From d907cfdefe48a9b645c8302ddc45d2c469cb2bd2 Mon Sep 17 00:00:00 2001
From: Thomas Preisner <mail@tpreisner.de>
Date: Sat, 28 Dec 2024 16:49:48 +0100
Subject: [PATCH] mailsystem: nginx: Replace incorrect usage of lib.mkIf with
 lib.optionalAttrs

Evaluation of lib.mkIf and lib.optionalAttrs is slightly different. In
this specific case, the usage of lib.mkIf resulted in the defined
virtualHost never actually being applied due to an earlier error in the
evaluation order.
---
 mailsystem/nginx.nix | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/mailsystem/nginx.nix b/mailsystem/nginx.nix
index 03e8f26..c4f01a0 100644
--- a/mailsystem/nginx.nix
+++ b/mailsystem/nginx.nix
@@ -11,12 +11,15 @@ in {
     lib.mkIf cfg.enable {
       services.nginx = {
         enable = true;
-        virtualHosts."${cfg.fqdn}" = {
-          forceSSL = true;
-          enableACME = cfg.certificateScheme == "acme";
-          sslCertificate = lib.mkIf (cfg.certificateScheme == "selfsigned") sslCertPath;
-          sslCertificateKey = lib.mkIf (cfg.certificateScheme == "selfsigned") sslKeyPath;
-        };
+        virtualHosts."${cfg.fqdn}" =
+          {
+            forceSSL = true;
+            enableACME = cfg.certificateScheme == "acme";
+          }
+          // lib.optionalAttrs (cfg.certificateScheme == "selfsigned") {
+            sslCertificate = sslCertPath;
+            sslCertificateKey = sslKeyPath;
+          };
       };
 
       networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [80 443];