From 53e2b9f6211fc801338685fc53ebad05da641449 Mon Sep 17 00:00:00 2001
From: Thomas Preisner <mail@tpreisner.de>
Date: Sat, 28 Dec 2024 16:49:48 +0100
Subject: [PATCH] mailsystem: nginx: Replace incorrect usage of lib.mkIf with
 lib.optionalAttrs

Evaluation of lib.mkIf and lib.optionalAttrs is slightly different. In
this specific case, the usage of lib.mkIf resulted in the defined
virtualHost never actually being applied due to an earlier error in the
evaluation order.
---
 mailsystem/nginx.nix | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/mailsystem/nginx.nix b/mailsystem/nginx.nix
index 03e8f26..c4f01a0 100644
--- a/mailsystem/nginx.nix
+++ b/mailsystem/nginx.nix
@@ -11,12 +11,15 @@ in {
     lib.mkIf cfg.enable {
       services.nginx = {
         enable = true;
-        virtualHosts."${cfg.fqdn}" = {
-          forceSSL = true;
-          enableACME = cfg.certificateScheme == "acme";
-          sslCertificate = lib.mkIf (cfg.certificateScheme == "selfsigned") sslCertPath;
-          sslCertificateKey = lib.mkIf (cfg.certificateScheme == "selfsigned") sslKeyPath;
-        };
+        virtualHosts."${cfg.fqdn}" =
+          {
+            forceSSL = true;
+            enableACME = cfg.certificateScheme == "acme";
+          }
+          // lib.optionalAttrs (cfg.certificateScheme == "selfsigned") {
+            sslCertificate = sslCertPath;
+            sslCertificateKey = sslKeyPath;
+          };
       };
 
       networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [80 443];