b/machines/rigel/services/pocket-id.nix
index 0f02c2f..110444e 100644
--- a/machines/rigel/services/pocket-id.nix
+++ b/machines/rigel/services/pocket-id.nix
@@ -25,6 +25,7 @@ in
     };
   };
 
+  services.nginx.enable = true;
   services.nginx.virtualHosts."${pidDomain}" = {
     useACMEHost = "${config.networking.fqdn}";
     forceSSL = true;