fuckings to nginx

Every variable is unwrapped at runtime and only accounted for in some
commands, which does not include ssl_certificate. Anyone who complains
about this is made fun of. Assholes.

README.md

@@ -6,3 +6,11 @@ packages. You may use them on your own servers, though your mileage my vary.
 Install the -nginx package (e.g. git.sr.ht-nginx) to pull in these files, then
 edit `/etc/nginx/domains.conf` (and `/etc/nginx/nginx.conf`, if necessary) to
 suit your particular installation.
+
+You should also write your own file, *-ssl.conf (e.g.
+`/etc/nginx/builds-ssl.conf`), which configures the SSL certificate, like so:
+
+    ssl_certificate /etc/ssl/uacme/builds.sr.ht/cert.pem;
+    ssl_certificate_key /etc/ssl/uacme/private/builds.sr.ht/key.pem;
+
+This is annoying. You can thank the nginx devs.

builds.sr.ht.conf

@@ -7,10 +7,9 @@ server {
 server {
 	include sourcehut.conf;
 	include port443.conf;
+	include builds-ssl.conf;
 	server_name $buildssrht;
 
-	ssl_certificate /etc/ssl/uacme/$buildssrht/cert.pem;
-	ssl_certificate_key /etc/ssl/uacme/private/$buildssrht/key.pem;
 	client_max_body_size 100M;
 
 	location / {

dispatch.sr.ht.conf

@@ -7,6 +7,7 @@ server {
 server {
 	include sourcehut.conf;
 	include port443.conf;
+	include dispatch-ssl.conf;
 	server_name $dispatchsrht;
 
 	ssl_certificate /etc/ssl/uacme/$dispatchsrht/cert.pem;

git.sr.ht.conf

@@ -7,10 +7,9 @@ server {
 server {
 	include sourcehut.conf;
 	include port443.conf;
+	include git-ssl.conf;
 	server_name $gitsrht;
 
-	ssl_certificate /etc/ssl/uacme/$gitsrht/cert.pem;
-	ssl_certificate_key /etc/ssl/uacme/private/$gitsrht/key.pem;
 	client_max_body_size 100M;
 
 	location / {

hg.sr.ht.conf

@@ -7,10 +7,9 @@ server {
 server {
 	include sourcehut.conf;
 	include port443.conf;
+	include hg-ssl.conf;
 	server_name $hgsrht;
 
-	ssl_certificate /etc/ssl/uacme/$hgsrht/cert.pem;
-	ssl_certificate_key /etc/ssl/uacme/private/$hgsrht/key.pem;
 	client_max_body_size 100M;
 
 	location / {

hub.sr.ht.conf

@@ -12,11 +12,9 @@ server {
 server {
 	include sourcehut.conf;
 	include port443.conf;
+	include hub-ssl.conf;
 	server_name $hubsrht;
 
-	ssl_certificate /etc/ssl/uacme/$hubsrht/cert.pem;
-	ssl_certificate_key /etc/ssl/uacme/private/$hubsrht/key.pem;
-
 	location / {
 		proxy_pass http://127.0.0.1:5014;
 		include web.conf;

lists.sr.ht.conf

@@ -7,11 +7,9 @@ server {
 server {
 	include sourcehut.conf;
 	include port443.conf;
+	include lists-ssl.conf;
 	server_name $listssrht;
 
-	ssl_certificate /etc/ssl/uacme/$listssrht/cert.pem;
-	ssl_certificate_key /etc/ssl/uacme/private/$listssrht/key.pem;
-
 	location / {
 		proxy_pass http://127.0.0.1:5006;
 		include web.conf;

man.sr.ht.conf

@@ -7,10 +7,9 @@ server {
 server {
 	include sourcehut.conf;
 	include port443.conf;
+	include man-ssl.conf;
 	server_name $mansrht;
 
-	ssl_certificate /etc/ssl/uacme/$mansrht/cert.pem;
-	ssl_certificate_key /etc/ssl/uacme/private/$mansrht/key.pem;
 	client_max_body_size 100M;
 
 	location / {

meta.sr.ht.conf

@@ -7,11 +7,9 @@ server {
 server {
 	include sourcehut.conf;
 	include port443.conf;
+	include meta-ssl.conf;
 	server_name $metasrht;
 
-	ssl_certificate /etc/ssl/uacme/$metasrht/cert.pem;
-	ssl_certificate_key /etc/ssl/uacme/private/$metasrht/key.pem;
-
 	location / {
 		proxy_pass http://127.0.0.1:5000;
 		include web.conf;

paste.sr.ht.conf

@@ -7,10 +7,9 @@ server {
 server {
 	include sourcehut.conf;
 	include port443.conf;
+	include paste-ssl.conf;
 	server_name $pastesrht pasta.sr.ht;
 
-	ssl_certificate /etc/ssl/uacme/$pastesrht/cert.pem;
-	ssl_certificate_key /etc/ssl/uacme/private/$pastesrht/key.pem;
 	client_max_body_size 10M;
 
 	location / {

todo.sr.ht.conf

@@ -7,10 +7,9 @@ server {
 server {
 	include sourcehut.conf;
 	include port443.conf;
+	include todo-ssl.conf;
 	server_name $todosrht;
 
-	ssl_certificate /etc/ssl/uacme/$todosrht/cert.pem;
-	ssl_certificate_key /etc/ssl/uacme/private/$todosrht/key.pem;
 	client_max_body_size 100M;
 
 	location / {